PETALING JAYA: The Touch ‘n Go Group, through its e-wallet services provider TNG Digital Sdn Bhd, has implemented all of Bank Negara’s mandatory safety and security measures four months ahead of the designated deadline.

In a statement yesterday, TNG Digital chief executive officer Alan Ni said the group’s e-wallet services (Touch ‘n Go eWallet) had successfully implemented all five of the mandatory measures to combat scams.

He emphasised that the measures had been implemented ahead of banks and other eWallets in Malaysia.

“At Touch ‘n Go eWallet, our growing users are our largest asset. With the continuous rise of financial scams and security breaches involving eWallet and bank transactions, keeping our users’ online accounts safe and secure has become our primary concern.

“In order to strengthen our existing safety and security functions and to help protect our users from fraudulent activities, we have voluntarily committed ourselves to fully implementing all five safety and security measures into our ecosystem.”

Ni noted that the group had announced its commitment to implement the safety measures in November last year, with a target of executing the implementation by the first quarter of this year.

“We are pleased to announce that we have successfully implemented these measures within our set timeframe and ahead of the June 2023 deadline,” he said.

According to Ni, the first of the five key measures are the migration from using a SMS one-time password to a more secure authentication method.

“Touch ‘n Go eWallet has implemented face verification as a method of authentication when users login to their eWallet app, change their eWallet PIN, perform transactions or make payments with the eWallet, and perform reloads to their eWallet.”

He said the second measure is the tightening of fraud detection rules and triggers for the blocking of suspicious transactions.

“Transactions of a certain threshold or any abnormal activity and suspicious behaviour observed on a user’s account will be limited or blocked. An email alert will be sent to the users should their transactions go over the set limit.”

Thirdly, Ni said the authentication of electronic banking transactions is now restricted to one mobile device or secure device per account holder.

“Touch ‘n Go eWallet has introduced TapSecure as a mandatory one-tap approval function to authenticate users’ transactions.

“The TapSecure approval ensures that only a user’s linked device can be used for the approval of transactions within the user’s eWallet account.”

Also in place is a verification and cooling-off period for first-time enrolment of services, secure device, or profile documents with a risk-based approach, said Ni.

“Essentially, a cooling-off period means that when users log in to their Touch ‘n Go eWallet from a new device with a less secure authentication method, it will trigger a set of risk-based conditions where the user will be limited to a certain amount for top-ups or payments up to 48 hours.

“Any top-up or payments above the limit will be automatically rejected.”

Touch ‘n Go eWallet has also established a dedicated customer service channel or hotline for incident reports and suspicions of scams and fraud.