About 130 million baht has been mysteriously withdrawn from 10,700 bank accounts through credit and debit card payments between October 14th and 17th.
The mysterious withdrawals, mostly payments for goods or services with stores registered in foreign countries, have become the subject of an intense investigation by the Bank of Thailand, the TBA, the police and Ministry of Digital Economy and Society.
Mr. Payong said that the cyber criminals used information from the credit or debit cards to place multiple orders in small amounts, which do not require the use of a one-time password (OTP) to complete, adding that that banks will refund the affected customers within five days, if it can be proved that they did not order any goods or services online during the period.
As for credit cards, he said the banks will cancel all the dubious transactions and the customers will not be required to repay their banks for the transactions in question.
Assistant Governor for Payments System Policy and Financial Technology of the Bank of Thailand, Siritida Panomwon Na Ayudhya, said the central bank will increase the monitoring of unusual transactions to cover those of small amounts but with unusually high frequency, adding that the cards will be immediately suspended and customers concerned notified if the unusual activity is detected.
She disclosed that the central bank and the TBA have worked out a set of additional measures to prevent this form of cybercrime.
The measures include:
- Banks will step up monitoring of frequent, low value transactions and, if something unusual is found, the credit or debit cards concerned will be cancelled immediately and their owners notified.
- Customers will be notified every time they undertake a transaction via SMS, e-mail or mobile banking system.
- Debit card customers will be refunded within five days after it is discovered that their accounts have been breached. For credit card holders, the unusual transactions will be cancelled.
- The central bank and TBA will consult with credit card service providers, such as Visa MasterCard, to require the use of OTPs for transactions with online stores.
Meanwhile, the general public are advised to check their transactions regularly, especially those which involve the use of debit cards on high-risk platforms, such as online gambling or on platforms which do not require an OTP.
Loophole in the system
Pol Maj-General Niwet Arphawasin, commander-in-chief at the Technology Crime Investigation and Analysis Division, said that hackers had perpetrated the recent fraud by exploiting a laxity in the payment system. He said some banks as well as credit- and debit-card issuers do not report
back to customers if the purchase value is a small amount, and hackers had exploited that loophole through numerous small transactions.
Many card holders found their accounts debited several times with each individual transaction worth less than Bt100, and even as low as Bt37 or Bt17.27, early this month.
People must be vigilant
A cybersecurity expert encouraged customers to be proactive in protecting themselves against hacking and cybercrimes.
“First, people must be aware that there is no cybersecurity any organisation in the world can provide to guarantee users 100 per cent safety,” warned Prinya Hom-anek, a cybersecurity expert.
He said he has high confidence in the security of Thailand’s mobile banking system. He, however, warned there were other channels through which hackers could steal card holders’ information and make illegal transactions.
He said personal financial information could be stolen at shops, department stores or other venues where card holders use their cards for making payments.
The problem with debit cards
Prinya advised people to use a credit card instead of a debit card.
“Credit card holders have to pay the money later, so they can refuse to make payments for goods or services they did not buy. In the case of debit card holders, the money is deducted from their accounts right away, making it difficult for them to make a case for refund when illegal transactions take place,” Prinya said.
Safety strategies
Debit card holders are advised not to link the card to their main savings account.
They should create a separate bank account with a smaller deposit, such as Bt500 to Bt2,000, or depending on the individuals’ risk appetite, he suggested.
Card holders who do not subscribe to short message service (SMS) with banks make themselves easier targets for hackers.
Subscribing to an SMS with card issuers will enable timely scrutiny of suspicious transactions, Prinya said.
Some banks charge a Bt120 annual fee for SMS.
Some debit card holders are not even aware that they have a debit card, as they mistake it for an ATM card, he pointed out.
Prinya admitted that he himself had been a victim of cyberfraud five or six years ago. He said on one occasion someone made credit card transactions in his name in Beijing in China, and in Hyderabad in India, while he was in Bangkok.
“Using a credit card is safer as the card holder can refuse to pay in the event of a fraud. In the case of a debit card, the individual may get a refund only later, after the bank has verified the transaction as illegal,” he said.
Having separate bank accounts may cause some inconvenience, but it will make you safer, he suggested. – ThaiPBS
