PETALING JAYA: Policies on no unsolicited calls and the mandatory disclosure of identities must be in place for the National Fraud Portal (NFP) to be effective on the ground, say cybersecurity experts.
While the experts welcome the additional move to combat online scams, they warn that no single portal can be the end-all, no matter how sophisticated.
Former White Hat Hacker Fong Choong-Fook said Malaysia should emulate Singapore by having a “No Call/No Message” register instead of focusing on a fraud portal.
“This will significantly help reduce potential scam cases in the long term.
ALSO READ: Using algorithms to check fraud
“Under this policy, unless otherwise approved, no commercial entities should contact the general public to solicit for any business,” said Fong, who is the LE Global Services Sdn Bhd (LGMS) chief executive officer.
White Hat Hackers are ethical hackers who aim to identify any vulnerabilities or security issues a computer system has with the owner’s consent.
Detecting online fraud was difficult, said Fong, as most were cloaked behind complex anonymity on the web.
ALSO READ: SC ups the ante in war against investment scams
“Combating online fraud should be a joint effort among financial institutions, telecommunication operators, and relevant authorities.
“There is no single platform that can solve this complex issue,” he said, adding that there was not much in-depth information about the portal.
“A closer reference we have could be the proposed framework by Singapore’s Monetary Authority and the Infocomm Media Development Authority, which mandates that negligence originating from the service providers will result in financial compensation for fraud victims,” he said.
Fong said although any initiative to curb fraud was good, establishing the scammer’s identity would be a monumental task that joint forces between financial institutions and telecommunication operators must carry out.
ALSO READ: Budget 2024: National Scam Response Centre allocation doubled to RM20mil
“It will be too complex to determine whether or not financial compensation is viable until clear roles and responsibilities among the joint force members are first defined,” he said.
Malaysian Communication and Multimedia Commission (MCMC) member Derek Fernandez said the current high number of cases of online fraud was due to the fact that responsible consideration for security was an afterthought in the unrestrained pursuit of digitalisation.
Calling it the “true cost of digitalisation”, he pointed out that the security and safety of the country’s digital highways were not by design.
“Sadly, those who sing the mantra of digitalisation and its benefits have been slow to allocate sufficient resources to ensure the protection of the public and their customers.
ALSO READ: Chong: Don’t use taxpayers’ money to help victims who have been warned
“Instead, they choose to place this responsibility solely in the hands of the government while they reap huge profits from digitalisation by operating the ‘digital highways’,” Fernandez said.
This, he said, was why perpetrators could easily weaponise technology and its weaknesses on an industrial scale and wreak havoc in society.
“Technology alone cannot combat cybercrime but robust risk allocation and loss adjustment policies must be in place so that those who financially benefit the most bear the highest risk as they are in the best position to mitigate the losses.
“Those who profit the most from digitalisation should be made to bear the highest responsibility of ensuring a safe digital banking, telecommunications, digital media and digital payment ecosystem for their customers,” Fernandez said.
Customers, he added, must be viewed as assets and not products, and sufficient resources must be devoted to cybersecurity for users.
“Ultimately, the legal responsibility for safety on the digital highway must be imposed on those who operate and collect ‘tolls’ on these highways,” he said.
The government’s present approach to regulating the dissemination of fake or false information online with the intention of causing harm or defaming a person was not effective, he added.
“This must be radically changed to meet the challenges and threats due to evolving technology such as Artificial Intelligence, Deep Fakes and Voice Replication,” Fernandez said, pointing out that many of these led to online financial scamming.
He listed the four essential requirements to commit an online scam – anonymity, access to telecommunications networks, access to an account or payment system and targeting information.
“Anyone who accesses a network facility must be able to be identified whenever he or she is online, more so when a crime has been committed.
“This will enable the victim to take legal action in addition to the government prosecuting the perpetrators.
“To do this, the government must ensure that, as a policy, no unsolicited communication is to be allowed.
“Anybody who communicates with another person must disclose his or her identity, which must be reasonably authenticated by the service provider that authorises the person who uses the service.
“If a stranger were to walk up to you, call you by name, and attempt to start a conversation, and you asked him to identify himself and he refused to do so, this would be considered unacceptable and rude in daily life.
“Similarly, it is equally unacceptable for a party to communicate online with you while refusing to identify themselves.
“The duty to verify identity in relation to a digital service must fall upon the entity providing the digital service,” Fernandez said.