KUALA LUMPUR: The nation’s payment system remains safe and secure despite the data breach seen with iPay88’s system, says Bank Negara.

The central bank said that forensic investigations were still ongoing into the potential data breach at iPay88 (M) Sdn Bhd, a company that is providing payment gateway services to banks and merchants.

In a statement, Bank Negara pointed out that the breach originated from and was confined to iPay88’s payment card systems and did not involve vulnerabilities in the banks’ systems.

Financial institutions in Malaysia also observe strong authentication methods for online card transactions, including prompting cardholders for additional confirmation of certain transactions considered to be more risky.

“This reduces the risk of fraudulent transactions occurring,” said the central bank, adding that for non-authenticated transactions, particularly purchases from overseas merchants, customers would not be liable for any fraudulent or unauthorised transactions that might arise from the potential data breach.

Also, the central bank has instructed banks to immediately notify affected cardholders of additional protective measures that will be taken to further protect them against risks of fraudulent or unauthorised transactions.

“Banks have also heightened their fraud risk management and monitoring of suspicious or fraudulent activities for affected cards,” said the central bank.

On Thursday, iPay88 confirmed that customers’ card data might have been compromised after a cybersecurity incident.

The company said relevant experts were engaged to contain the issue after the discovery on May 21.

The containment process was successfully completed and no further suspicious activity has been detected since July 20.

The company also said it had implemented various new measures and controls to strengthen the system’s security, and an investigation is currently ongoing.

Bank Negara does require banks to stress test their digital systems rigorously.

A thorough test and continuous updates are needed to ensure the integrity of a bank’s online banking system.

Such demands were strengthened after the last cyber attack more than two years ago.