{"id":9908,"date":"2026-04-28T10:25:57","date_gmt":"2026-04-28T02:25:57","guid":{"rendered":"https:\/\/www.fmos.org.my\/?p=9908"},"modified":"2026-05-19T14:58:59","modified_gmt":"2026-05-19T06:58:59","slug":"credit-card-apk-scam","status":"publish","type":"post","link":"https:\/\/www.fmos.org.my\/en\/credit-card-apk-scam\/","title":{"rendered":"Credit Card &#8211; APK Scam"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On 12 July 2024, Mary downloaded an application called \u2018EZI Recycled\u2019 after viewing an Instagram advertisement and then made a payment of RM5 via the linked website. At approximately 9:00 pm on the same day, she discovered 11 unauthorised online transactions on Shopee Mobile Malaysia, totalling RM47,410, charged to her XE Bank credit card.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Mary denied having performed the transactions and immediately contacted the bank to block her card. She subsequently lodged a dispute seeking a full waiver of the disputed amount and filed a police report. The bank maintained that she was liable because all transactions had been authenticated using OTPs sent to her registered mobile number.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>FINDINGS<\/strong><\/h5>\n\n\n\n<p class=\"wp-block-paragraph\">The evidence showed that 11 3-D Secure online transactions, totalling RM47,410, were carried out on 12 July 2024 using Mary\u2019s credit card. The bank\u2019s records indicate that the OTPs were successfully delivered to Mary\u2019s registered mobile number and correctly entered on the 3-D Secure verification page, thereby authorising the transactions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Mary maintained that she did not receive any OTPs. The surrounding circumstances suggested that her card details and OTPs were compromised. It is likely that the downloaded application contained malicious malware capable of accessing her banking credentials and intercepting OTPs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The bank blocked the card only after Mary reported the incident. No chargeback rights were available, as the transactions had been authenticated under the 3-D Secure protocol.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The 11 transactions occurred over a short span of time and were inconsistent with Mary\u2019s usual spending pattern. Such activity would reasonably have warranted closer scrutiny under the bank\u2019s fraud monitoring controls and a verification call to the cardholder.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>OUTCOME<\/strong><\/h5>\n\n\n\n<p class=\"wp-block-paragraph\">We conclude that Mary\u2019s banking credentials were compromised through the downloaded application, enabling unauthorised third-party access to conduct the disputed transactions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Although the transactions were authenticated in accordance with security protocols, the bank could have adopted additional preventive measures by contacting Mary, given the unusual frequency and pattern of the transactions, which may have mitigated the losses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">At the same time, Mary ought to have exercised greater caution when downloading unfamiliar applications and providing sensitive information online.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Applying the principle of fairness, the Ombudsman decided that it is reasonable to apportion liability between Mary and the bank.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 12 July 2024, Mary downloaded an application called \u2018EZI Recycled\u2019 after viewing an Instagram advertisement and then made a payment of RM5 via the linked website. At approximately 9:00 pm on the same day, she discovered 11 unauthorised online transactions on Shopee Mobile Malaysia, totalling RM47,410, charged to her XE Bank credit card. Mary [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":9922,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[26,25],"tags":[],"class_list":["post-9908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-banking-islamic-banking-payment-systems","category-case-studies"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Credit Card - APK Scam - FMOS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fmos.org.my\/en\/credit-card-apk-scam\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Credit Card - APK Scam - FMOS\" \/>\n<meta property=\"og:description\" content=\"On 12 July 2024, Mary downloaded an application called \u2018EZI Recycled\u2019 after viewing an Instagram advertisement and then made a payment of RM5 via the linked website. At approximately 9:00 pm on the same day, she discovered 11 unauthorised online transactions on Shopee Mobile Malaysia, totalling RM47,410, charged to her XE Bank credit card. Mary [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fmos.org.my\/en\/credit-card-apk-scam\/\" \/>\n<meta property=\"og:site_name\" content=\"FMOS\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-28T02:25:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-19T06:58:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"commsadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"commsadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/\"},\"author\":{\"name\":\"commsadmin\",\"@id\":\"https:\/\/www.fmos.org.my\/en\/#\/schema\/person\/8fbea4ebb5130d485f32d0731efd4689\"},\"headline\":\"Credit Card &#8211; APK Scam\",\"datePublished\":\"2026-04-28T02:25:57+00:00\",\"dateModified\":\"2026-05-19T06:58:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/\"},\"wordCount\":366,\"publisher\":{\"@id\":\"https:\/\/www.fmos.org.my\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png\",\"articleSection\":[\"Banking, islamic banking &amp; payment systems\",\"Case Studies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/\",\"url\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/\",\"name\":\"Credit Card - APK Scam - FMOS\",\"isPartOf\":{\"@id\":\"https:\/\/www.fmos.org.my\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png\",\"datePublished\":\"2026-04-28T02:25:57+00:00\",\"dateModified\":\"2026-05-19T06:58:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage\",\"url\":\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png\",\"contentUrl\":\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png\",\"width\":500,\"height\":500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fmos.org.my\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Credit Card &#8211; APK Scam\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fmos.org.my\/en\/#website\",\"url\":\"https:\/\/www.fmos.org.my\/en\/\",\"name\":\"FMOS\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.fmos.org.my\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fmos.org.my\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fmos.org.my\/en\/#organization\",\"name\":\"FMOS\",\"alternateName\":\"Financial Markets Ombudsman Services\",\"url\":\"https:\/\/www.fmos.org.my\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fmos.org.my\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/FMOS_hori-logo_fullcolor-Custom.png\",\"contentUrl\":\"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/FMOS_hori-logo_fullcolor-Custom.png\",\"width\":262,\"height\":50,\"caption\":\"FMOS\"},\"image\":{\"@id\":\"https:\/\/www.fmos.org.my\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fmos.org.my\/en\/#\/schema\/person\/8fbea4ebb5130d485f32d0731efd4689\",\"name\":\"commsadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fmos.org.my\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a05f4bcfd9343a8f8d132e42c78c8681f5478a61135065e2d36ad22020b81651?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a05f4bcfd9343a8f8d132e42c78c8681f5478a61135065e2d36ad22020b81651?s=96&d=mm&r=g\",\"caption\":\"commsadmin\"},\"url\":\"https:\/\/www.fmos.org.my\/en\/author\/commsadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Credit Card - APK Scam - FMOS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fmos.org.my\/en\/credit-card-apk-scam\/","og_locale":"en_US","og_type":"article","og_title":"Credit Card - APK Scam - FMOS","og_description":"On 12 July 2024, Mary downloaded an application called \u2018EZI Recycled\u2019 after viewing an Instagram advertisement and then made a payment of RM5 via the linked website. At approximately 9:00 pm on the same day, she discovered 11 unauthorised online transactions on Shopee Mobile Malaysia, totalling RM47,410, charged to her XE Bank credit card. Mary [&hellip;]","og_url":"https:\/\/www.fmos.org.my\/en\/credit-card-apk-scam\/","og_site_name":"FMOS","article_published_time":"2026-04-28T02:25:57+00:00","article_modified_time":"2026-05-19T06:58:59+00:00","og_image":[{"width":500,"height":500,"url":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png","type":"image\/png"}],"author":"commsadmin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"commsadmin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#article","isPartOf":{"@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/"},"author":{"name":"commsadmin","@id":"https:\/\/www.fmos.org.my\/en\/#\/schema\/person\/8fbea4ebb5130d485f32d0731efd4689"},"headline":"Credit Card &#8211; APK Scam","datePublished":"2026-04-28T02:25:57+00:00","dateModified":"2026-05-19T06:58:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/"},"wordCount":366,"publisher":{"@id":"https:\/\/www.fmos.org.my\/en\/#organization"},"image":{"@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png","articleSection":["Banking, islamic banking &amp; payment systems","Case Studies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/","url":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/","name":"Credit Card - APK Scam - FMOS","isPartOf":{"@id":"https:\/\/www.fmos.org.my\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage"},"image":{"@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png","datePublished":"2026-04-28T02:25:57+00:00","dateModified":"2026-05-19T06:58:59+00:00","breadcrumb":{"@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fmos.org.my\/credit-card-apk-scam\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#primaryimage","url":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png","contentUrl":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/AR-Case-Studies-02.png","width":500,"height":500},{"@type":"BreadcrumbList","@id":"https:\/\/www.fmos.org.my\/credit-card-apk-scam\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fmos.org.my\/en\/"},{"@type":"ListItem","position":2,"name":"Credit Card &#8211; APK Scam"}]},{"@type":"WebSite","@id":"https:\/\/www.fmos.org.my\/en\/#website","url":"https:\/\/www.fmos.org.my\/en\/","name":"FMOS","description":"","publisher":{"@id":"https:\/\/www.fmos.org.my\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fmos.org.my\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fmos.org.my\/en\/#organization","name":"FMOS","alternateName":"Financial Markets Ombudsman Services","url":"https:\/\/www.fmos.org.my\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fmos.org.my\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/FMOS_hori-logo_fullcolor-Custom.png","contentUrl":"https:\/\/www.fmos.org.my\/wp-content\/uploads\/2026\/04\/FMOS_hori-logo_fullcolor-Custom.png","width":262,"height":50,"caption":"FMOS"},"image":{"@id":"https:\/\/www.fmos.org.my\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fmos.org.my\/en\/#\/schema\/person\/8fbea4ebb5130d485f32d0731efd4689","name":"commsadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fmos.org.my\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a05f4bcfd9343a8f8d132e42c78c8681f5478a61135065e2d36ad22020b81651?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a05f4bcfd9343a8f8d132e42c78c8681f5478a61135065e2d36ad22020b81651?s=96&d=mm&r=g","caption":"commsadmin"},"url":"https:\/\/www.fmos.org.my\/en\/author\/commsadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/posts\/9908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/comments?post=9908"}],"version-history":[{"count":3,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/posts\/9908\/revisions"}],"predecessor-version":[{"id":10115,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/posts\/9908\/revisions\/10115"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/media\/9922"}],"wp:attachment":[{"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/media?parent=9908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/categories?post=9908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fmos.org.my\/en\/wp-json\/wp\/v2\/tags?post=9908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}