I've had this happened to me twice (Maybank as well).

Background:


Anyway, if you didn't press the kill switch for that card on MAE as soon as possible as you get the notification for the transaction, then that money is your tuition fees for this unfortunate lesson.

After the kill switch, go to your nearest Maybank branch and tell the people at the counter and they'll guide you through the process and how to fill up the forms. It's a relatively quick process receiving a new card although you'll need to create a new MAE account. Do remember to screenshot or print the transaction history because you'll need the details of the unauthorised transaction for the dispute form.

Honestly, I don't know if the dispute form helps besides documentation because it's been 3 years since it first happened to me and I've not received that money back which I kind of expected. However, the 2nd time it happened, I pressed the kill switch immediately and thankfully, the transaction didn't go through.

If I recall correctly what the branch manager told me, transactions made on these overseas websites don't have 3DS authentication that we have for transactions. That is why they're able to bypass the 2FA of MAE because they already have your card details; they don't need the Secure2U code.

Can use Apple pay / Samsung pay for NFC card payment, it's safer with Tokenization and one time encrypted code for transaction which never expose the real card numbers to POS terminal.

Ya, it's Uk and the other one is Canada

I only use my own pc and phone to login my bank but the transaction seems come from debit card online purchasing



Total damage is RM12.85, the amount is little so might be funny for you guys. I put my money somewhere else and always topup my maybank on weekends for grocery purchase and cash withdrawal at atm.

I didnt receive any notice from sms or whatsapp, I notice money deducted when i just randomly open my maybank app and surprised why my money deducted. Just turn on kill switch at 6.20am just now. I only transfer the remaining balance to my touchngo and deactivated the online e-commerce something immediately when i notice the unauthorised transaction

I think the problem is the card info, i wonder if i didnt have debit card, the unauthorized transaction might not even occur but that will be very inconvenient

Nowadays, you can block overseas transactions on the app. Fraudsters often test which cards are active by making small transactions.

I recommend prepaid card like Wise if you want to use it for grocery buying at supermarket. You can even link it with your Apple/Google wallet so you can just tap your phone to pay like you tap your card

Overseas transaction is blocked long time ago. Its the e-commerce online function not blocked, I block it after transfer remaining balance and block the online e commerce function

I was thinking if I want to take debit card after this. I can use cardless withdrawal although I never try it before

Now at police station, only me make lipot but keep waiting my number only

This post has been edited by heinlein: Aug 13 2025, 09:29 AM

read the green one, it's refunded to you

First thing you should do is call bank to stop further transactions. Or use kill switch in the app.

One of them is refund

Ady tekan kill switch

Unker use T20 banks only

Final charge is the RM5.73. Overseas payment are usually shown like this in Maybank statement, for example:

01/01 Payment RM6
03/01 Pre-Auth Refund RM6
03/01 (actual) Payment RM5.98 - will be few cents +/- off due to adjust in exchange rate

I went to China last weeks and made some payments there with my debit card, this is how it showed in my Maybank statement:

if you regularly purchase online or pay with debit card, you'll find its normal to have PRE-AUTH REFUND status

doesn't mean its OK, still need to check the payment is legit or not

This post has been edited by mi-g: Aug 13 2025, 11:00 AM

HSBC?

Now dun dare use debit card so much liao, mostly is online fraud and unauthorized transaction

Ady done report police and go bank replace card and file a dispute form, need sendiri scan and email to dispute department later when back to office
Better turn off this two thing if use debit card, better safe than sorry



This post has been edited by heinlein: Aug 13 2025, 12:12 PM

better go bank lipot or stop all transactions first looooo
first they test water small amount, then later bigger amount withdrawal...... doesn't matter how small the amount, go bank lipot n remembered they will issue you a new card.

this kind of mindset is so wrong.


We all paid for our stupidity.
Stupidity is not innocent.


Your Card Info being phish, stolen, or you had become victim of social engineering.
That is not Bank responbility.

Your Stupidity is never innocent.
You need to pay.

ady done lipot police and replace card and dispute form, later need to email dispute form

You assume i did the stuff above and yet I didnt do a thing

Dude as I said if the bank can't proof due to your own negligence you should ask BNM to get a refund.

Stolen credentials is a thing involuntary due to system lapses on FI side. Go read up.

you see..

this is exactly what i said.


Yet i didnt do a thing.
Yah. You didnt.



Very simple thing people never understand.
If there is a security break within BANK SYSTEM.

there will be million of victim across nation.
Money involved would be astronomical.


The problem is, you dont even notice you already did something wrong, or did not do something needed.


Never mind. I am wrong.
You cant save 1GB file into a CD-Disk. over limit.
You wont understand.

Dude.

why bank need to prove that???
Do you know how banking system OPERATE??


BANK ONLY NEED TO PROVE. THE TRANSACTION IS AUTHORIZED DIGITALLY.


You can buy something from a "honest-looking" website, apps.
But your transaction can be disguise as "Pre-auth, Pre-approved transaction" and send to bank.

Which you buy once. but they can use that auth to keep charge payment on your account.


Digital World is full of trap.
All user must be vigilant.

Authorised digitally by who? If someone find a loophole in the banking app or system and execute a script or bug so the onus falls on which party? There is a certain bank where its system.compromised any many users data and perform unauthorised rapid txn . This was not due to user negligence.

This post has been edited by lordgamer3: Aug 13 2025, 01:06 PM