BNM Says iPay88’s Data Breach Does Not Involve Banks’ Systems Vulnerabilities

BNM Says iPay88’s Data Breach Does Not Involve Banks’ Systems Vulnerabilities

by August 12, 2022

Bank Negara Malaysia (BNM) said in a statement that forensic investigations are still ongoing with regard to the payment gateway provider iPay88’s potential data breach incident.

The breach originated from and is confined to iPay88’s payment card systems and does not involve vulnerabilities in the banks’ systems.

According to BNM, financial institutions in Malaysia also observe strong authentication methods for online card transactions, including prompting cardholders for additional confirmation of certain transactions considered to be more risky. This reduces the risk of fraudulent transactions occurring.

For non-authenticated transactions, particularly purchases from overseas merchants, BNM said that customers will not be liable for any fraudulent or unauthorised transactions that may arise from this incident.

BNM has instructed banks to immediately notify affected cardholders of additional protective measures that will be taken to further protect them against risks of fraudulent or unauthorised transactions.

Banks have also heightened their fraud risk management and monitoring of suspicious or fraudulent activities for affected cards.

“BNM takes a serious view of any incident that can affect confidence in the payment system, and will not hesitate to take necessary supervisory or enforcement actions to ensure strong security controls are in place and maintained by financial institutions, and customers are treated fairly.


Customers are advised to immediately notify their banks if they observe any irregular or unauthorised transactions on their cards.”