Categories: Digital LifeNews

TNG eWallet thinks a mandatory One Time Password is unnecessary

Touch ‘n Go Digital has responded to our enquiries regarding a recent eWallet issue. Last Friday, a Touch ‘n Go eWallet user’s account was compromised and unauthorised reloads amounting to RM3,000 were made via her saved debit card.

According to TNG Digital, there was no compromise of any Touch ‘n Go eWallet system or technology and they maintain the highest standards of technology and security on its payment platform. After conducting their own investigations, they have discovered that the recent issue is a case of a phishing scam. Since the user has a verified eWallet account, Touch ‘n Go will provide full compensation under its Money-back guarantee policy.

The eWallet provider shared that the victims have so far revealed that they may have inadvertently given away their 6-digit PIN to strangers and many victims have admitted to using easily guessable 6-digit PINs. To keep its user accounts secure, TNG is now actively educating their customers to protect their 6-digit PIN and to change them if they are easily guessable.

As mentioned in our previous post, Touch ‘n Go eWallet does not require a One Time Password (OTP) for new logins on a different device. From our own testing, an OTP is required only after we tried logging in to our eWallet across different smartphones multiple times.

According to Touch ‘n Go Digital, there’s no request for OTP or two-factor authentication as users can transact as normal once they have logged in with their 6-digit PIN. For the recent incident, they added that it didn’t trigger an alert because the “suspicious activity” was not regarded as suspicious because the perpetrator had the user’s 6-digit PIN from the initial phishing attack. Upon successful login, he/she could transact as normal and according to TNG, this is the “usual customer experience”

TNG has also mentioned that they are reviewing their security protocols at the current stage. They emphasised that customers themselves play a big part in maintaining the security of their accounts as 91% of cyberattacks starts from phishing.

Although customers are responsible for keeping their account safe and secure, we still believe that there’s room for improvement by TNG Digital to prevent similar incidents from reoccurring. Yesterday, we’ve highlighted 4 key things that can be implemented to deter unauthorised access. A mandatory OTP for every new login on a new device would have made it harder for perpetrators from gaining access. Using a different password apart from the 6-digit PIN would also add an additional security layer. On top of that, the implementation of a fingerprint or facial recognition feature would also reduce the exposure of the 6-digit PIN.

Related reading

Recent Posts

Denza Z9 GT now in Malaysia for RM359k: Luxury sports EV with 600km of range

Denza Z9 GT is now officially in Malaysia after it was first demonstrated here over…

7 hours ago

Huawei MatePad Air 2026 with 144Hz PaperMatte OLED screen, six speakers previewed in Malaysia: Here’s what we know

Aside from launching the Huawei Pura 90s series, Huawei Malaysia also unveiled the MatePad Air…

11 hours ago

Gentari drops DC fast charging prices at select locations across Peninsular Malaysia

Gentari has announced a price cut for selected DC chargers across Peninsular Malaysia. EV owners…

13 hours ago

Gentari’s Ayer Hitam EV Charging Hub now upgraded with 7 DC Charge Points

Petronas Bandar Baru Ayer Hitam is one of the most popular EV charging hubs for…

21 hours ago

Proton Saga Cross AMA02 spotted undergoing testing at Federal Highway

We spotted a camouflaged car at Federal Highway earlier today that might be the new…

1 day ago

Huawei Pura 90s series arrives in Malaysia from RM3,699. Pro Max version gets a 200MP telephoto camera

Huawei has officially launched the Pura 90s series in Malaysia, its latest flagship camera phones…

1 day ago

This website uses cookies.