Secure the pump, stop the leaks

By DIVYA THERESA RAVI

PETALING JAYA: Experts are calling for a strong MyKad ­verification process to prevent possible misuse when purchasing subsidised RON95.

They said while safeguards are enhanced, the implementation of Budi Madani RON95 (Budi95) should go ahead as planned.

Cybersecurity specialist Fong Choong Fook said that the MyKad system is relatively secure, but it’s not without vulnerabilities.

“To prevent abuses like cloning, the misuse of lost or stolen cards or ‘gaming’ the quota, the government and petrol station operators should ensure every pump or payment point that offers ­subsidised RON95 has a certified MyKad reader, properly maintained,” he said.

“Not only that, there should be real-time or near real-time verification of MyKad and driving license status, as well as quota used.

“The use of cryptographic protec­tions; making use of digital signatures, revocation and secure authentication, should also be considered.”

He added that petrol station operators and the government should consider adding bio­metric, one-time passwords (OTPs) or PIN for suspicious usage or to verify cardholder identity.

He claimed the authorities should analyse the usage details to identify any abnormal behaviour.

ALSO READ: Amir Hamzah: Budi95 not heavily based on Padu system

“An example is if a MyKad was used to pump petrol in Puchong, and 30 minutes later the same IC was used in Alor Setar, then this is abnormal and needs to be flagged,” he explained.

Meanwhile, Malaysian Cyber Consumer Association president Siraj Jalil said consumer literacy on this subject was important and the government should provide detailed information about the implementation and concise guidelines to prevent the misuse of personal identification cards.

“Consumers can increase the security (verification) on their mobile phones as some use certain apps to pay for their petrol instead of going to the counter,” he said.

Dr Husin Jazri, a cybersecurity professor, suggested that the card reader at the petrol station should be properly inspected and ­operating as per speci­fications to prevent fake card ­incidents.

“It’s advisable to use biometric authentication, as is the current practice by banks. It is simple and easy to use for MyKad users ­performing self-authentication at the petrol pump card reader.”

Husin also added that petrol stations should only collect necessary data to verify MyKad use for subsidised RON95.

“They should not collect extra personal or purchasing data, because that could lead to privacy breaches if all stations start storing or misusing this information,” he added.

Related stories:
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Nation
South China Sea code of conduct to be finalised this year, says Tok Mat
Stay on guard against cyber fraud with festive season drawing near, says consumer group
20 Immigration officers sacked for 'flying passport' offences, says DG
UTM to collaborate with Peking university
Australia deports M'sian with child sexual abuse material found on his phone
Seven nabbed during anti-human trafficking raid in Taman Maluri
Ex-army chief charged with money laundering involving RM2.1mil
Defence industry players welcome new national policy for self-reliance
Over 248,000 job offers given to rehabilitated addicts since 2020
Cops recorded 179 cases of drugs sold on digital platforms since 2023

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.