In today’s rapidly evolving digital landscape, combating financial scams and fraud is crucial to safeguarding the stability and trustworthiness of the Malaysian financial system. Leading this effort is Payments Network Malaysia Sdn Bhd (PayNet), the nation’s premier payments network and central infrastructure for financial markets.
PayNet plays a significant role in combating financial crime in Malaysia by serving as the national payments network and shared central infrastructure for the country’s financial markets. As the national provider of financial market utilities, PayNet is instrumental in building inclusive, accessible, and efficient payment and financial ecosystems.
This infrastructure is crucial for monitoring and managing financial transactions to prevent and detect fraudulent activities.
As Ken Yon Kian Guan, Senior Director of Risk & Compliance at PayNet, states,
“PayNet is at the forefront of safeguarding the financial ecosystem from scams and fraud.”
PayNet’s Objectives in Combating Scams
PayNet’s role in combating financial crime is multifaceted, with several key objectives. Ken explains,
“One of our objectives is to help improve the recovery for victims. Sadly, we are still not yet preventive, but the next best we can do is improve the recovery of these victims’ funds.”
PayNet collaborates with financial institutions, law enforcement agencies, and the central bank to expedite investigations and streamline the restitution process. Another objective is enhancing fraud-related data quality and intelligence. Ken states emphatically,
“Recognising the critical role of accurate and timely fraud-related data, we are dedicated to enhancing our data quality and data intelligence.”
One of the key initiatives in the fight against online financial fraud is the collaboration between PayNet, Bank Negara Malaysia (BNM), and the banking industry to establish an industry fraud portal. This portal is designed to automate and enhance the ability to trace fund movements and identify money mules, which are essential in the detection and prevention of financial crimes,
High-quality data enables better risk assessment and proactive measures against fraud, empowering PayNet’s participants to stay informed about emerging threats and patterns.
Containing and reducing mule accounts is a top priority for PayNet. Mule accounts are bank accounts used to move and launder illegally acquired money. These accounts act as intermediaries, adding layers of distance between crime victims and criminals, complicating the tracing of money trails for law enforcement. Ken states,
“Addressing the issue of mules, who often unwittingly or knowingly facilitate fraudulent transactions, is one of our key priorities,”
PayNet focuses on identifying mule networks, disrupting their activities, and preventing them from being exploited by fraudsters.
Collaborating to Counter Scams
PayNet is also exploring a framework with the industry to counter malware and account takeover scams, which deceive consumers into revealing their account credentials to scammers posing as legitimate entities, resulting in unauthorised transactions.
The approach is similar to the Monetary Authority of Singapore’ (MAS) and Infocomm Media Development Authority’s (IMDA) Shared Responsibility Framework (SRF) to assign financial institutions and telecommunication companies relevant duties to mitigate phishing scams.
Like the objectives of the SRF, PayNet cooperates with various sectoral stakeholders to provide data and assist in assigning responsibility when scams involve multiple financial institutions.
““We collaborate closely with financial institutions, namely banks and e-money issuers,”
notes Ken on PayNet’s broad purview when it comes to compliance and averting fraud.
PayNet’s crucial position at the centre of Malaysia’s digital payments infrastructure allows it to oversee all online payments and bank transfers, providing a comprehensive view that is vital for identifying suspicious accounts and transactions.
Enhancing Digital Literacy
PayNet’s commitment to combating financial fraud extends beyond technical measures. The Financial Sector Blueprint 2022-2026 outlines specific initiatives aimed at educating consumers and enhancing digital literacy.
Under this Blueprint, the central bank BNM has outlined some of the risks that accompany a rapid digitalisation of financial services nationwide, including fraud, data breaches, and financial losses that are also rising with the increased sophistication of threat actors.
To combat these rising threats, the central bank is collaborating with various partners across the local financial landscape, with PayNet a key participant in this fight. But these incidents also highlight the crucial need for education, to raise awareness of the myriad issues that increasingly digitalised financial systems are facing, their evolving nature, and how consumers (and businesses) can be badly impacted unknowingly.
“PayNet participates in digital literacy initiatives by either Bank Negara or any other agencies,”
Ken mentions. These include the Financial Education Network (FEN) and annual e-Duit programmes, which promote safe digital payment practices.
Collaboration with schools and universities is another key aspect of PayNet’s efforts. Through partnerships like the Digital Campus campaign, PayNet engages students and educators, providing practical knowledge on digital payments, security practices, and financial literacy.
“We engage students and educators through workshops, seminars, and provide awareness sessions, offering practical knowledge on digital payments, security practices, and financial literacy to encourage competent adoption of our digital solutions,”
Ken elaborates.
Practical Advice for Consumers
Whilst technological safeguards play a vital role, consumer awareness is equally critical in preventing financial scams. Ken offers practical advice for readers to protect themselves:
“Always be sceptical of unknown communications. Never share personal data, even if you think it is your relative. Protect your own personal data and practise good password hygiene. Secure your own devices and don’t install unknown, untrusted applications. Review your account statements regularly and check your transactions.”
Ken also highlights the importance of being vigilant and not falling prey to greed or overly trusting behaviour.
“The scammers are tapping into three human weaknesses: greed, fear, and love. They use these, together with new modus operandi, to exploit victims.”
Robust Data Protection Measures
As the guardian of the nation’s payment transactions, PayNet implements robust controls to safeguard consumer data against fraud.
“Our commitment to data security is a multi-layered approach to protect data and continuously improve our controls,”
Ken asserts. PayNet employs adaptive security controls that evolve to match emerging threats, ensuring effective defences against new attack vectors.
Furthermore, PayNet’s various services, such as the DuitNow and FPX payment systems, incorporate security measures that contribute to the overall effort to safeguard consumers and businesses against financial crime,
Strict access controls prevent unauthorised data access, whilst periodic audits, such as those conducted by BNM, ensure compliance with stringent security standards.
“We are compliant with the Payment Card Industry Data Security Standard (PCI DSS), the central bank’s requirements for maintaining a cyber-resilient organisation, and the Principles for Financial Market Infrastructure (PFMI),”
Ken elaborates.
The National Scam Response Centre
A critical component in Malaysia’s fight against financial scams is the National Scam Response Centre (NSRC). Established in October 2022, the NSRC is a joint effort between the National Anti-Financial Crime Centre (NFCC), police, BNM, the Malaysian Communications and Multimedia Commission (MCMC), PayNet, as well as financial institutions and the telecommunications sector in the country.
According to Ken, the NSRC serves as a centralised hub for incident reporting and rapid response. Its main focuses presently are on online financial scams, including phishing scams, Macau scams, malware attack scams, package delivery or parcel scams, and love scams.
“PayNet serves as the central solution provider of the NSRC system. We provide the NSRC with tools to trace where the money went and immediately alert the relevant banks,”
Ken explains.
The NSRC’s collaboration with PayNet and other stakeholders has yielded noticeable results.
“The amount of cases initiated, and fraud funds intercepted and earmarked for recovery, has significantly improved since the new system came up. We are making sure we frustrate the scammers by preventing money from leaving the bank accounts operated by the mules and scammers,”
Ken proudly states.
With the NSRC handling approximately 200 calls and 60-80 victim cases per day, the impact of this collaborative effort has been making a difference in the battle against phishing attacks and other types of virtual scams.