BNM: PayWave Cards Are Safe From Online Fraud
The president of the National Union of Bank Employees, Michael Tan raised the fears of data theft and said that Bank Negara Malaysia (BNM) and banks had not given the public full confidence to switch their existing cards to PayWave-enabled cards.
Though there are no reports of data theft at the moment, he believed that the new cards could be taken advantage of by cyber crooks when the system is fully implemented next year.
The fear is exacerbated by a video clip showing how fraudsters “lift” a cardholder’s personal information from a PayWave-enabled card via radio frequency identification technology, the Sin Chew Daily reported.
In reply, the central bank denies that the PayWave-enabled cards are susceptible to abuse and fraud as online card fraud will be prevented with the two-factor authentication process which Malaysia adopted.
Malaysia used the strictest authentication methods available, and fraudsters would not be able to misuse the cards with only the cardholder’s personal information, it said.
For any online transaction to be made, user must have the card and the transaction authorisation code (TAC).
“For a transaction to complete, cardholders would need to enter a TAC that will be sent to their mobile phones,” BNM said.
“Contactless cards” in Malaysia, such as debit, credit and ATM cards, were installed with chips that used advanced encryption methods, BNM told the Chinese daily, adding that they would be almost impossible to clone.
Furthermore, e-commerce websites would be responsible for the cost if a card was misused and transactions were completed without the two-factor authentication process, the central bank added.
It is important for cardholders to protect their personal identification number (PIN) and to notify their respective banks immediately in the event the card is lost.
Cardholders are encouraged to switch from the signature-based system to the much safer six-digit verification system by December 31 this year. All signature-based cards will stop working by July 1, 2017.