TnG eWallet has joined BNM scam response team

KUALA LUMPUR, 6 March 2023:

Touch ‘n Go is the first eWallet to be a part of the National Scam Response Centre based at Sasana Kijang, under the auspices of Bank Negara Malaysia (BNM).

Alan Ni, chief executive officer of TNG Digital Sdn Bhd, today said Touch ‘n Go eWallet has established a dedicated customer service channel or hotline for incident reports and suspicions of scams and fraud.

A consumer hotline manned by a dedicated fraud operations team has been set up specifically to attend to fraud or scam cases or queries. Users can contact the hotline number at +603 5022 3888 and select “4” for “Fraud” to make a report, he explained.

This initiative is part of its success in implementing all five mandatory safety and security measures imposed by BNM as “we have voluntarily committed ourselves,” said Ni.

“We announced our commitment in November 2022, with the aim of implementing the five key safety and security measures by the first quarter of 2023. Today we are pleased to announce that we have successfully implemented these measures within our set timeframe, and ahead of the June 2023 deadline.”

The first of the five key measures are the migration from using a SMS one-time password (OTP) to a more secure authentication method. Touch ‘n Go eWallet has implemented face verification as a method of authentication when users login to their eWallet app, change their eWallet PIN, perform transactions or make payments with the eWallet, and perform reloads to their eWallet.

The second measure is the tightening of fraud detection rules and triggers for the blocking of suspicious transactions. Transactions of a certain threshold or any abnormal activity and suspicious behaviour observed on a user’s account will be limited or blocked. An email alert will be sent to the users should their transactions go over the set limit.

Thirdly, the authentication of electronic banking transactions is now restricted to one mobile device or secure device per account holder. Touch ‘n Go eWallet has introduced TapSecure as a mandatory one-tap approval function to authenticate users’ transactions. The TapSecure approval ensures that only a user’s linked device can be used for the approval of transactions within the user’s eWallet account.

Also, in place is a verification and cooling-off period for first-time enrolment of services, secure device, or profile documents with a risk-based approach. Essentially, a cooling-off period means that when users log in to their Touch ‘n Go eWallet from a new device with a less secure authentication method, it will trigger a set of risk-based conditions where the user will be limited to a certain amount for top-ups or payments up to 48 hours. Any top-up or payments above the limit will be automatically rejected.