Grab operates a Southeast Asian superapp spanning ride-hailing, food delivery, and digital payments across 400 cities in eight countries. The platform handles millions of daily transactions - the company claims 1 in 20 people in the region use Grab to eat, ride, or pay each day. This scale creates a complex attack surface: distributed infrastructure managing payments processing, driver and merchant onboarding, user authentication, and real-time transaction data across markets with varying regulatory maturity and infrastructure standards.
The technical stack spans ride-hailing platform technology, payments and fintech systems, food services infrastructure, and data science operations. Grab's core security challenge mirrors its business model - securing a platform that connects drivers, merchants, and consumers while handling financial transactions and personal mobility data across jurisdictions where cybersecurity governance and incident response frameworks differ. The payments domain alone introduces PCI DSS compliance, fraud detection, and settlement risk. The ride-hailing component adds location tracking, driver background verification, and in-transit safety considerations.
Founded in 2012 as MyTeksi by Anthony Tan and Hooi Ling Tan, Grab has grown into an essential infrastructure layer for daily commerce in Southeast Asia. This makes it a high-value target for credential compromise, payment fraud, data exfiltration, and supply chain attacks. Security teams operate in an environment where platform reliability directly affects driver livelihoods and merchant revenue, making incident response speed and data integrity non-negotiable.