iPay88 Sdn Bhd

iPay88 operates as a payment gateway provider that enables merchants to accept electronic payments from customers through online channels. Its core service involves securely transmitting payment card data between the merchant’s website, the acquiring bank, and the card networks, thereby facilitating the authorisation and settlement of transactions. The company primarily serves ecommerce platforms and retail businesses that require a reliable interface for processing credit and debit card payments, as well as alternative payment methods commonly used in the Malaysian market. Headquartered in Malaysia, iPay88’s infrastructure is designed to handle high volumes of transaction requests while maintaining connectivity with multiple financial institutions and payment processors. By focusing on the technical layer of payment acceptance, the organisation allows its clients to concentrate on their core commercial activities without needing to build and maintain their own payment processing systems. The service typically includes features such as transaction reporting, fraud detection tools, and support for recurring billing arrangements, which are standard capabilities offered by payment gateway operators in the region.

In May 2022, iPay88 experienced a cybersecurity incident that potentially compromised customer card data processed through its systems, affecting a range of clients that included ecommerce platforms and retail businesses. According to the company’s statement, the breach was identified on 31 May 2022 and involved unauthorised access to payment information, prompting an immediate response to contain the exposure. Following the containment actions, iPay88 reported that no further suspicious activity was detected, indicating that the threat had been mitigated and that the environment was stabilised. The incident highlighted the sensitivity of the data handled by payment gateways and underscored the importance of robust security controls in protecting cardholder information. While the event did not result in ongoing malicious activity, it served as a reminder of the risks inherent in processing financial data and the need for continuous vigilance, regular security assessments, and adherence to industry standards such as the PCI DSS framework to safeguard both the gateway and its merchant clients.