iPay88 data breach: BNM reassures vulnerabilities in banks’ systems not involved

The Malaysian economy registers a negative growth of 17.1 per cent in the second quarter of 2020.

KUCHING, Aug 12: Bank Negara Malaysia (BNM) has reassured that the recently reported cybersecurity breach in card data by iPay88, a company providing payment gateway services to banks and merchants, does not involve vulnerabilities in the banks’ payment systems.

While forensic investigations are still ongoing, BNM said the reported breach originated from and is confined only to iPay88’s payment card systems.

“Financial institutions in Malaysia also observe strong authentication methods for online card transactions, including prompting cardholders for additional confirmation of certain transactions considered to be riskier.

“This reduces the risk of fraudulent transactions occurring. In addition, for non-authenticated transactions, particularly purchases from overseas merchants, customers will not be liable for any fraudulent or unauthorised transactions that may arise from this incident,” it said.

In light of the reported breach, BNM said it had instructed banks to immediately notify affected cardholders of additional protective measures that will be taken to protect their cards further.

Banks have also heightened their fraud risk management and monitoring of suspicious or fraudulent activities for affected cards.

“BNM takes a serious view of any incident that can affect confidence in the payment system and will not hesitate to take necessary supervisory or enforcement actions to ensure strong security controls are in place and maintained by financial institutions, and customers are treated fairly.

“Customers are advised to immediately notify their banks if they observe any irregular or unauthorised transactions on their cards,” said BNM in a statement today.

For further enquiries or complaints, members of the public can contact BNMTELELINK at 1-300-88-5465 or to submit via https://telelink.bnm.gov.my/. — DayakDaily