Grab assures customers its platform is secure but urges vigilance

Grab yesterday urged customers to stay vigilant, adding that its platform is secure, after several police reports were lodged last month over unauthorised transactions made through its e-wallet.

The transactions went through despite its anti-fraud measures. Security experts said this could mean the fraudulent payments were made in a way that mimicked everyday use, making them difficult to detect.

A Grab spokesman yesterday told The Straits Times it is aware of the reported cases and is working closely with the authorities and partners in the investigation.

"We wish to assure our users that our platform remains secure."

He added that the firm has implemented artificial intelligence (AI) and machine learning to detect and study fraudulent activities.

The Straits Times understands the unauthorised transactions involved one-time passwords (OTPs) that were sent to phone numbers linked to the users' Grab accounts.

Earlier this month, Grab removed GrabPay as a payment option on gaming websites to eliminate this avenue for scammers, it said in a post on its website last Friday.

Mr Justin Lie, chief executive of cyber security firm Shield, told ST the incidents likely did not deviate enough from normal behaviour to be detected.

He added that AI and machine learning defence technologies are not designed to pick up sporadic and opportunistic fraud, especially within a company processing millions of transactions every day.

"They may look at a user's average spend or physical location, but as long as these are relatively normal, fraud will go undetected."

Mr Phil Pomford, general manager of global e-commerce for merchant and payments technology solutions firm Worldpay from FIS, said firms need to consider various factors to judge the legitimacy of transactions when combating fraud in e-commerce.

"Fraud scoring tools that use a combination of intelligent software, data engines, and teams of experts to analyse the constant growth of relevant payment data can more precisely identify abnormal transactions," he said.