The Sessions Court has ordered Maybank to compensate a scam victim RM166,000 after it failed to prevent a series of suspicious online banking transactions that emptied funds from her account. The ruling stems from a fraud case involving unauthorised transfers carried out through the bank’s Maybank2u platform in 2021. Apart from the compensation, the court also ordered the bank to pay RM15,000 in legal costs.
According to a report by the New Straits Times, Judge Maimoonah Aid found the bank negligent after fraudsters successfully conducted multiple online transfers using the plaintiff’s banking account without her authorisation. Court documents showed that money was first withdrawn from plaintiff Chan Yan Li’s housing loan account before being transferred into her savings account. The funds were then sent in stages to several third-party bank accounts between 26 June and 2 July 2021.
Chan only discovered the transactions on 15 July that year after checking her Maybank2u account. She later lodged a police report and told the court that she never approved any of the transactions. She also claimed that she never received any Transaction Authorisation Code (TAC) messages on her registered mobile phone number.
Maybank denied liability and argued that all transactions were performed using the correct username and password belonging to the plaintiff. The bank also maintained that TAC codes and transaction notifications had been successfully delivered to her registered phone number.
The bank further argued that there were no issues with the Maybank2u system and suggested that the plaintiff’s banking credentials may have been exposed due to her own negligence. However, the court noted that Chan was not an active online banking user and mainly used Maybank2u for routine activities such as credit card payments and occasional transfers.
The judge also highlighted inconsistencies between TAC records presented by the bank and mobile phone records from Digi Telecommunications that were shown during the trial. She further ruled that the transaction pattern itself should have triggered warnings within the bank’s fraud detection systems.
“The bank should remain vigilant,” she said in the written grounds of judgment dated 4 May 2026. “The bank has the best technology available today to detect and prevent such unauthorised and fraudulent transactions,”
The court also pointed out that some of the transfers took place at unusual hours, including around 5am. In addition, several mule account holders linked to the fraudulent transfers had already pleaded guilty in separate criminal cases.
It is worth noting that the incident occurred before Maybank introduced several of its newer banking security measures. The bank only rolled out features such as Kill Switch and migrated users to the Secure2u authorisation system in 2023. Meanwhile, Bank Negara Malaysia had only instructed local banks to phase out SMS TAC and OTP authentication methods a year earlier.
(Source: The New Straits Times)
The post Maybank Ordered To Compensate RM166,000 To Scam Victim appeared first on Lowyat.NET.
