PETALING JAYA: HSBC Bank Malaysia has detected unauthorised ecommerce transactions targeting its payment card holders, and is taking preventive measures by blocking cards suspected of being misused.

In recent weeks, a number of HSBC customers have complained on social media that their debit or credit cards were charged for unauthorised transactions, many involving international video game stores including Steam and Blizzard.

Some customers also complained that it was difficult to reach the bank’s helpline, in order to request a cancellation on the purchase or a freeze on their cards.

“If HSBC is notified or noticed something amiss, we would temporarily block some of the cards so that customers can verify the transactions on their card, and hence the increased call volumes at our call centre,” explained a spokesperson for the bank.

The bank added that any unauthorised transactions reported in which the customer was found not to be at fault would be recoverable and refunded, while impacted payment cards would be replaced immediately.

As an alternative to using the helpline, customers can also block their card using the HSBC Mobile Banking app, which has a feature to immediately block in-store as well as online purchases and transactions.

“This is a temporary defence while the customer gets in touch with HSBC to lodge a report,” said the spokesperson.

Asked if there was an uptick in complaints over unauthorised transactions and those involving app store purchases, HSBC said it had not seen a specific trend affecting types of transactions.

However, the spokesperson acknowledged that transactions on app stores can happen without the cardholder’s knowledge as the requirement for a Transaction Authorisation Code (TAC) or One-time password (OTP) – typically sent via SMS – can be turned off if the cardholder had previously used the store and saved their card information there.

“Once the secure authentication is completed, subsequent transactions will be deemed as ‘recurring transactions’ and hence does not require TAC/SMS OTP each time the cardholder transacts,” the spokesperson said, adding that this depends on the store merchant’s standards.

They also warned that as digital shopping continues to increase during the pandemic, shoppers too may turn to less familiar or secure websites and fall victim to criminals.

“Online scams are rampant and often target victims disguised as ‘special offers/promotions’ sent from unsolicited email/SMS/text messages where victims are enticed to click on the links, which leads them to voluntarily compromising their online security credentials,” the spokesperson explained.

Customers are advised never to voluntarily provide their card details or online banking security credentials to unverified websites, to avoid phishing scams.

Customers were also reminded against downloading third party APK files to their mobile devices, which could contain malware that compromises personal or banking information stored on the device.

The spokesperson concluded that credit cards were still the safest payment option as cardholders are protected in the case of a disagreement.

The bank added that if the card is stolen or hacked, cardholders are not liable if they report it promptly and did not disclose their card details to anyone or left the card unattended.