Frequently Asked Questions About E-Wallet Security, Answered

by The RinggitPlus Team

e-wallet

Frequently Asked Questions About E-Wallet Security, Answered

As Malaysia enters a new digital age, physical cash is slowly being replaced by various cashless mediums. Today, a large amount of merchants in Malaysia have begun adopting e-wallets as they are a more convenient and secure option compared to physical cash. E-wallet users in Malaysia are also on the rise, with wallets such as Touch ‘n Go eWallet boasting a user base of more than 4 million.

But, there are still some who do not trust e-wallets as they believe e-wallets present a security risk. Unfortunately, this minority are wide off the mark, as e-wallet providers in Malaysia are heavily regulated and must adhere to guidelines set by Bank Negara Malaysia, which means security and data preservation are always a priority for these companies.

With that in mind, we spoke to some individuals who don’t use e-wallets on their security concerns, and try to answer them as best we can.

1) How Safe Is My Money In E-Wallets?

Funds stored in e-wallets are just as safe as physical cash in your own wallet. In fact, it’s actually more secure than physical cash – the risk of snatch thefts, robberies and petty thieves stealing your wallet is always present. With e-wallets, you can minimise the amount of physical cash to carry.

Similarly, Bank Negara Malaysia has strict guidelines for e-wallet license holders, and all e-wallet providers are heavily regulated. A core principle to operate an e-wallet in Malaysia, according to BNM, is to "establish adequate governance and operational arrangements", which must include "measures to ensure safety, security and operational reliability of the e-money, including contingency arrangements."

For example, one BNM regulation states that e-wallet funds stored users must be placed in a trust account that can only be used for two things: refunds to users and payment to merchants. It eliminates the risk of e-wallet companies using the funds for any form of investment.

This security extends to the e-wallet apps as well. Most transactions require some form of password or biometric authentication, which means it’s extremely difficult for someone to steal your e-wallet and pay for something.

2) What Happens If My Phone Gets Stolen?

With so much data stored in our smartphones, it is a nightmare to have it stolen – so it’ll be worse if there are e-wallet apps installed as well, right? There goes all the money in your e-wallet?

Nope! As mentioned earlier, e-wallets in Malaysia require some form of user authentication before a transaction can be done. It usually comes in the form of a six-digit PIN or via biometric authentication such as fingerprint or irises if the smartphone supports it. This authentication applies across the board for all transactions on the e-wallet, from peer-to-peer (P2P) funds transfer, QR scan and pay, and other in-app purchases.

So even if your phone gets stolen, the funds in your e-wallet remains secure. Just log in to the app from your replacement phone – almost all e-wallets in Malaysia do not allow concurrent installations for a single account, so the act of signing in from another phone revokes access to your stolen one.

3) Can Someone Hack Into My E-Wallet? There’s A Lot Of News About Data Breaches…

Gaining access to a user’s e-wallet can be done in two ways: by breaking past the many layers of security protocols built into the e-wallet platform, or locally via the individual e-wallet user’s phone.

Now, no security protocol can be 100% unbreachable, but one of the main requirements set by BNM for e-wallet licensees involves the "deployment and adoption of an appropriate system security infrastructure and authentication mechanism, which should commensurate with the nature and complexity of the e-money’s system design, architecture and platform, and are further complemented with the implementation of procedural safeguards to detect and protect against fraud and hacking."

So, it’s safe to say there is a higher chance of someone attempting to forcefully take your phone and attempt to take your e-wallet funds. But even then, it’s virtually impossible. Let’s break it down.

If a user attempts to steal your wallet funds, it can only be done via P2P funds transfer – which requires the recipient’s phone number! A thief would never reveal this information as it could be tracked back to them. The only other way to move funds out of an e-wallet is to pay to a merchant, which again, can be tracked. A third option would be for the thief to force you to buy something from a store, but let’s be serious – that’s way too much effort and risk.

Of course, there is also the risk of having your card information being stolen by hackers if the e-wallet’s backend security isn’t strong. But as we mentioned earlier, BNM has strict requirements for e-money licensees which includes proper security measures and countermeasures in place to protect customer data.

4. There’s A Transaction That I Didn’t Do On My E-Wallet, And Funds Have Been Deducted! What Can I Do?

In the very unlikely event of an unauthorised transaction, you can rest assured that thanks to the increased transparency with e-money transactions, an e-wallet company can easily determine if a fraudulent transaction has taken place and reverse it.

Some e-wallet companies may also go the extra mile to offer greater peace of mind to its users. For example, Touch ‘n Go eWallet recently introduced a new Money-back Guarantee feature, which guarantees a full refund within five working days for unauthorised transactions made on its e-wallet.

To get protected, users simply need to upgrade their eWallet by verifying their accounts using the app’s e-KYC verification feature. This just requires users to upload a photo of their IC as well as a selfie to confirm their identity. Verified users will see an icon of a white shield with a green tick next to their profile photo in the app.

The Touch ‘n Go eWallet Money-back Guarantee feature gives the confidence for users to transact and use the app without worries, every time. If an unauthorised transaction has taken place, users have 60 days to report the issue by submitting a claim form which includes necessary information for the team from Touch ‘n Go eWallet to investigate. If it is proven to be an unauthorised transaction, Touch ‘n Go eWallet will give a full refund to the user’s e-wallet account within 5 working days.

Better Than Physical Cash

With so many measures in place to ensure the security of e-wallet users, it’s no surprise that more and more Malaysians are trying out e-wallets. And, features such as Money-back Guarantee by Touch ‘n Go eWallet helps inspire confidence to first-time users as well as those who do not understand the technical aspects of e-wallets.

Plus, Touch ‘n Go eWallet has another unique feature that makes it stand out from other e-wallets. Besides convenient uses such as prepaid reloads and bill payments, there is also PayDirect, which is the ability to link a user’s physical Touch ‘n Go card to the eWallet. With PayDirect, toll fares are deducted from the user’s eWallet fund if they use their physical card to pay for all open-system tolls in the Klang Valley (such as Sprint, LDP, Kerinchi Link, and plenty more). This means users just need to top up their eWallet, which can be done anytime, anywhere – no more queueing up at Touch ‘n Go Tambah Nilai lanes when you forget to top up. Plus, by using PayDirect you also stand a chance to win 1 year’s worth of free tolls!

With a combination of convenient and unique features, high-level data security, and now even a money-back guarantee, there are plenty of reasons to try out Touch ‘n Go eWallet on Android or iOS today.