The recent arrest of a transport company director in Negeri Sembilan for allegedly using hacked Touch ‘n Go cards is another reminder of how cybercrime is evolving in Malaysia. What looks like a “simple fraud” on the surface actually highlights deeper issues in payment security, insider misuse, and digital forensics.
According to police, more than 300 tampered cards were seized, together with RM400,000 in cash. The cards, purchased at RM150–200 each, were hacked to display a higher stored balance before being handed to truck drivers. This scam only came to light when the card operator detected discrepancies in its accounts – resulting in losses of nearly RM60,000 in just two months.
At Condition Zebra, we view this case as an important wake-up call for businesses and regulators:
- Payment Systems Are Attractive Targets
Even closed-loop systems like Touch ‘n Go are not immune from cyberattacks. Criminals are leveraging low-cost tools and widely available software to manipulate hardware-based payment systems. - Fraud Detection Must Be Proactive
In this case, the scam went on for over a year before detection. Continuous monitoring, anomaly detection, and stronger fraud analytics should be a priority for all payment providers and businesses relying on digital transactions. - Insider & Organizational Risks
The use of compromised cards by an entire fleet of drivers suggests organizational complicity. Companies must have internal controls, auditing, and awareness training to prevent such abuse. - Need for Stronger Cyber Forensics & Law Enforcement Collaboration
Digital forensics plays a crucial role in uncovering how these attacks are carried out. Strengthening forensic capacity and cross-agency collaboration will help Malaysia stay ahead of sophisticated fraud.
This case is not just about hacked cards; it reflects how cybercrime is shifting from purely digital scams into hybrid crimes, blending technology misuse with traditional fraud. As Malaysia continues its digitalisation journey, businesses must adopt a proactive cybersecurity mindset – not just rely on system operators or law enforcement after the damage is done.
In today’s digital economy, even payment systems can be exploited by criminals using cheap tools and clever tactics. Businesses cannot afford to wait until fraud is detected – prevention must come first.
At Condition Zebra, we help organizations close these gaps by providing:
- Vulnerability Assessments & Penetration Testing (VAPT) – to uncover weaknesses before attackers do.
- Managed Detection & Response (MDR) – 24/7 monitoring to detect and stop threats in real time.
- Security Awareness Programs – equipping staff to recognize and prevent scams.
- Cybersecurity Training – online and in physical classes, featuring: Penetration Testing for Network & Web Applications and Digital Forensics
🔒 Stay one step ahead of cybercriminals. Contact Condition Zebra today for a free consultation with our Cybersecurity Experts.
Source: Transport firm director held over hacked Touch ‘n Go cards
Share this: