in

Pay with peace of mind with GrabPay’s multi-layered approach to secure mobile transactions


Even as the popularity of digital and mobile wallets skyrockets alongside the e-commerce boom, Mr Joel Lim prefers to stick to cash or credit cards when making payments.

“Nowadays, with all these new payment platforms, all your financial data is stored on your phone,” he explains. “If your phone gets stolen by someone, they pretty much have access to all of your mobile wallets and i-banking accounts.”

The 31-year-old civil servant is cautious to the point where he will not even register his face on his phone for facial recognition. “With how advanced things like deepfakes can be nowadays, it’s too easy to fool facial recognition software.”

It’s easy to see why people like Mr Lim are erring on the side of caution. With online payments on the rise during the Covid-19 pandemic, so too is cybercrime. A Mastercard survey conducted in May showed that cybercrime saw an astounding 49 per cent rise from last year, with one in four consumers having experienced some kind of attempted fraud.

It’s no wonder that Singaporeans have become increasingly wary of exposing themselves to security vulnerabilities. Online payment platforms, too, are keenly aware of the importance of cyber defences, and have strengthened their security systems accordingly.

Take for instance GrabPay, which is a Level 1  Payment Card Industry Data Security Standard (PCI DSS) 3.2-certified Service Provider — a validation of GrabPay’s commitment to ensuring the security of its payment platform by adhering to industry-recognised standards.

GrabPay is also under the purview of regulators in South-east Asia, such as by the Monetary Authority of Singapore, Bank Negara Malaysia, and Bangko Sentral ng Pilipinas in the Philippines.

For an additional level of security, wallet balances are also stored and protected by Grab partner United Overseas Bank locally.

Stopping crimes before they happen

Arguably the single largest advantage of the GrabPay platform is its highly-advanced fraud detection engine.

According to the Grab Financial Group, the engine is a complex, multi-layered set of in-built features, machine learning algorithms and risk rules that are capable of detecting attempted fraud incidents in real-time.

The engine constantly monitors users’ account activity to identify suspicious transactions. Any transaction deemed to deviate too far from users’ typical usage patterns are declined in short order.

And thanks to machine learning, the engine’s fraud detection capabilities get stronger by the day. It produces more than 20 million risk verdicts daily — each of them making it better at recognising attempts at fraud.

A full-fledged team of technical and subject matter experts constantly monitors the engine and updates it with the latest in fraud detection intelligence.

This intelligence comes straight from the reports of surveillance teams around South-east Asia conducting research into the latest modus operandi of cybercriminals in the region. 


With GrabPay’s enhanced features like fraud detection, round-the-clock helpline assistance and two-factor authentication, users can shop online with peace of mind. PHOTO: GRABPAY 

But even with artificial intelligence at the helm, Grab hasn’t forgotten the human element. GrabPay Card users will have access to round-the-clock assistance via a dedicated helpline, allowing them to report and dispute fraudulent transactions, or conversely, authorise those that may have been incorrectly declined.

For an additional level of security, GrabPay will now require two-factor authentication for transactions that are deemed high-risk, whether it’s changing region or device, to updating profile information, to even accessing in-app functions like GrabInvest.

And beyond that, users have the option of implementing additional biometric identification measures, like facial or thumbprint verification.

Security at the heart of all things

But safety isn’t just about fraud detection engines and two-factor authentication.

Rather, it’s an attitude that has to be grown.

That’s precisely why Grab is putting privacy and security at the heart of its entire business. The company’s recent measures are driven by what it calls a Privacy by Design framework, in which key processes — from feature releases to procurement — have privacy checks and security reviews embedded into their workflow.

And even with the constantly-changing standards and protocols of the industry, Grab makes every effort to keep up. The company’s operations and cybersecurity posture are constantly under audits both internal and independent, so as to ensure that it is in full alignment with the latest privacy laws and industry practices.

“Technology is a key enabler to protect our users, especially with an ecosystem at our scale across the Southeast Asian region, and we continually invest to strengthen our risk and security features to keep our users safe,” says Mr Wui Ngiap Foo, Head of Integrity, Mobility Engineering and Patent Office at Grab.

“Another crucial enabler is having the right company culture,” he continues. “At Grab, we are dedicated to creating a culture where user trust is the foremost priority for all employees. We are laser-focused on not just protecting our users, but ensuring that they have a seamless experience while engaging with our app as well.

“People always say that apps can either be safe, or they can be low friction: we aim to be both.”

This attitude towards security extends even towards its stakeholders. Grab has also redoubled its efforts to cultivate a culture of security within its entire ecosystem through outreach programmes, extending even to its Driver-partners, Merchant-partners and Vendors.

As cybercrime continues to rise in the region, and cybercriminals find increasingly devious ways around current security measures, Singaporeans need a payment platform that spares no effort when it comes to keeping its clients’ data secure.

And with GrabPay, there’s no better way to Pay It Safe online. 





Reference