Malaysia’s reliance on MyKad as a single key for subsidies and identity verification exposes citizens to
fraud, subsidy leakage, and systemic vulnerabilities when lost or stolen cards remain active in
circulation
By Dr Mohd Safar Hasim
In Malaysia’s push toward digital governance and targeted subsidies, the MyKad has become more
than just an identity card — it is now a transactional key to fuel subsidies, welfare aid, and official
verification. But what happens when that key falls into the wrong hands?
A recent case shared on Facebook reveals the disturbing reality. A citizen, attempting to use his
Sumbangan Asas Rahmah (SARA) aid to purchase baby supplies, was shocked to learn his balance
had already been depleted.
Upon investigation, MyKasih confirmed that his SARA allocation had
been used in Klang — a location he had never visited. The culprit? His old MyKad, lost in 2021 and
replaced with a new one.
Despite filing a police report and receiving a replacement card, the old
MyKad remained active in the hands of an unknown party.
The implications are staggering. Not only was the card used to access SARA, but the individual
suspects it was also used to purchase subsidised petrol under the Budi Madani RON95 scheme.
Worse, the Setel app — used by many to track fuel purchases — offers no transaction history for
subsidy usage, leaving victims without recourse or proof.
When the victim lodged a report at the Bangi police station, he was redirected to Klang, where the
transactions occurred. Eventually, the case was passed to the Ministry of Finance. At JPN Putrajaya,
he discovered he was not alone — at least two other individuals had reported similar misuse of their
MyKad for government subsidies. And this figure excludes cases reported at state-level JPN offices.
The most alarming revelation? JPN confirmed they have no mechanism to deactivate or block a lost
MyKad. As long as the physical card is intact, anyone — even non-citizens — can use it to access
government aid, register services, or worse, commit identity fraud.
This is not just a technical oversight. It is a systemic vulnerability. Malaysia’s reliance on MyKad as a
single-point authenticator — without layered security such as biometrics, PINs, or app-based
verification — exposes citizens to fraud, debt, and legal entanglements. Past cases have shown how
stolen ICs were used to apply for loans, purchase vehicles, and register phone lines. Now, with
subsidies tied to MyKad, the stakes are even higher.
The government must act swiftly. Among the urgent reforms needed:
* Automatic deactivation of lost MyKad chips upon issuance of a replacement.
* Multi-factor authentication for subsidy access, including biometric or e-KYC verification.
* Transparent transaction records for all subsidy-linked apps and platforms.
* A national registry of lost/stolen MyKad accessible to enforcement and service agencies.
This is not merely a matter of personal inconvenience. It is a breach of public trust in our digital
systems. If a lost IC can still unlock government aid, then our subsidy targeting is not just flawed — it
is compromised.
As Malaysia moves toward digital inclusivity and fiscal responsibility, we must ensure that our
systems protect the very people they are designed to serve. Otherwise, the promise of targeted aid
becomes a playground for fraud — and the victims are left holding the consequences.
The views expressed here are entirely those of Dr Mohd Safar Hasim, a Council Member of the Malaysian Press Institute (MPI)