In November last year, Touch ‘n Go eWallet (TnG eWallet) revealed its commitment to implement five measures issued by Bank Negara Malaysia (BNM) to combat financial fraud in the country. Today, the company announced that it has successfully implemented all mandatory security measures.
This is important not only because of compliance, but also because of the sheer volume of transactions that take place on the platform. According to TNG Digital CEO Alan Ni, as of March this year, the number of TnG eWallet users has exceeded 19 million, and the daily transaction volume has reached about 160 million. The platform processes about RM3 billion total payment volume (TPV) per month.
TnG eWallet has completed the implementation of these measures a few months ahead of the June 2023 deadline set by Bank Negara, ahead of banks and other e-wallets in the country. “At Touch ‘n Go eWallet, our growing user base is our greatest asset. With financial scams and security breaches involving e-wallets and banking transactions on the rise, ensuring the security of our users’ online accounts has become our number one concern ,” Ni said.
“To enhance our existing security features and help protect our users from fraudulent activity, we have voluntarily committed to fully implementing all five security features across our ecosystem,” he added.
One of the key measures is to move away from using SMS one-time passwords (OTP) to more secure authentication methods. Now use facial recognition for biometric authentication when logging into the Wallet app, changing your PIN, performing transactions or making payments.
The use of facial recognition is more secure as it allows the TnG e-wallet to be cross-referenced with the data on the server provided by the user during registration. This reduces the risk of unauthorized logins, which can occur through phishing or fraudulent links using the OTP method.
Another measure is to block suspicious transactions by strengthening fraud detection rules and triggers. With this, transactions of a certain threshold or any unusual activity observed on a user account will be throttled or blocked and an email alert will be sent to the user.
Third, authentication of electronic banking transactions is now limited to one mobile device or security device per account holder. To this end a mandatory one-click approval feature – TapSecure – is introduced for approving user transactions so only linked devices can be used for e-wallet related transactions.
Relatedly, the company has also implemented verification and cooling-off periods for first-time sign-ups to the service, security devices, or profiles with a risk-based approach. When a user logs into their TnG e-Wallet from a new device using a less secure authentication method, a set of risk-based conditions are triggered that limit top-ups or payments to a specific amount within 48 hours – amounts over these limits will be blocked. Automatically declined.
The purpose of the cooling-off period is to prevent the possibility of a “hijacked” device performing certain transactions, such as transferring large sums of money to a fraudster’s account. You can still use e-wallets for less risky transactions like paying for tolls and parking. For transactions over a certain amount, verification will be done by facial recognition.
Finally, TnG eWallet has set up a dedicated customer service channel and hotline for users to report suspected scams and fraudulent activities. TnG eWallet is the first e-wallet provider for the National Scan Response Center established by the Malaysian government in Sasang Kijang. This can be accessed by calling +603 5022 3888 and selecting option ‘4’ to make a report.