Secure the pump, stop the leaks

By DIVYA THERESA RAVI

PETALING JAYA: Experts are calling for a strong MyKad ­verification process to prevent possible misuse when purchasing subsidised RON95.

They said while safeguards are enhanced, the implementation of Budi Madani RON95 (Budi95) should go ahead as planned.

Cybersecurity specialist Fong Choong Fook said that the MyKad system is relatively secure, but it’s not without vulnerabilities.

“To prevent abuses like cloning, the misuse of lost or stolen cards or ‘gaming’ the quota, the government and petrol station operators should ensure every pump or payment point that offers ­subsidised RON95 has a certified MyKad reader, properly maintained,” he said.

“Not only that, there should be real-time or near real-time verification of MyKad and driving license status, as well as quota used.

“The use of cryptographic protec­tions; making use of digital signatures, revocation and secure authentication, should also be considered.”

He added that petrol station operators and the government should consider adding bio­metric, one-time passwords (OTPs) or PIN for suspicious usage or to verify cardholder identity.

He claimed the authorities should analyse the usage details to identify any abnormal behaviour.

ALSO READ: Amir Hamzah: Budi95 not heavily based on Padu system

“An example is if a MyKad was used to pump petrol in Puchong, and 30 minutes later the same IC was used in Alor Setar, then this is abnormal and needs to be flagged,” he explained.

Meanwhile, Malaysian Cyber Consumer Association president Siraj Jalil said consumer literacy on this subject was important and the government should provide detailed information about the implementation and concise guidelines to prevent the misuse of personal identification cards.

“Consumers can increase the security (verification) on their mobile phones as some use certain apps to pay for their petrol instead of going to the counter,” he said.

Dr Husin Jazri, a cybersecurity professor, suggested that the card reader at the petrol station should be properly inspected and ­operating as per speci­fications to prevent fake card ­incidents.

“It’s advisable to use biometric authentication, as is the current practice by banks. It is simple and easy to use for MyKad users ­performing self-authentication at the petrol pump card reader.”

Husin also added that petrol stations should only collect necessary data to verify MyKad use for subsidised RON95.

“They should not collect extra personal or purchasing data, because that could lead to privacy breaches if all stations start storing or misusing this information,” he added.

Related stories:
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Nation
Appointment of new Perlis MB tests Perikatan's ability to restore public confidence, say analysts
Over 100 flood victims displaced in Segamat
New Perlis MB pledges to maintain unity among state Perikatan assemblymen
Perlis Ruler calls for end to speculation, allegations following appointment of new MB
Taiping woman loses over RM300,000 to phone scam
1MDB verdict must translate into lasting institutional reforms, says Gobind
PAS leaders get cryptic about loyalty after Bersatu man’s appointment as Perlis MB
Sabah rep seeks answers over ongoing stateless children begging in Kota Kinabalu
Najib's donation not the same money seized by MACC in 2019, says SUPP
Perlis PAS Youth chief claims he was invited to sign SD against ex-Perlis MB

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.