The Risk-Reward Tightrope in Malaysia’s Wallet Boom
Malaysians now make about one e-payment per person per day according to Bank Negara Malaysia’s 2024 annual report. That is 409 transactions per capita, up from 343 the year before. When everyone pays digitally, risk and resilience stop being back-office issues and become growth levers
On the industry side, two events pushed risk to the front page this year:
DuitNow QR’s global step-up. PayNet (Payments Network Malaysia) and Ant International expanded acceptance so Malaysians can use local wallets across more than 100 million Alipay+ merchants worldwide. Cross-border convenience is fantastic for travellers and SMEs, but it also expands the surface area where fraud has to be managed in real time.
TNG Digital’s rise. TNG Digital crossed the unicorn threshold, putting an even brighter spotlight on how the country’s largest e-wallet keeps the system both safe and fast while scaling.
Add in the regulatory push on fraud response, including the National Fraud Portal launched by BNM and PayNet, which TNG eWallet joined early. Against that backdrop, our podcast episode with Yeong Jin Foo , Chief Risk Officer at TNG Digital, lands on a simple truth: Innovation moves markets, risk management keeps permission to play.
Foo lays out a first-principles view: every feature has a risk-reward equation. The job is not to say no, it is to quantify risk within appetite, design controls that protect customers, and preserve convenience so honest users glide through.
Five takeaways from the episode include:
1) A workable framework
Start with first principles. Every feature has a risk–reward equation: define the benefit, quantify the risk, agree the acceptable level, then instrument controls and audit outcomes. It is simple to teach, quick to apply, and hard to game.
2) Culture as control
Treat issue-raising as an asset, not a career risk. When people surface uncertainties early, risk data flows sooner and fixes are cheaper. Openness beats fear as a control mechanism.
3) Data as referee
Retire arguments by hunch. Use real usage to define critical business functions for continuity planning, rather than opinions about what “feels” critical. Decisions improve when numbers, not narratives, set priorities.
4) Fraud at machine speed
Hundreds of transactions per second require behaviour signals, device intelligence and face matching that authenticate silently. When controls are right, honest users barely notice them.
5) Shadow IT without the shadows
Side projects can breathe, provided they enter the same assessment and governance workflow. Innovation stays quick, controls stay central.
Why it matters right now
Usage is up. Daily-scale payments make reliability and fraud control strategic, not optional.
Scams are evolving. Attackers rotate from SMS lures to malicious APKs and beyond, so Foo’s “open issues, shared responsibility” culture is not soft stuff; it is operational defence.
System-level defences are maturing. The National Fraud Portal formalises signal sharing and accelerates fund recovery. Plugging into that ecosystem demands the very habits Foo describes.
Global reach raises the bar. When DuitNow works abroad at scale, your risk models, step-up rules, and kill switches must work across borders and jurisdictions. That is the heart of this episode.
Listen to the episode on Spotify here
Interested in our upcoming activities in Malaysia, find out more here
