After having announced their intentions back in November of last year, Touch ‘n Go eWallet now states that they’ve successfully implemented five new safety and security measures as mandated by Bank Negara Malaysia. According to Touch ‘n Go eWallet, they’re now the first and so far only eWallet in Malaysia to meet BNM’s security requirements, four months ahead of the June 2023 deadline set by BNM.
According to Touch ‘n Go eWallet, the first of these five new measures is the migration away from using SMS one time passwords (OTP) to more secure authentication methods. For starters, they’ve implemented face verification as a method of authentication when Touch ‘n Go eWallet users log into their eWallet app, change their eWallet PIN, perform transactions or make payments with their eWallet as well as when they reload into their eWallet account. We first spotted the eWallet using Face ID on iPhones last month, but at the time it wasn’t used for payment authorisation yet.
Furthermore, Touch ‘n Go eWallet says that they’ve tightened their fraud detection rules and triggers for the blocking of suspicious transactions. In particular, whenever there are transactions over a certain threshold or if there’s any suspicious and abnormal activity detected, activity on the user’s account will be limited and blocked. Touch ‘n Go will also send an email alert to users when their transactions go over the set limit.
Touch ‘n Go eWallet is also restricting the authentication of electronic banking transactions to just one mobile device or secure device per account holder. This is on top of their TapSecure feature that they’re introducing as a mandatory one-tap approval function to authenticate user transactions. Touch ‘n Go eWallet believes this will ensure only a user’s linked device can be used for approval of transactions involving the user’s eWallet accounts.
Additionally, there’s now a verification and cooling-off period in place for the first time enrolment of services, secure device, or profile documents. This cooling-off period will last for 48 hours, and triggers whenever a user logs into their Touch ‘n Go eWallet account from a new device with a less secure authentication method. The user will thus be limited to a certain amount for top-ups and payments during this 48 hour period, with any top-up or payment above the set limit being automatically rejected. However, they do say that they won’t block payments for toll and parking during this cooling-off period.
Lastly, Touch ‘n Go eWallet is establishing a dedicated customer service channel hotline for users to report suspicious incidents and/or cases of scams and fraud. This makes them the first eWallet to be part of the National Scam Response Centre based in Sasana Kijang, with the customer hotline manned by a dedicated fraud operations team set up by Touch ‘n Go eWallet just to handle fraud, scam cases and queries.
You’ll be able to reach Touch ‘n Go eWallet’s scam hotline at +60350223888 and select ‘4’ for ‘fraud’ to make a report with the platform. Alternatively, you can also call the National Scam Response Centre at 997, especially if your case involves multiple financial institutions.
“At Touch ‘n Go eWallet, our growing users are our largest asset. With the continuous rise of financial scams and security breaches involving eWallet and bank transactions, keeping our users’ online accounts safe and secure has become our primary concern.
In order to strengthen our existing safety and security functions and to help protext our users from fraudulent activities, we have voluntarily committed ourselves to fully implementing all 5 safety and security measures into our ecosystem,” – Alan Ni, TNG Digital Sdn Bhd Chief Executive Officer
Bank Negara Malaysia had originally instructed financial institutions to end the practice of SMS one time passwords back in September of last year, and to instead switch to more secure forms of authentication. BNM also called for financial institutions to immediately alert customers when suspicious activities involving their accounts are detected, and to block these transactions until confirmation from the customer involved.
On top of that, BNM wanted financial institutions to restrict customers from having multiple devices that are authorised for online banking transactions. Customers will also be restricted with a cooling-off period when they first enrol a device for use with online banking services. Lastly, BNM also called for financial institutions to set up dedicated hotlines for customers to report whenever they suspect they’ve been scammed. This comes as BNM called for these financial institutions to take more responsibility and to be more responsive to scam reports by customers.