It’s often said that the biggest barrier to eWallet adoption is security.
It’s a proven fact too. In Nielsen’s report last year on Malaysia’s shifting payment landscape, security proved to be the biggest reason why non-users aren’t using eWallets.
- 50% were concerned about security and fraud related to digital money
- 34% worry about overspending
- 27% say merchant acceptance is low
While eWallets are arguably receiving much better response now, security still remains a huge concern.
Is this worry justified? How safe are eWallets really?
Where are my funds stored when I use eWallets?
As mentioned in our article on how eWallets work in Malaysia, all the funds that users load into their eWallet are deposited by the respective eWallet company into a trust account with a licensed financial institution.
From here, what the eWallet company can or can’t do with those funds is highly regulated.
How is my money kept safe when I use eWallets?
When it comes to our money, it’s only wise that we’re wary and skeptical.
In the case of eWallets however, we can let our guard down to a certain extent – knowing that there are safety and security measures in place.
1- eWallets are heavily regulated by Bank Negara
BNM’s Guideline on Electronic Money is a guideline which outlines the minimum standards and operational requirements for e-money issuers in Malaysia.
Most importantly, it’s stated that the funds can only be used for:
i) Refund to users
ii) Payment to merchants
With such a large pool of funds at the disposal of eWallet companies, who wouldn’t be concerned about improper usage?
Fret not though, as the usage and management of funds by eWallet companies is heavily regulated. Below, we’ve summarised just a few regulations from the document concerning this.
- Funds collected from users should be deposited and managed separately from the issuer’s working capital funds to avoid commingling.
- Funds shall not be invested in any form of assets other than as bank deposits.
- E-money issuers must comply with the Anti-Money Laundering and Anti-Terrorism Financing Act 2001.
- E-money is subjected to the Unclaimed Moneys Act 1965 (UMA).
For more details read our guide on eWallets laws and regulations in Malaysia.
2- Less risk, better traceability
Regulations aside, eWallets allow complete traceability of all transactions. In comparison, cash leaves almost no footprint.
Leaving behind traceable records is important in the unlikely case you become a fraud victim, where being able to easily view your past transaction footprint is helpful.
Remember also, that your bank account is not directly linked to your eWallet account.
This means that in the unlikely case of fraud, loss is limited to the funds you already have in your eWallet, which is also capped by the eWallet provider’s imposed transaction limit.
3- Your identity matters
To sign up as a new eWallet user, you have to start by registering an account – but it’s not as simple as creating a username and a password.
Once again, we can thank BNM’s Guideline on Electronic Money for this.
Among the four security measures highlighted in the document include “authentication”, where an authentication process is required to validate the user’s identity.
How eWallet providers choose to do this isn’t stipulated, and they’re free to choose whatever tools and methods they like – hence why the registration procedure for eWallets in Malaysia tend to vary across the board.
Check out this table below from our article on how to use eWallets for beginners.
|GrabPay||Other than taking a picture of your NRIC or passport, Grab also provides you the option of selfie verification.|
|Boost||You will also need to provide a 6-digit transaction PIN to ensure only you can authorize all transactions in the app. You will also need to select your telco.|
|Touch’n Go eWallet||Just like Boost, you will also need to set a 6-digit PIN, as well as a security question on top of that.|
How can I stay safe when using eWallets?
- Avoid connecting to public WiFi networks
- Beware of phishing attempts
- Only download eWallets from official websites/app stores (avoid email/message links)
Oh no! There’s an unauthorised transaction on my eWallet. What can I do?
If you detect a transaction you didn’t make, most eWallets such as Grab and Boost will first advise you to check your recent transactions.
It might also be worth checking with friends or relatives who may have had access to your account and used it to perform the transaction.
Suppose you suspect your eWallet may have been compromised. If so, you will have to submit a request to your respective eWallet to have your case investigated.
Last year, Touch ‘n Go eWallet announced an interesting feature to address users’ security concerns – their Money-back Guarantee.
TNG’s Money-back Guarantee promises full compensation within 5 days if your TNG eWallet is charged with any unauthorised transactions. A feature like this certainly gives TNG eWallet a competitive edge, especially for non-users who still avoid eWallets for security concerns.