Fortified security for your
peace of mind

Your eWallet is embedded with top-notch security measures so you can transact with complete confidence.

5 safety & security measures

We’ve tightened fraud rules and introduced one-tap authentication


Money-back Guarantee policy​

Receive up to RM5,000 in compensation within 5 working days upon investigation and confirmation

Dedicated hotline for fraud & scam cases

Please contact the hotline number at +603-5022 3888 and select “3” for “Fraud” to make a report

How we protect you

You’re covered by our Money-Back Guarantee policy [MBG]

In the unlikely event that you lose your eWallet balance through unauthorised activity, this policy protects you from the risk with compensation up to RM5,000 within 5 working days.

Find out more
Money-back-Guarantee.png
Your eWallet is also protected with 5 safety & security measures imposed on banks by regulator

Touch 'n Go eWallet is the first and only eWallet in Malaysia to successfully implement the new measures imposed on banks by the regulator.

The highest authentication methods are added to your eWallet to further enhance, secure & complement the SMS one-time password

Your eWallet has face verification as a method of authentication when you login to your eWallet, change your eWallet PIN, perform transactions or make payments with your eWallet, & perform reloads to your eWallet.

security-page-web01.svg

Tightened ‘fraud rules’ & block suspicious transactions

Transactions of a certain threshold, or any abnormal activity & suspicious behaviour observed on your account, will be limited or blocked. An email alert will be sent to you should your transactions go over the set limit.

security-page-web02.svg

Verification & cooling-off period for first-time enrolment of services, secure device, or profile document

A cooling-off period means that when you log in to your eWallet from a new device with a less secure authentication method, it will trigger a set of risk-based conditions where the user will be limited to a certain amount for top-ups or payments up to 48 hours. Any top-up or payments above the limit will be rejected automatically.

security-page-web03.svg

Restricted authentication of e-transactions to ONE mobile device or secure device per account holder

TapSecure is introduced as a mandatory one-tap approval function to authenticate your transactions. The TapSecure approval ensures that only your linked device can be used for the approval of transactions within your eWallet account.

security-page-web04.svg

Dedicated customer service channel or hotline for incident reports & suspicions of scams & fraud

Touch ‘n Go eWallet is the first eWallet to be a part of the National Scam Response Centre. A consumer hotline has been set up specifically to attend to fraud, scam cases or queries manned by a dedicated team of fraud operations. Please contact the hotline number at +603-5022 3888 & select “4” for “Fraud” to make a report.

security-page-web05.svg
How to protect yourself
otp-secure.svg

Always keep your account information and OTP secure

SMS-OTP.svg

NEVER share your SMS OTP

Secure-6PIN.svg

Use a safe and secure 6-digit PIN

Link-to-login.svg

Touch ‘n Go eWallet will never send you an SMS with a link to login

Antivirus.svg

Install anti-virus on your phone

Gallery.svg

Download and install apps from Google Play, App Store and Huawei Gallery

Types of scam

Knowing the techniques scammers use can help you stay one step ahead of them. Here are some of the scam types that you should be aware of.


  1. What is malware

    Scammers use malware - a harmful & nasty software that installs itself on your device - to relocate funds from your account & commit identity theft.

  2. How do malicious apps work?

    a. They are sent through chats, links, attachments, etc.

    b. The app will ask for your permission to be the default SMS app.

    c. If you tap ‘Allow’, it can steal your SMS, TAC or OTP and compromise your banking details.

  3. What do I do if I tapped ‘Allow’, and my eWallet details are compromised?

    a. Uninstall suspected malicious app.

    b. Change your eWallet and financial passwords.

  4. What will happen if you install the fake app

    a. The fake app will display a fake payment page for you to proceed with the payment.

    b. This fake payment page in the malicious app is designed to steal your credentials.



What you need to know about mule accounts​
a. A mule account is an account used to receive and transfer funds obtained illegally.

b. A scammer may contact you and persuade you to rent out your eWallet to them (to conduct illegal activities) in exchange for a reward.

c. A mule account can be charged under Malaysian laws, including blacklisting the account holder.


How to prevent a Mule account scam?

a. Never accept job offers, rewards, or any offers that may seem too good to be true in exchange for your eWallet account.

b. Do not help anyone to receive or transfer funds from/to third parties.

c. You could be violating the law if illegal activities or transactions are found in your eWallet account and legal action may be taken against you.



How does phishing link work?

Phishing links are URLs / links sent to your mobnile number via SMS / WhatsApp / other messaging apps for various reasons. Please be reminded that Touch ‘n Go eWallet will NOT send links to users for login or any purposes.​
1
Phishing links are URLs / links sent to your mobnile number via SMS / WhatsApp / other messaging apps for various reasons. Please be reminded that Touch ‘n Go eWallet will NOT send links to users for login or any purposes.​
Suspicious links that brings you to a fake “Touch ‘n Go” or “Touch ‘n Go eWallet” login page that looks real.
2
Suspicious links that brings you to a fake “Touch ‘n Go” or “Touch ‘n Go eWallet” login page that looks real.
The scammer will get all your details the moment you key them into the page.
3
The scammer will get all your details the moment you key them into the page.
Touch ‘n Go eWallet will NOT send links to users for login or any purposes.
4
Touch ‘n Go eWallet will NOT send links to users for login or any purposes.
Always login to your Touch ‘n Go eWallet only via the app downloaded from the OFFICIAL App Store or Play Store.
5
Always login to your Touch ‘n Go eWallet only via the app downloaded from the OFFICIAL App Store or Play Store.



What is phishing call and how does it work?​

Scammers will call you and impersonate themselves as employees of any companies. They will ‘verify’ you with your personal details such as your IC number, vehicle number, etc. These scammers will then ask for your login credentials such as your OTP SMS.

Touch ‘n Go eWallet employees will NEVER request for your OTP SMS.
1
Touch ‘n Go eWallet employees will NEVER request for your OTP SMS.
Touch ‘n Go eWallet employees will NEVER share their employee ID with you.
2
Touch ‘n Go eWallet employees will NEVER share their employee ID with you.
Touch ‘n Go eWallet employees will NEVER request for your Personal Identification Number (PIN).
3
Touch ‘n Go eWallet employees will NEVER request for your Personal Identification Number (PIN).
Be alert and vigilant! Scammers are meant to be convincing. They know how to trick you into providing your details.
4
Be alert and vigilant! Scammers are meant to be convincing. They know how to trick you into providing your details.
NEVER reveal your OTP SMS.
5
NEVER reveal your OTP SMS.
NEVER reveal your login credentials such as your security question and answer/ OTP SMS / Personal Identification Number (PIN).
6
NEVER reveal your login credentials such as your security question and answer/ OTP SMS / Personal Identification Number (PIN).

Watch this video to learn more about different types of scam

Get added protection with WalletSafe

Enjoy peace of mind whether you're reloading, spending or cashing in with WalletSafe. For just RM1, you get up to RM25,000 protection on your eWallet and GO+ balance, and more benefits.

Find out more

Wallet-Safe-security-center.svg