Customer Security Notice
Security Notice – 19 February 2026
Security Notice – 19 February 2026
DeCard has become aware of a security incident involving unauthorised access to certain customer data.
On 19 February 2026, our monitoring systems detected unusual activity within one of our internal systems. Our engineering team immediately investigated and identified and addressed a security issue affecting limited user data. The issue was resolved within 30 minutes of detection and is no longer present.
Please be reassured that your DeCard accounts remain fully operational, and customer balances remain secure. At this time, there is no evidence of unauthorised transactions resulting from this incident.
Based on our investigation, certain personal data may have been accessed. This may include identification document information and certain card-related information. There is currently no indication that passwords, card PINs, payment authentication credentials, or card details required to complete transactions, such as the card security code (CVV), were accessed.
We have notified the relevant regulatory authorities and are cooperating fully with them. We have also strengthened our security controls and are conducting a comprehensive review of the incident.
Customers who have been directly impacted have been notified individually.
If you have any questions, please contact our Customer Support team via the Live Chat button.
We sincerely apologise for any concern this may cause. The security and privacy of our customers are of utmost importance to us.
FAQ
Q1: What personal information relating to me was accessed?
Based on our investigation, certain personal data associated with your account may have been accessed.
This may include your identification document information (e.g. NRIC/ID number or passport), along with associated profile information such as your name, date of birth, address and contact details. For some customers, certain card-related information, including the card number, may also have been involved.
There is currently no indication that passwords, card PINs, payment authentication credentials, or the card security code (CVV) required to complete online transactions were accessed.
Affected customers have been notified directly.
Q2: I would like a replacement card, but I am not residing in Singapore. What should I do?
Please contact our Customer Support team via Telegram at @TheDeHelpBot or our dedicated hotline at +65 6571 0128. Our team will assist you with replacement arrangements, including overseas delivery where applicable.
Q3: Should I make a police report?
You are not required to make a police report. At this time, there is no evidence of unauthorised transactions resulting from this incident.
We recommend that you remain vigilant against phishing attempts or suspicious messages requesting personal information. DeCard will never ask you for your password, PIN, or one-time password via email, phone, or messaging platforms.
Q4: What preventive measures has DeCard taken?
Upon detecting the incident on 19 February, our engineering team immediately investigated and addressed the security issue within 30 minutes.
As a precautionary measure, we have enhanced our monitoring and fraud detection controls and are conducting continuous, real-time monitoring of accounts and transactions. This includes heightened review of unusual patterns, such as transactions originating from unfamiliar locations, atypical spending behaviour, or other indicators of potential unauthorised activity.
We remain committed to continuously strengthening our systems and security framework to safeguard customer information and prevent similar incidents in the future.
Q5: What actions should I take?
Your DeCard account remains fully operational, and your balance remains secure.
As an added precaution, we recommend that you remain vigilant against phishing attempts or suspicious messages requesting personal information. DeCard will never ask you for your password, PIN, or one-time password via email, phone, or messaging platforms.
Q6: Can someone use my card based on the information accessed?
There is currently no evidence of unauthorised transactions resulting from this incident.
Full card details required to complete online transactions, such as the CVV, were not accessed. In addition, online transactions typically require 3D Secure (3DS) authentication, which involves a one-time password (OTP) sent to your registered mobile device for verification.
Q7: Has my password been compromised?
No. There is currently no indication that passwords, login credentials, or one-time passwords (OTPs) were accessed. As a general best practice, you should never share your password or OTP with anyone.
Q8: How many customers were affected?
We have directly notified customers whose data may have been involved.
Our priority is ensuring affected customers are informed and supported, and we are cooperating fully with the relevant regulatory authorities.
Q9: What specific vulnerability was exploited?
For security reasons, we are unable to disclose technical details of our systems. The identified issue has been addressed and additional safeguards have been implemented.
