Malaysia’s digital fraud ‘kill switch’ not a cure-all: Experts

Experts called for a stronger role by the National Scam Response Centre, which was recently allocated RM10 million to help Malaysians combat online fraud and scams.


Warning: A notice informing users to beware of mule account scams on a smartphone. — ART CHEN/The Star

February 27, 2023

PETALING JAYA – The “kill switch”, albeit a good initiative in online fraud protection, is no panacea to all online scams, say cybersecurity and digital technology experts.

While banks should beef up their online security, experts called for a stronger role by the National Scam Response Centre (NSRC), which was allocated RM10mil under Budget 2023 to help Malaysians combat online fraud or scams.

Universiti Malaysia Sarawak senior lecturer in communication Chuah Kee Man said the “kill switch” would work only if victims know of unapproved transactions.

“It is more like a ‘panic button’ that we can switch on whenever we realise our bank accounts are being used for unauthorised or suspicious transactions.

“It has to be manually switched on by the account holders and serves as a last-minute defence mechanism to stop the outflow of their savings.

“This self-service feature is more like minimising the loss incurred by account holders rather than curbing scams from happening in the first place.

“But most of the time, victims are not even alerted. No SMS, no notifications, no calls,” he told The Star yesterday.

Citing the example of a victim with RM1,000 left in his account, Chuah said by the time he realised it, scammers would have emptied it through a single transaction.

“So essentially, this feature is beneficial to reduce further loss, especially for those with more money in their accounts.

“It can assist in reducing financial loss but may not stop scams from going rampant if other measures are not taken.”

Chuah said some banks’ existing systems and apps might need time to be reconfigured to allow the “kill switch” feature, while some have been slow in adopting tech.

Calling on banks to strengthen online security features, he said they should identify the root cause of why a transaction could still be made despite not obtaining authorisation from the account holders.

“Multi-factor authentication such as SMS TAC or real-time in-app verification can be breached easily. Users may not even know that transactions were made, especially during odd hours, like when asleep.

“This situation can even happen to users who do not click on suspicious links sent to them or install malicious apps.

“Banks should do security audits on their apps and systems to continuously monitor vulnerable security loopholes.”

Chuah also said users’ transaction limits should be scrutinised for red flags.

Malaysia Digital Foundation or Yayasan Digital Malaysia (YDM) head of digital innovation, Mohd Fazli Azran, said the “kill switch” is good when one’s bank account is compromised.

However, he said it would only work when users allow real-time notifications or alerts from the banking app when suspicious transactions occur.

“The user must manually activate the ‘kill switch’ feature. So they must be alert,” he said.

Following the Budget 2023 announcement on Feb 24 where Bank Negara would require all banks to add a “kill switch” to allow account holders to freeze their accounts when suspicious activity is detected, he said new guidelines were expected soon for all banking and payment applications.

He also suggested users and account holders should be exposed to the E-Payment User Protection Guideline, which would help them mitigate their risks and set measures to strengthen their ability to protect themselves against digital banking scams.

Fellow and chairman of Information Technology & Computer Science Discipline of the Academy of Sciences Malaysia, Prof Dr Mohamed Ridza Wahiddin, said some banks in Malaysia have a “kill switch” in their banking apps.

“Singapore banks have already been mandated to implement the ‘kill switch’ last October.”

Calling the “kill switch” feature a “reactive approach”, he said the onus was upon the account holders to be wary and take action.

Calling for a more proactive approach, he said artificial intelligence could enhance big data analytics that helps banks monitor their clients’ transaction patterns and raise the red flags quickly.

They also said the RM10mil allocation should assist NSRC in strengthening their roles, particularly in standardising the policy in dealing with online fraud or scams, making it easier for the users to follow and prevent confusion.

Chuah said NSRC should intensify its advocacy efforts to increase public awareness regarding its roles, such as the 24-hour hotline of 997, which many are still unaware of.

“NSRC needs to improve the efficiency of this hotline or other communication channels, such as WhatsApp, so that immediate action can be taken instead of dragging users into another long list of procedures,” he added.

Mohd Fazli noted that the people need a “good response” from the NSRC instead of being told they were careless.

“They must show credibility to the rakyat that they are the one-stop call centre that can assist them in how to solve their cases,” he said.

Prof Mohamed Ridza said the RM10mil could help improve the NSRC by recruiting the best brains, acquiring state-of-the-art technology and drafting policies and guidelines for staff and stakeholders.

scroll to top