iPay88 asked to raise cybersecurity standards


PETALING JAYA: Amid rising cases of online financial scams, Bank Negara has ordered a key service provider to raise its cybersecurity standards.

The central bank instructed iPay88 (M) Sdn Bhd to strengthen its cyber security controls and information technology (IT) infrastructure after an independent forensic investigation.

This comes just 11 days after Bank Negara told banks to up their security standards and cease using SMS one-time passwords (OTPs) in the authentication process for online banking.

iPay 88 is a provider of payment gateway services to banks and merchants in the country. It offers comprehensive online payment options such as credit or debit cards, bank transfers and other alternative online payments.

The company uses a redirect approach for its payment process, in which it redirects its customers from the merchant’s web to its web page for them to make payment.

Upon completion of the payment, customers will then be returned to the merchant’s web.

Unfortunately, on Aug 11, iPay88 issued a statement and expressed regret that there was a cybersecurity incident where card data may have been potentially compromised.

Upon discovery of the issue, iPay88 immediately initiated an investigation and brought in cybersecurity experts to contain the issue.

The containment process was successfully completed and no further suspicious activity has been detected since July 20, according to iPay88.

Bank Negara’s order this week is to ensure that similar incidents do not recur and to safeguard against future threats.

The central bank stated it will continue to closely monitor iPay88’s implementation of these measures and where appropriate, undertake further supervisory or enforcement action.

It also directed banks and card issuers to maintain heightened vigilance over card activities that may be at risk.

Following the engagement of an independent team of cybersecurity experts to carry out a full forensic audit of its systems and payment environment, iPay88 stated the cybersecurity incident was the product of a sophisticated intrusion by an unidentified party or parties.

The intrusion specifically targeted card data from online transactions.

“There was no impact on transactions made through the Android terminals, e-Wallet QR payments, online banking, BNPL, vending machines, point of sale or POS and batch card payment,” iPay88 said in a follow-up statement with regard to the earlier mentioned cybersecurity breach.

The group acknowledged that it has to bear the burden and responsibility to protect card information.

“We respectfully apologise to the Malaysian public, our business partners, and merchants for this incident,” it said.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Business News

Ralph Lauren sells a dream
The high cost of policy flip-flops
IPI and the data centre effect
FMCG market charts new growth path
Hailstorm over rides
ETFs: Tip of the leverage iceberg
Steering through regulatory waters
Health at a premium
Clearer skies for S-REITs
A time to stay selective

Others Also Read