In this article

[This is a sponsored article with BigPay.]

Last year, with the rise of its user adoption, BigPay like other digital financial institutions and traditional players alike had their share of issues on scams. 

BigPay has been working on multiple fronts for some time now to combat scams . In that time, the team has had to use multiple strategies to keep its users safe and they’ve shared over some lessons they’ve picked up since. 

To begin with, there has never been any data leak or breach of any of BigPay customer data at any point in time. 

Lesson 1: Scams often sound too good to be true 

Most of the time, the scammers pose as BigPay employees, and use WhatsApp messages or calls to try to extract private login information from users, including One Time Password (OTP) numbers.

The early wave of BigPay scams often came with a promise of cashbacks or rewards, often in the thousands of Ringgit. 

Another common tactic was to talk to users regarding upgrading their card, with the promise of new features, or just a fancy new colour of the card. 

Scammers also prey on common fears, such as telling users that their accounts were compromised, and that steps needed to be taken to secure the account. 

As users, we just need to remember: If it sounds too good to be true, it probably is. 

Don’t cave in to pressuring tactics, and it’s good to approach everything with a little bit of healthy skepticism and apply critical thinking.

On top of tightening security measures, BigPay embarked on a large-scale education of its customers. Besides a “I will not share my OTP” message and agreement that would pop up in-app, there were multiple articles published on their site and social media, and by external media, all with the purpose of reaching the consumer base to give them the facts and details. 

A popup most BigPay users would have seen in their apps

The BigPay team have also tried out more creative ways to get their message across which are shared mostly on their social media, such as using popular pop culture references like Pokémon.

And if you’re a BigPay user, any official communications regarding any suspicious activity on your account will only be done via email from the official email address of info.my@bigpayme.com

Lesson 2: Always be one step ahead to fight scammers

When it comes to tackling a problem such as scammers looking to cheat their user base, the BigPay team realised very early that they had to take more immediate measures to address scam complaints as they were coming in.

One important step was to systematically initiate efforts to take down any website or social media page impersonating them.

This includes reporting to authorities the WhatsApp numbers used by scammers and training their machine learning system to flag and recognise scam behaviours.

“Our algorithm is becoming better every day at catching scammers early, and we are systematically banning scammers’ BigPay accounts,” said the team in a piece published detailing their efforts

The team actively freezes accounts that they suspect have been compromised.

They’ve strengthened the password reset requirements by adding two-factor authentication, and are working on existing features to help protect any vulnerable users before anything happens.

Lesson 3: Utilise newer features to maximise security 

As of October 2021, BigPay has added newer security measures, with the leading one being login links. Login links are meant to ensure that only an app on a phone with your phone number registered to it will be able to access your BigPay account. To login, you now will receive an SMS with a code, instead of going with the traditional username and password route.

This form of passwordless authentication is often considered more secure when it takes user behaviour into account. Many of us are guilty of using the same password across multiple platforms, or we use really obvious and easy-to-guess passwords like “password”. Login links help eliminate this risk. 

BigPay also now offers virtual cards. These give users a safe option for one time online purchases. In the event that a virtual card’s details are compromised by third party vendors, you can simply delete it and create a new one (at the moment, BigPay allocates 1 a month to users).

These virtual cards have a few other non-security related advantages, which include keeping your physical and digital spendings separate. You can filter your transactions on your home screen and see the types of transactions done on each separate card.

When replacing your physical card, the virtual card lets you use your BigPay account for online purchases while waiting for the new one.

Other user feature upgrades recently rolled out include an increased wallet size to a maximum of RM20,000, with peer-to-peer transfer and withdrawal amounts capped at RM10,000 per day.


The efforts over the past year have shown fruit; BigPay told Vulcan Post that there has been a sharp decline in scam related cases and overall less scam complaints sent in by users.

With its current growth, BigPay has hit a milestone of 1,000,000 carded users as of December 2021.

Now holding a larger market, and with ambitions to become a full-fledged digital bank, BigPay will have to continue to reassure its users and provide a useful and secure platform that consumers would be happy to entrust their finances to. 

You can read more on BigPay’s efforts combating scams and how to stay safe here.

  • Download the BigPay app for iOS here or Google Play here.
  • Find out more about BigPay on their website or Facebook page.
  • You can read our past coverage on BigPay here.

Subscribe to our newsletter

Stay updated with Vulcan Post weekly curated news and updates.


Vulcan Post aims to be the knowledge hub of Singapore and Malaysia.

© 2021 GRVTY Media Pte. Ltd.
(UEN 201431998C.)

Vulcan Post aims to be the knowledge hub of Singapore and Malaysia.

© 2021 GRVTY Media Pte. Ltd.
(UEN 201431998C.)