Home banner c179cc06 fe65 4912 b69e 7ea891864b9d


Bank Negara’s policy on FREE bank transfers is actually about...paying with QR codes?

about 5 years ago JS Lim





This article is for general informational purposes only and is not meant to be used or construed as legal advice in any manner whatsoever. All articles have been scrutinized by a practicing lawyer to ensure accuracy.




On 16 March 2018, Bank Negara announced their Interoperable Credit Transfer Framework (ICTF) policy that will take effect on 1 July 2018. The last big policy that Bank Negara announced was regarding Bitcoin, and measures being taken to prevent money laundering and terrorism-financing through cryptocurrencies.

[READ MORE - Is Bitcoin legal in Malaysia?]

Bank Negara’s policies are usually a bigger concern to players in the financial industries than the average consumer, but this time, consumers get a big break from the ICTF - free bank transfers! This means you won’t be charged xx sen for GIRO or xx sen for instant transfer transactions anymore.

But that’s not all the the ICTF is about, as Bank Negara also wants to help make electronic payments through QR codes a norm in Malaysia. We’ve come up with some frequently asked questions you might have and their answers to let you know about how the ICTF works, and how it affects you and your payments.

1. What is the ICTF and what does it do?

The ICTF is a policy that will streamline credit transfer services in Malaysia to make sure they are secure and easy to use. Credit transfer services won’t mean just your usual bank transfers and remittances, but will include electronic payments as well. These electronic payment systems require you to fund an electronic wallet using your money, and you’ll receive the equivalent value in credits to use (just like a prepaid service).

Image from YourStory

You might have heard of electronic money (e-money) payment services like Alipay which use a QR code for payments - just scan a shop’s QR code with the Alipay app on your mobile phone to make a payment. These payment systems are currently isolated from the rest of the financial system in Malaysia, and it becomes difficult on customers and merchants if this is not changed. For example, if you’re using Alipay, you can only pay someone who is also using Alipay, and you can’t transfer funds to someone’s WeChat, GrabPay, or even their bank account. The ICTF sets the framework for these payment systems to work with one another in the future.

Image from fintechnews

According to Tan Nyat Chuan from Bank Negara:

“Our ambition is that if I’m GrabPay or Alipay or Touch ‘n Go, I can basically pay to someone who has got a Maybank, CIMB, any bank wallet. And from wallet to wallet transfer. It should be reachable, that is our endgame.” - quoted by VulcanPost at Malaysia FinTech Expo


2. What does this mean for me?

Image from avoidpayingfees

Among the measures Bank Negara is taking to make credit transfers smoother in Malaysia is waiving the transaction fee imposed on customers, whether they are the sender or recipient. So your everyday banking transactions will be free of charge. Bank Negara waives the fees on transactions up to RM5,000 only, but banks and issuers of e-money can specify a different transaction limit for their services.

The ICTF also requires banks and e-money service providers to make sure you can make payments using a universally accepted QR code. So in the future, you’ll be able to make QR code payments using the bank services you already use - no need to sign up with an individual/external e-money service provider like Alipay, GrabPay, or WeChat.


3. Great! Does this waiver apply to every type of financial transaction in Malaysia?

No, there are a few exceptions to the waiver because only “eligible credit transfer transactions” will have their transaction fees waived. As per paragraph 7.1(d) of the policy document:

“(d) waive the transaction fee imposed on its customers who are either the sender or the recipient for any eligible credit transfer transaction funded using a current account, a savings account or an e-money account up to RM5,000 per transaction or such other amount as may be specified by the Bank.”

The following types of credit transfer transactions are excluded:

  1. Bulk payment transactions, including Interbank GIRO (TBG)

  2. Bill payments including JomPAY transactions

  3. Electronic or mobile commerce transactions, like Financial Process Exchange (FPX) transactions

  4. Real-time Electronic Transfer of Funds and Securities System (RENTAS) transactions

  5. Any other types of transactions as Bank Negara may specify


4. Can I still use cash and credit/debit cards come July?

QR codes are only going to become a payment option in the near future, and the ICTF is meant to help implement a fair and secure system. While the aim is to help Malaysians go cashless if they want to, cash and cards will still be valid forms of payment.


5. What can we do with e-money?

You’ll be able to pay for just about anything with e-money - as long as the merchant accepts it. If you’re familiar with PayPal, you’re already using a form of e-money, just one that doesn’t deal in QR codes.

In Malaysia, there will be certain restrictions on what can be done using e-money due to concerns of money laundering and terrorism-financing. Service providers will need to do what’s called a Customer Due Diligence (CDD) on you, which is basically a background check. They’ll collect your information, get you to fund your e-money account from your bank or a payment card, and then they verify your details with your bank.

You’ll still be able to use e-money even without a CDD, but your transactions will be limited as per the table below.

Screen-capped from the Bank Negara ICTF document


6. How do I know if using these QR codes are safe?

QR code security became a widespread concern in China after reports of fraudsters sticking fake QR codes on top of real ones that would pay money to the fraudsters’ accounts, or steal a customer’s personal information. This is exactly the kind of security concern which Bank Negara wants to address with the ICTF, which must be solved by service providers in time to come.

Image from technode

When implementing the QR payment framework in Malaysia, service providers will be required under Paragraph 11.1 of the ICTF to ensure that their customers’ information is securely protected, and implement measures that will prevent loss, theft, or unauthorized access to personal information. As an example of a security measure, Visa’s YouTube video here shows that with Visa’s QR payment services, your account is still safe even if you lose your phone because your PIN or fingerprint is still required to authorize any transactions.

You can also expect to be alerted by financial service providers from time to time about practical safety tips to protect yourself from becoming a victim of fraud. In the meantime, QR codes are already being used for payments in Malaysia, so if you do use services like Alipay and GrabPay, take note of some of these precautions issued by Quann Malaysia to protect yourself.


7. Can’t they use a identification system to catch the scammers easily?

Yes! Bank Negara has already announced that a “National Addressing Database” (NAD) shall be established. It’s a central database that will link a bank account (or an e-money account) to personal information that can identify a person. As defined in the ICTF policy document:

“National Addressing Database” means a central addressing repository established by an operator of a shared payment infrastructure that–
(a) links a bank account or an e-money account to common identifiers of an account holder such as a mobile phone number, National Registration Identity Card (NRIC number), company registration number or business registration number; and
(b) facilitates payment to be made to a recipient by referencing the recipient’s common identifiers;

The database will also make payments easier to send (you can send payments to a friend using their phone number instead of their bank account number), and since we can all be identified in it, it should be able to track down anyone who may be committing crimes using QR payments as well.


8. Wait, they’re collecting our personal data? How do we know they’re keeping it safe and not selling our information?

Image from

Yes, they’re collecting our personal data. But no, they’re not allowed to do anything they want with it. Any person or company who collects personal data for commercial purposes in Malaysia has to comply with the requirements of the Personal Data Protection Act 2010. It contains a standard of security measures and duties that data collectors must fulfill, and they must protect your information from potential data thieves, including their own employees. Companies that fail to do so can be fined up to RM300,000 and the people responsible can be jailed for up to 2 years.

[READ MORE - The PDPA can be used to stop telemarketers from bugging you]

[READ MORE - How much responsibility do companies have if your personal data is stolen?]


9. What if the worst happens and someone hacks into my account?

Technology is marvelous and helps us greatly in our lives - until it fails. The technology behind the operation of banks and e-money are set up by them, and is under their control. So if a security measure fails, they will have to take responsibility for it.

Under the ICTF’s rules for credit transfer transactions, if your account is compromised, a bank or e-money service provider will not hold you responsible unless they can prove that your account was breached because of your own fault. This means that they should compensate you for the losses unless you did one of the following:

  1. You were acting fraudulently

  2. You deliberately shared your ID and password with other people

  3. You did not take steps to keep your security device secure

  4. You did not report a stolen password, loss of your security device, or any unauthorized transaction as soon as you knew about it

  5. You failed to comply with security warnings that were sent to you to help keep your account safe


10. If e-money is as good as money, do we earn interest on it?

Unfortunately, no. Under Paragraph 12.2, e-money service providers in Malaysia cannot:

  1. Issue e-money at a discount from the real value

  2. Lend money

  3. Lend you e-money, or pay you interest on your e-money balance

  4. Associate or use the e-money scheme or platform to conduct illegal activities


We’ll have to wait and see what develops

The ICTF has a lot of information to take in about how electronic payments will work in Malaysia, but a lot of it is still just a framework and theory. The actual work and execution of the system is not yet in place.

Image from says

Although, some banks have already made their moves towards helping Malaysia adopt electronic payments, such as making online transfers free, and adopting QR payments themselves.

bank negara
interoperable credit transfer framework
qr codes
electronic money
transaction fees
226471 154970547902448 7202539 n
JS Lim

Jie Sheng knows a little bit about a lot, and a lot about a little bit. He swings between making bad puns and looking overly serious at screens. People call him "ginseng" because he's healthy and bitter, not because they can't say his name properly.





6eccf603 81da 4e66 b2cf 59e7adb3817c