PETALING JAYA: Bank Negara Malaysia (BNM) has quashed fears that PayWave-enabled cards are vulnerable to fraud.
It said Malaysia used the strictest authentication methods available, denying that a card could be misused with only the cardholder’s personal information.
According to a report in Sin Chew Daily, BNM said “contactless cards” in Malaysia, including debit, credit and ATM cards were installed with chips that used advanced encryption methods, making them almost impossible to be cloned.
The assurance came after a videoclip surfaced claiming to show that fraudsters are able to “lift” a cardholder’s personal information from a PayWave-enabled card via radio frequency identification technology, as reported by the daily.
BNM, in its reply to the newspaper, pointed out that online card fraud was being prevented with two-factor authentication process, which Malaysia had adopted.
It requires a cardholder to possess the card as well as a transaction authorisation code (TAC) before any online transaction can be made.
“For a transaction to complete, cardholders would need to enter a TAC that will be sent to their mobile phones,” Bank Negara said.
Operators of online shopping websites would have to bear the cost if a card was misused and transactions were completed without going through the two-factor authentication process, said the central bank.
It urged cardholders to protect their personal identification number (PIN) and to notify their respective banks immediately in the event the card is lost.
Fears of data theft was raised by National Union of Bank Employees president Michael Tan who said BNM and banks had yet to give the public full confidence in making the switch to PayWave-enabled cards.
He said though there were no reports of data theft at present, he believed cyber crooks would take advantage of cardholders once the system was fully implemented next year.
BNM is encouraging cardholders to migrate from the signature-based system to the much safer six-digit verification system by Dec 31 this year. All signature-based cards will stop working by July 1, 2017.
Earlier, The Star reported that about 39 million – eight million credit and 31 million co-badged debit cards in Malaysia – are expected to be replaced by the December deadline.