Before the Raya holidays, Zahid Baharudin posted a video alleging that his wife lost money from her bank account which was said to be linked to Touch ‘n Go eWallet. The original video posted on TikTok had garnered over 1.7 million views at the time of writing.
Zahid alleged wife’s TNG eWallet account was hacked
Shortly after the video was posted, TNG eWallet reached out to Zahid and his wife and launched an investigation into the matter. On 4th April, the company issued an official statement to share their findings.
TNG eWallet refutes allegations, insists eWallet transactions were authorised
According to TNG eWallet, the suspicious transactions occurred throughout one and a half months which is inconsistent with the common fraud pattern. In addition, the eWallet provider highlighted several points to counter the alleged claims that Zahid’s wife’s TNG eWallet account was hacked.
In the original video, Zahid said his wife had lost money from her bank account through TNG eWallet. He also told viewers not to link their bank accounts to TNG eWallet.
Countering the allegation, TNG eWallet said the transfers to her TNG eWallet were made from other bank account(s) which will require mandatory in-app secure verification set by the bank. They iterated that the linked debit card did not contribute to the reported unauthorised transactions in any way.
In addition, TNG eWallet emphasised that they have strong evidence to prove that the reported unauthorised transactions were performed on her phone and with proper authentication. It added that they will continue to go through all evidence thoroughly before taking potential legal actions. TNG eWallet said its main aim is to sort out the issue fairly and carefully.
Zahid disagrees with TNG eWallet’s statement
A few days after that, Zahid posted additional videos in a 4 part series to follow up on the situation. He said he disagreed with TNG eWallet’s statement that the transactions were authorised on her wife’s phone. In the video, he also said that he was requested to post a video thanking TNG eWallet but he refused to do so as his case wasn’t resolved. He also alleged that if he doesn’t post the video, legal action will be taken against him.
Zahid also disagrees that his wife had authorised the transactions saying that they don’t recognise the name of the merchants for the disputed transactions. He claimed that his wife would have used her bank accounts for these form of transactions instead of going through the eWallet.
He also refuted media reports claiming that his wife lost RM4,250. He explained the RM4,250 amount was only for the first disputed transaction and there were more disputed transactions in the previous months. So in total, the amount lost “was over RM10,000”.
TNG eWallet is taking legal action after exhausting all aevenues
Following the latest videos, TNG eWallet has issued a new statement to provide an update on Zahid’s case. It reiterated that all transactions were indeed properly authorised and they met the following criteria:
- Transactions were completed using a PIN
- Transactions were conducted on the user’s phone, which is binded to the TNG eWallet account as a unique device
- Transactions took place at the place of residence
TNG eWallet added that the transactions made through QR scanning were required to be conducted with the linked device and the timestamps of these transactions aligned with the app’s active time on the device, which validated their authenticity.
TNG eWallet said it is crucial to emphasise that in this matter, there is an absence of fraudulent activity on the eWallet, clearing TNG eWallet from any wrongdoing. It also emphasised that while they are committed to transparency, they were also bound by privacy regulations like the Secrecy Act, which prevents them from disclosing further extensive details. The eWallet provider still assures that they have strong evidence indicating that these transactions were properly authorised.
The company said they have requested Zahid and his wife to update their followers on the investigation status as they have exhausted all avenues of assistance from their end. However, it said that Zahid and his wife are persisted in damaging their reputation by making defamatory statements that TNG eWallet is unsafe and wrongly portrayed their effects to update the public as shifting blame to the bank involved.
TNG eWallet also said they have been left with no alternative but to take legal action including filing a police report and issuing a Cease and Desist letter to Zahid and his wife, accompanied by a detailed transaction log for clarity. It said that despite offering them another opportunity to publicly clarify, they have not done so, and they are now letting legal proceedings take their course.
TNG eWallet says they are fully committed to upholding the integrity of their security and company and they will take whatever action is necessary to protect its community.
TNG eWallet’s security measures
TNG eWallet is the first eWallet to implement Bank Negara Malaysia’s safety and security measures in March 2023. Besides moving away from SMS OTP to a more secure TapSecure method, TNG eWallet has also implemented a cooling-off period if an account is accessed from a new device. These measures are designed to prevent “hackers” from using your account if they try to log in on a new device. This makes it impossible to have two phones logged in to the same eWallet account at the same time.
Assuming a device is stolen, the “hacker” must be able to unlock the device (using PIN or biometric security) and know the correct 6-digit PIN to authorise a transaction to complete a transaction which requires scanning a merchant’s QR code. In this specific case, it isn’t just a one-off transaction but multiple transactions performed throughout one and a half months. If a transaction involves a reload from another bank account before a payment is made, typically the user will get at least two notifications – one from the Bank for the reload and another from the eWallet for each successful transaction.
[ SOURCE ]