25th March 2026 - 4 min read
QR code payments are now part of daily spending in Malaysia, from shop counters and pasar malam stalls to e-duit raya during festive periods. They are fast and convenient, but they can also make it easier to miss fake payment requests, tampered QR codes, and misleading links.
Fortinet Malaysia estimates that fraud-related losses in the country reached RM2.7 billion in 2025, up 76% from 2024. The company said festive periods often bring a rise in phishing activity, fake e-commerce platforms, and misleading payment links as digital payment use increases.
Raya and year-end periods usually bring a jump in shopping, gifting, and person-to-person transfers. In Malaysia, this often means heavier use of DuitNow QR and e-wallets for quick payments.
When payment activity rises, people may be more likely to pay quickly and spend less time checking the recipient name, payment link, or QR code before confirming a transfer. That makes busy festive periods a higher-risk time for payment mistakes and misleading transactions.
Fortinet Malaysia Country Manager Kevin Wong said the Cyber999 Incident Response Centre recorded 2,020 incidents in the third quarter of 2025, up more than 20% year on year. He added that phishing and online fraud accounted for about 75% of all reported cases.
Many of these cases do not begin with anything that looks highly technical. They can appear as normal payment prompts, login pages, marketplace listings, or messages asking for a quick transfer. This means the risk is often tied to everyday payment behaviour, especially when using QR codes and payment links.
If you are scanning a QR code at a shop or stall, start with a physical check. A QR code that has been pasted over another one may show raised edges, uneven corners, or signs that a sticker has been placed on top of the original display.
The next check happens in your banking or e-wallet app. Before confirming payment, look at the recipient name shown on screen. This is one of the clearest ways to confirm that the money is going to the intended person or business.
Payment links shared through WhatsApp or Telegram should be treated carefully, especially during festive periods when requests can seem casual or urgent. If the sender is known to you, it is safer to confirm through a separate channel before making payment.
For e-duit raya, it is generally safer to send or receive money through your banking or e-wallet app directly, rather than through an external link.
Businesses that accept QR code payments face similar risks. A tampered code at the counter can redirect customer payments, while fake listings or spoofed messages can lead to disputes and damage customer trust.
These risks can become harder to manage during peak periods, when payment volumes are higher and staff may be handling more transactions than usual.
Wong said organisations should maintain continuous monitoring, strengthen staff awareness, and use firmer identity controls such as multi-factor authentication. He added that integrated security systems and artificial intelligence-based detection can help organisations spot threats earlier and respond more quickly.
If money has already been sent to the wrong recipient, acting quickly may improve the chances of recovery.
Consumers may need to contact their bank immediately to report the transaction. In Malaysia, cases can also be escalated through Bank Negara Malaysia’s BNMLINK and the National Scam Response Centre. A police report may also be required as part of the process.
Consumers should also be aware that if a payment was authorised, even under misleading circumstances, recovery is not always guaranteed. That makes the final confirmation step especially important when using DuitNow, QR code payments, and digital payment links.
Follow us on our official WhatsApp channel for the latest money tips and updates.
Samuel writes about personal finance and financial news, focusing on how banking updates, policies, and promotions affect everyday money decisions. He enjoys making complicated financial topics easier to follow. Outside of writing, he spends his time watching TV shows and occasionally convincing himself he will only watch one episode.
Subscribe to our exclusive weekly newsletter and we’ll bring you the week’s highlights of financial news, expert tips, guides, and the latest credit card and e-wallet deals.
Stay tuned for what’s to come next in the personal finance world
Comments (0)