During a press conference held by Michael Kong Feng Nian, the special assistant to Sarawak DAP’s chief Chong Chieng Jen, it was revealed that the victim’s Maybank account had recorded two fund transfers amounting to RM500,000 each to Celcom Sdn Bhd. After getting in touch with both Maybank and Celcom on Monday, Celcom reimbursed the RM1 million to the victim the next day.

Maybank Transaction Records showing two RM500,000 transactions to Celcom Sdn Bhd. — Picture via SoyaCincau

Michael said credit must be given when it is due and he appreciated the fast response in recovering the funds. However, this incident reveals a major security flaw as it is definitely not normal to see a RM500,000 transaction being approved despite the current security safeguards imposed by banks including daily transaction limits. He questions how is it possible to transfer such a large amount without requiring OTP and no notification was sent to the user.

According to Maybank’s website, they have increased the daily limit for various transactions type from 18th June 2022. For individuals, customers can transfer up to RM50,000 per day while business accounts can transfer up to RM100,000 per day. However, it is mentioned that a customer may have the flexibility to enjoy a higher transfer limit based on the total investable asset with the bank.

Typically, Maybank would require an OTP or Secure2U transaction if funds are transferred to a new 3rd party or mule account. If the scammer intends to siphon funds, they would need to find a way to retrieve the OTP from the victim in order to complete the transaction. OTP typically isn’t required if the transfer is made to a saved account or biller on Maybank2u. In this recent incident, it appears that Celcom could be a saved biller and the culprit may have a different motive for the attack.

The biggest question is how is it even possible to transfer half a million ringgit twice considering there already are limits in place for 3rd party and interbank transfers? We have reached out to Maybank for further clarification.

As always, if you believed that you have been scammed, you should call NSRC at 997 immediately for a higher chance of recovering stolen funds. Last year, the NSRC has recovered about RM1.4 million worth of funds for online scam victims.

— SoyaCincau