1. Home
  2. Insights
  3. Alerts
  4. January 2026

Bank Negara Malaysia issues Policy Documents on Payment Cards

08 January 2026

On 19 December 2025, Bank Negara Malaysia issued a suite of policy documents on payment cards, namely: 
  1. Policy Document on Debit Card and Debit Card-i (BNM/RH/PD 028-140) (“Debit Card Policy Document”);
  2. Policy Document on Credit Card and Credit Card-i (BNM/RH/PD 028-141) (“Credit Card Policy Document”); and
  3. Policy Document on Charge Card and Charge Card-i (BNM/RH/PD 028-142) (“Charge Card Policy Document”), 
(collectively the “Policy Documents”).
 
The Policy Documents apply to both conventional payment instruments as well as Islamic payment instruments.
 
Some of the main requirements of the Policy Documents are highlighted below.
 
Debit Card Policy Document
 
The Debit Card Policy Document applies to: 
  1. approved issuers of debit card and debit card-i under section 11 or section 15 of the Financial Services Act 2013 (“FSA”) or section 11 of the Islamic Financial Services Act 2013 (“IFSA”); and
  2. registered merchant acquirers of debit card and debit card-i under section 18(1) of the FSA, 
except for paragraphs 8.1, 8.2, 8.3 and 9.1 which only apply to issuers of debit card-i.
 
The requirements of the Debit Card Policy Document shall apply to issuers of debit card products offered to: 
  1. individuals;
  2. micro, small and medium enterprises (“MSMEs”); and
  3. corporate cardholders, 
with the exception of requirements under sections 10, 11, 14 and 16 of Part C which only apply to issuers of debit card products issued to individuals, micro and small enterprises.

The Debit Card Policy Document came into effect on 19 December 2025 except for the requirements in the following paragraphs which come into effect on the respective dates stated below: 
  1. paragraphs 17 and 18 which come into effect on 1 April 2026;
  2. paragraph 11.2 on -
  • new debit card products which come into effect on 1 June 2026;
  • existing debit card products which come into effect on 1 January 2027; and
  1. paragraphs 25.4, 25.6, 28.3, 28.4, 29.1, 31.1, 32, 34.2, 34.3(e) and 34.4(f) which come into effect on 1 January 2027. 
The Debit Card Policy Document sets out, among others, the requirements relating to: 
  1. approved Shariah concept;
  2. business conduct including fees and charges;
  3. disclosure and transparency;
  4. investigation and assessment of fraud cases including:
  • liability for unauthorised transaction; and
  • investigation and assessment of disputed cases;
  1. complaints management;
  2. risk management responsibilities;
  3. fraud risk management including:
  • use of secure device to authenticate card transaction;
  • kill switch;
  • hotline;
  • transaction alerts; and
  1. cash out facility. 
Credit Card Policy Document
 
The Credit Card Policy Document applies to: 
  1. approved issuers of credit card and credit card-i under section 11 or section 15 of the FSA or section 11 of the IFSA; and
  2. registered merchant acquirers of credit card and credit card-i under section 18(1) of the FSA, 
except for: 
  1. paragraphs 13.4, 13.5, 18, 20.2, 20.3, 21.14 to 21.16 and 24.15 which only apply to credit card issuers; and
  2. paragraphs 8, 9, 10, 13.6, 13.7, 19, 20.4, 20.5, 20.6, 21.17 and 21.18 which only apply to credit card-i issuers. 
The requirements of the Credit Card Policy Document shall apply to credit card products offered to: 
  1. individuals;
  2. MSMEs; and
  3. corporate cardholders, 
with the exception of requirements under paragraphs 15, 21, 24, 25, 26, 29, 30 and 31 which only apply to credit card products offered to individuals, micro and small enterprises.

The Credit Card Policy Document came into effect on 19 December 2025 except for the requirements in the following paragraphs which come into effect on the respective dates stated below: 
  1. paragraphs 27 and 28 which come into effect on 1 April 2026;
  2. paragraph 21.2 on -
  • new credit card products which come into effect on 1 June 2026;
  • existing credit card products which come into effect on 1 January 2027; and
  1. paragraphs 44.3, 44.4, 45.1, 48, 50.2, 50.3(e) and 50.4(f) which come into effect on 1 January 2027. 
The Credit Card Policy Document sets out, among others, the requirements relating to: 
  1. approved Shariah concept;
  2. business conduct including:
  • minimum age and income;
  • minimum monthly repayment;
  • fees and charges;
  • finance charges;
  • profit or fee rate; and
  • late payment charge;
  1. disclosure and transparency;
  2. investigation and assessment of fraud cases including:
  • liability of supplementary cardholder;
  • liability for unauthorised transaction;
  • investigation and assessment of disputed cases;
  • marketing practices; and
  • unsolicited card/credit advance/credit limit increase;
  1. other requirements including:
  • debt collection; and
  • complaints management;
  1. risk management responsibilities; and
  2. fraud risk management including:
  • use of secure device to authenticate card transaction;
  • kill switch;
  • hotline; and
  • transaction alerts. 
Charge Card Policy Document
 
The Charge Card Policy Document applies to: 
  1. approved issuers of charge card and charge card-i under section 11 or section 15 of the FSA or section 11 of the IFSA; and
  2. registered merchant acquirers of charge card and charge card-i under section 18(1) of the FSA, 
except for: 
  1. paragraphs 14.14 and 14.15 which only apply to charge card issuers; and
  2. paragraphs 8, 9, 14.16 and 14.17 which only apply to charge card-i issuers. 
The requirements of the Charge Card Policy Document shall apply to charge card products offered to: 
  1. individuals;
  2. MSMEs; and
  3. corporate cardholders, 
with the exception of requirements under paragraphs 13, 14, 17, 18, 19, 22, 23 and 24 which only apply to charge card products offered to individuals, micro and small enterprises.

The Charge Card Policy Document came into effect on 19 December 2025 except for the requirements in the following paragraphs which come into effect on the respective dates stated below: 
  1. paragraphs 20 and 21 which come into effect on 1 April 2026;
  2. paragraph 14.2 on -
  • new charge card products which come into effect on 1 June 2026;
  • existing charge card products which come into effect on 1 January 2027; and
  1. paragraphs 37.3, 37.4, 38.1, 41, 43.2, 43.3(e) and 43.4(f) which come into effect on 1 January 2027. 
The Charge Card Policy Document sets out, among others, the requirements relating to: 
  1. approved Shariah concept;
  2. business conduct including:
  • minimum age and income;
  • grace period for payment; and
  • fees and charges;
  1. disclosure and transparency;
  2. investigation and assessment of fraud cases including:
  • liability of supplementary cardholder;
  • liability for unauthorised transaction;
  • investigation and assessment of disputed cases;
  • marketing practices; and
  • unsolicited card/charge advance/charge limit increase;
  1. other requirements including:
  • debt collection; and
  • complaints management;
  1. risk management responsibilities; and
  2. fraud risk management including:
  • use of secure device to authenticate card transaction;
  • kill switch;
  • hotline; and
  • transaction alerts. 
Policy documents superseded
 
The Policy Documents supersede the policy documents and circulars set out in paragraph 7.1 of the respective Policy Documents.
 
 
Alert by Lee Ai Hsian (Partner) and Chong Zhi Shin (Associate) of the Banking and Finance Practice of Skrine.
 
 

This article/alert contains general information only. It does not constitute legal advice nor an expression of legal opinion and should not be relied upon as such. For further information, kindly contact skrine@skrine.com.

  • Proud to be a member of
  • Lex_Mundi_3-line_Strap_White_RGB.png
  • connect with us
  •  
  •