Malaysia's central bank probes potential iPay88 data breach

Malaysia's central bank probes potential iPay88 data breach
Image credit: BNM

Says bank systems "remain secure".

By on

Malaysia's central bank, Bank Negara Malaysia, (BNM) said the nation's payment systems remain secure despite a potential data breach announced by payment gateway service provider iPay88 (M) Sdn. Bhd.

iPay said in a statement that incident was detected in late May, and an investigation was "immediately initiated".

The gateway provider said that the incident had been contained "successfully" and that "no further suspicious activity has been detected since July 20 2022."

An investigation is "currently ongoing" and iPay88 said it is "working closely with the authorities and relevant parties on this matter."

"All financial institution partners have been informed and kept up to date," it said.

"We will continue to monitor the situation closely and ensure the safety of the cardholder data.

"To ensure the continued safety of the card data, we have implemented various new measures and controls to strengthen the system’s security against any further incidents."

Bank Negara Malaysia (BNM) confirmed in a statement of its own that the breach "originated from and is confined to iPay88's payment card systems and does not involve vulnerabilities" in systems directly run by the country's banks.

"Financial institutions in Malaysia also observe strong authentication methods for online card transactions, including prompting cardholders for additional confirmation of certain transactions considered to be more risky. This reduces the risk of fraudulent transactions occurring," BNM said.

"For non-authenticated transactions, particularly purchases from overseas merchants, customers will not be liable for any fraudulent or unauthorised transactions that may arise from this incident."

BNM said that it had instructed banks "to immediately notify affected cardholders of additional protective measures that will be taken to further protect them against risks of fraudulent or unauthorised transactions."

"Banks have also heightened their fraud risk management and monitoring of suspicious or fraudulent activities for affected cards," it said.

BNM added that it "takes a serious view of any incident that can affect confidence in the payment system, and will not hesitate to take necessary supervisory or enforcement actions to ensure strong security controls are in place and maintained by financial institutions, and customers are treated fairly."

BNM said forensic investigations are still ongoing.

Additional reporting by iTnews Asia.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.

Most Read Articles