Following iPay88’s announcement of a cybersecurity incident that took place in May, Bank Negara Malaysia (BNM) has instructed banks to immediately notify cardholders of additional protective measures that will be taken to further protect them against risks of fraud or unauthorised transactions. It added that it takes a serious view of any incident that can affect confidence in the payment system and will not hesitate to take necessary supervisory or enforcement action to ensure strong security controls are in place by the financial institutions and to ensure that customers are treated fairly.
According to BNM’s statement released today, forensic investigations on iPay88, a payment gateway platform, are still ongoing. It said the breach is confined to iPay88’s payment card system and does not involve vulnerabilities in the bank’s system. BNM assures that the country’s payment system remains safe and secure as financial institutions in Malaysia deploy strong authentication methods for online transactions which require additional confirmation for certain transactions that are considered high risk. Typically, when you make payments online, you will need to verify with an OTP via Visa’s 3D Secure or Mastercard’s SecureCode.
However, there are non-authenticated transactions which typically involve merchants based overseas. For such transactions that don’t use extra verification, the cardholders are not liable for any fraudulent or unauthorised transaction that may arise from the incident.
BNM is urging the public to check for any irregular or unauthorised transactions on their cards. If you have any issues or complaints about your bank, you can reach out to BNMTELELINK at 1-300-88-5465 or fill up a web form.
iPay88’s statement was issued more than two months after the supposed data breach and it claims to have contained the problem with no further suspicious activity detected since 20th July 2022. iPay88 added that they have implemented various new measures and controls to strengthen the system’s security against any further incidents. However, they didn’t share how many customers are affected and what type of customer data is affected.
If your payment card details are compromised, it is advisable to cancel the card and get it replaced with a new card number, expiration date and CVV. To prevent exposure of your credit or debit card details, using a prepaid card for online transactions can be a better alternative. Not only do you have better control over how much you spend, but you can also create virtual card numbers for online transactions only. In the event an online platform is compromised, you can easily freeze or remove the virtual card number without changing your physical card.
Another alternative is to pay using third-party platforms such as FPX, eWallet, PayPal, Google Pay or Apple Pay. With this method, you do not need to share your card details, minimising the risk if there’s a data breach.
[ SOURCE ]