In the face of the recent data breach incident of 46.2 million mobile data of Malaysians, EnterpriseTV spoke to iPay88’s Founder and Executive Director KL Chan, on the possibility that mobile banking applications might be compromised as well.
Below are KL Chan’s interview replies to the questions put forth:-
Q: Due to the recent huge data breach of 46 million Malaysian mobile data, somehow it has evolved into a worry that now – even mobile banking apps are putting users at risk. Based on your understanding, can you explain what is going on and if this risk is warranted or just a misconception?
A: Generally, mobile banking apps are well designed and do not put users ‘at risk’. The mobile banking systems and processes are also designed with the utmost priority of avoiding fraud.
In the case of the 46 million mobile data leak, the breach took place at the telco’s level as the telco’s entire customer database was hacked with unauthorised access to take all the users details (user name, address, IC, mobile number, etc).
Back to the risk face by mobile banking users due to this telco data leak; my explanation is this: – Even with this mobile data users details, 3rd party tokenisation cannot take place without third party authentication (OTP) confirmation.
Fraudster can only abuse the mobile data details if say, the loss of mobile device is reported and when fraudster tries to renew sim card, and proper verification is not done by the said telco. Fraud can also happen if the log in ID of the device is made known to fraudster.
But so far as to date since this 46 million mobile data breach, I do not think there has been complaint of mobile banking-related fraud occurring.
Q: What are some of the root causes of today’s customer data breaches?
A: There must be higher awareness amongst the telco companies that they must securely protect their database. Investment into security measures for database is important despite it is a never ending competition of who will have a better technology – telco companies or the hackers. Therefore, having policies and high standards in place by telco companies on data protection to prevent fraudsters from hacking into database are un-compromisable. It is important to have a reliable system provider and integrator. iPay88 pride ourselves as a PCI DSS Certified Level 1 compliant service provider, an International Security Standards in providing a highly reliable and up-to-date system that comes with proven fraud prevention system and monitoring.
Q: What do think are the Top 3 criteria required for mobile banking and mobile telco data to be safer?
A: a) Log in ID and password on mobile banking must be secured by the users personally. This security is equivalent to ATM card. The ID and password are like ATM’s 6-digit password. Users must take good care of their ID and password.
b) Phones must be treated like wallets, or even more important! If the phone is lost, higher chance for more possibilities and options of fraud to happen.
c) Telcos and banking players must work closer hand-in-hand to secure customer data sets.
Q: As one of the top payment gateway providers in the region, please share how is iPay88 pushing for higher levels of customer data security.
A: We are constantly educating users on the sensitivity of IDs and passwords. Manage them as important information and do not let third party have access to these information. We also urge telco companies and banks to continue to invest in the latest security measures to protect their customer’s data.
iPay88’s payment platform and infrastructure process online payments with speed and securely. Its International Security Standards (PCI DSS Certified Level 1) feature has the highest standard in payment industry to ensure all transactions are safeguarded. Our compliance with several national regulations such as Financial System Act 2013 and Fraud Prevention System & Monitoring (Zepsecure) also secure transactions and safeguard our consumers’ interest as well as merchants’ credibility.