Losing money to fraud is no longer a remote risk that only affects the careless or the unlucky. It can hit retirees, salaried workers, and families who believed their savings were safe, and the damage often continues long after the money is gone. The financial loss is one part of it, but the confusion that follows often proves just as difficult to deal with, especially when victims are left trying to work out who is responsible, whether they will be compensated, and how long the process will take.

This is the gap Bank Negara Malaysia highlights in its Annual Report 2025, where it points to the growing difficulty of resolving scam cases as digital methods become more complex. As fraud evolves, the challenge is no longer just preventing it, but ensuring cases are handled fairly and resolved in a way that is clear and consistent for victims.

Fraud No Longer Sits Neatly Between Banks And Customers

In the past, scam cases were generally easier to assess because responsibility often fell clearly on either the bank or the customer, depending on whether there was a system failure or a lapse in user behaviour.

The situation has since become more complicated, as many cases now involve multiple layers such as digital platforms, telecom channels, and tactics designed to pressure people into approving transactions themselves. Responsibility is therefore harder to pin down, especially when both system weaknesses and user actions may have played a role.

This matters because the outcome of a case depends on who is found to be at fault, and when responsibility becomes less clear, so does the path to compensation.

BNM Introduced SEFT To Make Outcomes More Predictable

To address this, Bank Negara Malaysia introduced the Self-Compensation Framework for Fraud Transactions (SEFT) in 2024 as part of its policy on ensuring fair treatment for victims of unauthorised e-banking transactions.

SEFT is intended to bring more structure into how scam cases are handled by setting clearer expectations on how responsibility is assessed and how compensation decisions are made, instead of allowing outcomes to vary widely across similar cases.

Under this framework, banks are expected to first assess whether there were weaknesses in their own systems, including authentication steps, alerts, or response processes, before examining the customer’s actions, which shifts the starting point of investigations and reduces the likelihood of victims being blamed without a full review of institutional safeguards.

Customers still carry responsibility, particularly in protecting their own information and avoiding risky behaviour, but SEFT recognises that responsibility can be shared and that outcomes should reflect what actually happened rather than relying on a default assumption.

What Changes When SEFT Is Applied

The introduction of SEFT changes how scam cases are handled after a report is made, particularly in the way investigations are conducted and how decisions are explained to customers.

Banks are expected to investigate more thoroughly, communicate clearly, and apply a more consistent approach when determining compensation, making the process less arbitrary and easier to understand even when outcomes differ.

Some victims may receive full compensation if the loss is linked to weaknesses in the bank’s controls, while others may receive partial compensation where responsibility is shared. In cases where the bank has fulfilled its obligations and the customer is found to be fully responsible, compensation may not be given.

The framework also strengthens recourse by allowing cases to go through independent review and be escalated further if needed, instead of ending at the bank’s initial decision.

Early Signs Show A Shift In How Cases Are Handled

Bank Negara Malaysia notes that early implementation has started to influence how banks approach scam cases, particularly in how investigations are structured and how responsibility is assessed.

Greater emphasis is now placed on reviewing internal control gaps before assigning blame, and there are indications that more victims are receiving compensation compared to before, whether in full or in part.

These changes also create stronger incentives for banks to fix weaknesses quickly, since failures can translate directly into financial losses, which means fraud resolution is beginning to influence prevention rather than functioning only as a response after losses occur.

The Next Step May Involve Expanding Protection

Even with SEFT in place, some cases remain difficult to resolve because fraud methods continue to evolve and often fall into grey areas.

In many situations, a transaction may have been technically authorised but only after the victim was misled or pressured, making it harder to assess responsibility using existing categories.

Bank Negara Malaysia is exploring whether stronger protection may be needed for more vulnerable groups, particularly those with lower digital financial literacy or higher exposure to fraud risks, including whether SEFT should be expanded to better address these situations.

At the same time, any expansion needs to be balanced carefully, as stronger protection could reduce user vigilance if individuals begin to assume losses will always be recoverable.

Responsibility May Not Stop With Banks

Another issue under discussion is whether responsibility should remain limited to banks and customers.

Fraud today often involves a wider digital ecosystem, including telecom networks and online platforms, and other countries have begun assigning some level of responsibility to these players to reflect how fraud actually takes place across multiple channels.

Malaysia has not taken this step yet, but it remains part of the ongoing discussion, as any shift in this direction would significantly change how fraud losses are shared.

What This Means If You Lose Money To Fraud

Most fraud cases are no longer judged on a single question of whether a transaction was approved, as banks are now expected to assess whether their systems could have detected or stopped the activity before the loss happened.

This changes how responsibility is determined. A case that might previously have been treated entirely as customer error may now be reviewed to see whether gaps in the bank’s controls, such as delayed alerts or weak authentication, contributed to the outcome.

The result is a more balanced assessment, where compensation can vary depending on what actually happened. Some cases may lead to full reimbursement, others to partial recovery, while some may still result in no compensation if the bank’s safeguards were deemed sufficient and the customer’s actions were the main cause.

Decisions also no longer stop at the bank level. Cases can be independently reviewed and escalated, which gives customers a clearer path if they believe the outcome does not reflect the facts.

How Can You Protect Yourself

Even with stronger safeguards in place, the outcome of a fraud case can still depend on how quickly and carefully you respond once something seems wrong.

Avoid clicking on links or responding to messages that create urgency around your bank account, because many fraud attempts rely on panic and pressure to trigger a quick decision before you have time to think.

Keep your login details and one-time passwords private, and do not share them even if the request appears legitimate or comes through a familiar channel.

Enable transaction alerts and review them promptly, since early detection can help limit losses before they escalate into multiple transfers or a full account takeover.

If something does not feel right, contact your bank directly using official channels instead of continuing the conversation through the same message, call, or chat thread, as doing so reduces the chance of being drawn deeper into a fraudulent interaction.

Reporting suspicious activity early can affect both how much is ultimately lost and how the case is assessed afterwards, which means speed matters not only for damage control, but also for the strength of your case if a dispute follows.

Follow us on our official WhatsApp channel for the latest money tips and updates.