The Communications and Multimedia Ministry is apparently planning to introduce a special app to curb illicit hacking activities in the country. This follows a recent system breach of iPay88, the country’s largest payment gateway, that compromised the company’s payment card systems.
Communications and Multimedia Minister Annuar Musa said that a meeting with the app owner would be held outside the country soon, implying that the app already exists and is developed by a non-Malaysian company. Aside from it being able to “check hacking activities”, he did not reveal any other detail about the app, such as how it actually works.
Annuar added that CyberSecurity Malaysia (CSM) conduct studies into the app to make sure it is properly scrutinised before being launched in the country. As for how much the app would cost, the minister did not divulge on the matter but assured that the price will be reasonable.
The iPay88 breach became a reminder to Malaysians regarding the country’s seemingly lax cybersecurity practices. Many questioned why the payment gateway only publicly disclosed the incident two months after it occurred.
No app is going to magically fix our data protection and security breach problems. But you know what can be more effective? Better policies. Also apply heavier penalties to service providers storing our data that don't implement protection-by-design so they become accountable.
— M (@MuniraMustaffa) August 13, 2022
Following the discloure, the Association of Banks in Malaysia (ABM) assured consumers that they can continue using their cards as normal while Bank Negara Malaysia (BNM) said affected cardholders will be notified to take additional measures. However, security expert Munira Mustafa criticised this approach, saying that it would be better for banks to instruct users to replace their current cards with new ones.
Aside from ubiquitously scam calls caused by commonly-occurring data breaches, Malaysians also face the risk of data-stealing malware. A phishing scam has been popping up sporadically through malicious apps that impersonate legitimate companies to steal bank credentials, while a similar operation called SMSSpy tricks people into downloading malware by dangling a job offer that does not exist.