PETALING JAYA: Credit card fraud amounted to RM29.4mil last year, with unauthorised Internet transactions being the most prevalent type of scam, according to Bank Negara.

However, in 88% of the cases, cardholders and issuers did not suffer any financial loss, an official told Sunday Star.

The losses were absorbed by foreign acquirers that failed to implement a strong authentication method, she said. (An acquirer is a financial institution that enters into an agreement with merchants to facilitate acceptance of payment cards and then settles the transaction with the credit card issuer directly or via payment schemes such as VISA or Mastercard.)

To enhance the security of online transactions, Malaysia requires cardholders to enter an OTP (one-time password) to authorise each payment, the official said.

“Transactions conducted without entering the OTP can be reversed,” she said, advising cardholders not to disclose their credit card details, PIN (personal identification number) and OTP, for online transactions.

“Check monthly statements. Any discrepancies should be reported without delay.

“Lost credit card and PIN or OTP that you suspect has been compromised must be reported to the issuing bank immediately,” the official said.

She also urged users to install and regularly update effective anti-virus software to protect devices used for online transactions.

Association of Banks Malaysia executive director Chuah Mei Lin said credit card holders must keep abreast with the latest modus operandi of fraudsters by checking alerts on www.abm.org.my.

“Regulators and banks will never ask individuals for their personal information over the telephone,” she said.

On Oct 7, ABM and the National Cards Group launched an awareness campaign to educate consumers and increase their confidence in cashless transactions.

“The two-month campaign outlined CARD – four simple steps to safeguard your online transactions,” Chuah said.

CARD is the acronym for Confirm the confidentiality of data shared, Authenticate the website used, Re-verify the transaction, and Detect potential fraud by contacting the bank.

Global online payment solutions provider PayPal regularly scans its system for unusual activity to stop fraudulent transactions before they affect the users.

A spokesman said unauthorised transactions occur when a customer has been spoofed or phished (tricked into revealing personal information such as PayPal user names and passwords).

“Security is of the utmost importance for PayPal.

“(Our) users are authenticated using hundreds of independent factors including IP (Internet Protocol) addresses, devices, transactions and behaviour patterns and network information to evaluate every transaction,” she said.

“In the event that an unauthorised transaction takes place, PayPal will provide a full refund to the customer if the person logs in to his or her PayPal account and makes a report within 60 days of the transaction appearing in the account history statement.”