Credit card fraud

Utuman

Junior Member
Joined
Jun 21, 2021
Messages
9
Reaction score
0
4. Even if you prove that your phone was hacked, the bank has no liability to return the money. It is your duty to keep your phone safe, not the bank's.

It would help your case in that they can establish a crime was committed, and if the money is in a Singapore account, the police can freeze their assets and possibly recover your money. It would not be as simple as your bank refunding you.

The banker even informed me that there were many 'similar' cases happened in Dec 2020, whereby the victims (of fraudulent transactions) did not receive SMS-OTPs at their mobile. However, those victims were liable to pay the full amount of fraudulent transactions, if they revealed the SMS-OTPs to scammers. However, those who did not reveal or cheated by scammers, still got 50-50% chance, ie not 100% liable. (this is what the banker told me!)
For my case, no scammers etc called me.

And, the fraudulent transactions amount, was charged to the credit card, till now, it is still 'unpaid'... means, there is no 'refund' to me at this point in time
 

Utuman

Junior Member
Joined
Jun 21, 2021
Messages
9
Reaction score
0
Even if the phone is hacked, still very difficult to fight with the bank because the cardholder still has to lose sensitive card information such as Card number, Expiry Date, CVV and associated mobile number before the money can be deducted from credit card.

A person may lose the card (Card number, expiry date and CVV), however, how would the perpetrator know the mobile number for 2FA and hack it?

There is a lot of negligence for such crime to happen.
I did not lose my card or mobile, I was at home watching korean drama during the fraudulent transactions timing. My hp did not even beep for the SMS-OTPs...
now i put alert for all transactions >$1....

M1 even told me our sim cards are encrypted...
 

fr33d0m

Master Member
Joined
Jan 8, 2008
Messages
3,697
Reaction score
724
I did not lose my card or mobile, I was at home watching korean drama during the fraudulent transactions timing. My hp did not even beep for the SMS-OTPs...
now i put alert for all transactions >$1....

M1 even told me our sim cards are encrypted...

let's assume that your phone was hacked.

Do you store your clear card number, expiry date and CVV on your phone? If YES, you are negligent because most people will tell you that you should never do that.

If not, how could the perpetrator know your card number, expiry date and CVV? You may not realize it, but your card information might have been leaked, by you, or by anyone you do transactions with.

With all the evidences against you, you will have a hard time to win in any courts.
 
Last edited:

natnaes

Member
Joined
Jul 21, 2016
Messages
485
Reaction score
88
The banker even informed me that there were many 'similar' cases happened in Dec 2020, whereby the victims (of fraudulent transactions) did not receive SMS-OTPs at their mobile. However, those victims were liable to pay the full amount of fraudulent transactions, if they revealed the SMS-OTPs to scammers. However, those who did not reveal or cheated by scammers, still got 50-50% chance, ie not 100% liable. (this is what the banker told me!)
For my case, no scammers etc called me.

And, the fraudulent transactions amount, was charged to the credit card, till now, it is still 'unpaid'... means, there is no 'refund' to me at this point in time
Once the charge has been posted, somebody has to pay for it. Usually it means you.

If your phone was compromised, it does not mean the bank is liable to pay it for you. In layman terms, if you entrust the wrong people with your key and your home was robbed as a result, the locksmith is not liable to pay you. The key is your mobile, whether it was stolen because you did banking transactions on public wifi, or installed dubious apps or used dodgy websites, it's not the bank's fault.
 

Utuman

Junior Member
Joined
Jun 21, 2021
Messages
9
Reaction score
0
let's assume that your phone was hacked.

Do you store your clear card number, expiry date and CVV on your phone? If YES, you are negligent because most people will tell you that you should never do that.

If not, how could the perpetrator know your card number, expiry date and CVV? You may not realize it, but your card information might have been leaked, by you, or by anyone you do transactions with.

With all the evidences against you, you will have a hard time to win in any courts.
i did not and do not store clear card number on the mobile.
I did use 'simply go' or google pay... which will put **** over your card number...
but now, all these payments using mobile, i dont use anymore...
 

fr33d0m

Master Member
Joined
Jan 8, 2008
Messages
3,697
Reaction score
724
i did not and do not store clear card number on the mobile.
I did use 'simply go' or google pay... which will put **** over your card number...
but now, all these payments using mobile, i dont use anymore...

So the question will be how the perpetrator stole your card number, expiry date and CVV?

It is much more difficult to obtain these information than hacking a phone.
 

paurusu

Senior Member
Joined
Mar 16, 2009
Messages
738
Reaction score
54
So the question will be how the perpetrator stole your card number, expiry date and CVV?

It is much more difficult to obtain these information than hacking a phone.
card no , cvv and expiry date are ones of the easiest thing to be stolen when you use unsafe website , public wifi without password, or compromised public facilities. Even phone no for 2FA can be found in that way

Consider dubious (unsafe) ecommerce website that is unknowingly hacked . If the attacker (or even website owner) gain credit card info, likely he/she know the 2FA phone too ( your contact no is very likely the 2FA no for most people) . U may be targeted attack unknowingly. Once you are further compromised , just a little bit push to wipe all your money that can be targeted .

We have to be vigilant , since for hacker it is their full day job - while we are not full day worker in protecting our phones or such - for most of us. They of course outsmart masses in this area. Their payday is your loss.

So have to make sure good security practice in dealing with online stuffs now .
 

fr33d0m

Master Member
Joined
Jan 8, 2008
Messages
3,697
Reaction score
724
card no , cvv and expiry date are ones of the easiest thing to be stolen when you use unsafe website , public wifi without password, or compromised public facilities. Even phone no for 2FA can be found in that way

Consider dubious (unsafe) ecommerce website that is unknowingly hacked . If the attacker (or even website owner) gain credit card info, likely he/she know the 2FA phone too ( your contact no is very likely the 2FA no for most people) . U may be targeted attack unknowingly. Once you are further compromised , just a little bit push to wipe all your money that can be targeted .

We have to be vigilant , since for hacker it is their full day job - while we are not full day worker in protecting our phones or such - for most of us. They of course outsmart masses in this area. Their payday is your loss.

So have to make sure good security practice in dealing with online stuffs now .

This is a sure way for banks not to entertain any request. The banks are covered.
 

someusername

Member
Joined
May 23, 2019
Messages
342
Reaction score
37
This is a sure way for banks not to entertain any request. The banks are covered.

When credit cards first appeared the consumer protections against fraud were touted as one of the big selling points. Just keep your card secure and immediately report suspicious transactions or loss of card and you were fully protected. Now that everyone has been lured in, suddenly there are no protections - oh how the worm has turned.
 

aloysc

Junior Member
Joined
May 21, 2018
Messages
4
Reaction score
0
The banker even informed me that there were many 'similar' cases happened in Dec 2020, whereby the victims (of fraudulent transactions) did not receive SMS-OTPs at their mobile. However, those victims were liable to pay the full amount of fraudulent transactions, if they revealed the SMS-OTPs to scammers. However, those who did not reveal or cheated by scammers, still got 50-50% chance, ie not 100% liable. (this is what the banker told me!)
For my case, no scammers etc called me.

And, the fraudulent transactions amount, was charged to the credit card, till now, it is still 'unpaid'... means, there is no 'refund' to me at this point in time
Same thing happened to me in December and I was with UOB too. Card was used without my authorization and no OTP received even though according to the bank it is "OTP Verified" I had posted regarding this earlier and the purchases were to a crypto exchange "CEX.IO" If I had really been the one whom made the crypto purchases back in december I will have no issue paying the bank back since the price of crypto soared so much lol.

Liaise with them until today end up the bank still ask me to pay up. Not a small amount for 7.8K SGD. They are only offering a 12 month interest free installment period. They are unwilling to waive even a single cent of the amount.

Seems like from your earlier post that even taking it up with fidrec would be useless?
 

natnaes

Member
Joined
Jul 21, 2016
Messages
485
Reaction score
88
Same thing happened to me in December and I was with UOB too. Card was used without my authorization and no OTP received even though according to the bank it is "OTP Verified" I had posted regarding this earlier and the purchases were to a crypto exchange "CEX.IO" If I had really been the one whom made the crypto purchases back in december I will have no issue paying the bank back since the price of crypto soared so much lol.

Liaise with them until today end up the bank still ask me to pay up. Not a small amount for 7.8K SGD. They are only offering a 12 month interest free installment period. They are unwilling to waive even a single cent of the amount.

Seems like from your earlier post that even taking it up with fidrec would be useless?
Once it is OTP verified, there is very slim chance anything. It's worth trying to contact CEX.IO as well, sometimes if the crypto exchange knows that the account is fraudulent, they will return your money.
 

fr33d0m

Master Member
Joined
Jan 8, 2008
Messages
3,697
Reaction score
724
Once it is OTP verified, there is very slim chance anything. It's worth trying to contact CEX.IO as well, sometimes if the crypto exchange knows that the account is fraudulent, they will return your money.
Especially if the merchant has SG operations. A police report can impact their SG operation greatly as the police can involve MAS and other regulators to put pressure on the merchant.

I remember there was one involved Wise(formally TransferWise). Go to Wise directly with a police report is more effective than going to the bank as the bank will claim no fault from it.
 

Red_Manta

Member
Joined
Dec 23, 2018
Messages
115
Reaction score
8
I did not lose my card or mobile, I was at home watching korean drama during the fraudulent transactions timing. My hp did not even beep for the SMS-OTPs...
now i put alert for all transactions >$1....

M1 even told me our sim cards are encrypted...

Reading the info that you have provided, this is probably what happened for your case:

1. How did they obtain Cardnumber, Exp Date, CVV:
Such info could be compromised at various possible sources (merchant, yourself via some insecure network, you shopping at a compromised merchant or even the bank data leak itself, etc). Obviously one can't pinpoint which is the exact one for most cases.
This info eventually made its way to Dark Web and hence obtained by fraudster easily.
(And this is main reason why we have 2FA)

2. How did they obtain SMS OTP?
You mentioned M1 reported OTB SMS was sent, but you did not see it on your phone.
As your SIM card did not stop working in this case, can safely say nothing to do with SIM swap attack.
Possible methods:
(a) Your mobile phone might have been infected with a virus (I recall you mentioned your phone was acting weird). If you did not already reset your phone, try scanning it with some well-known anti-virus apps and see if you find anything.
OR malicious app installed on it that allows the fraudster to manage (read, delete) your SMS.
Often there are apps that are installed and requests for certain permissions, which most do not review and simply proceed. For Android, you can check under Settings (usually, Settings > Apps > Permissions > SMS) to see which apps have permission related to SMS. See if anything is weird here.
(b) SMS Redirect. More details here, but to my limited knowledge not aware of any documented cases in SG:
https://arstechnica.com/information...ker-intercept-a-t-mobile-users-text-messages/
You might want to consider changing to a new phone, and new mobile number - to be on safe side.

Regarding M1's update to you:
Did they mention what date/time the OTB SMS were sent.
And what is the content of the SMS.
Do the above info correspond to what is expected from the bank SMS of the fraudulent transactions?
 

Utuman

Junior Member
Joined
Jun 21, 2021
Messages
9
Reaction score
0
Same thing happened to me in December and I was with UOB too. Card was used without my authorization and no OTP received even though according to the bank it is "OTP Verified" I had posted regarding this earlier and the purchases were to a crypto exchange "CEX.IO" If I had really been the one whom made the crypto purchases back in december I will have no issue paying the bank back since the price of crypto soared so much lol.

Liaise with them until today end up the bank still ask me to pay up. Not a small amount for 7.8K SGD. They are only offering a 12 month interest free installment period. They are unwilling to waive even a single cent of the amount.

Seems like from your earlier post that even taking it up with fidrec would be useless?
yrs is UOB one card?
I was offered 50% waiver, but the waiver was called off after I approached fidrec. The bank pointed me to fidrec, and at the same time, advised if i approach fidrec, waiver will be off.
yrs is M1 telco also? android hp?(mine was motorola hp, now changed to samsung)
We may need to find common points, it might lead to somewhere, who knows.

Why the bank didnt even offer any waiver, if your case is similar?
 

Utuman

Junior Member
Joined
Jun 21, 2021
Messages
9
Reaction score
0
Especially if the merchant has SG operations. A police report can impact their SG operation greatly as the police can involve MAS and other regulators to put pressure on the merchant.

I remember there was one involved Wise(formally TransferWise). Go to Wise directly with a police report is more effective than going to the bank as the bank will claim no fault from it.
The merchant where the fraud happened, is BigPay. means, someone used a BigPay account, buy thru ecommerce platform and transacted in ringgit.
Liaised with BigPay, but in the end, was advised must report to PDRM (Malaysia police), for further action. Now cant even go Malaysia, how to report? Tried online reporting, email, etc, but response is as good as none.

I supposed BigPay is similar to grabpay?
 

Utuman

Junior Member
Joined
Jun 21, 2021
Messages
9
Reaction score
0
Reading the info that you have provided, this is probably what happened for your case:

1. How did they obtain Cardnumber, Exp Date, CVV:
Such info could be compromised at various possible sources (merchant, yourself via some insecure network, you shopping at a compromised merchant or even the bank data leak itself, etc). Obviously one can't pinpoint which is the exact one for most cases.
This info eventually made its way to Dark Web and hence obtained by fraudster easily.
(And this is main reason why we have 2FA)

2. How did they obtain SMS OTP?
You mentioned M1 reported OTB SMS was sent, but you did not see it on your phone.
As your SIM card did not stop working in this case, can safely say nothing to do with SIM swap attack.
Possible methods:
(a) Your mobile phone might have been infected with a virus (I recall you mentioned your phone was acting weird). If you did not already reset your phone, try scanning it with some well-known anti-virus apps and see if you find anything.
OR malicious app installed on it that allows the fraudster to manage (read, delete) your SMS.
Often there are apps that are installed and requests for certain permissions, which most do not review and simply proceed. For Android, you can check under Settings (usually, Settings > Apps > Permissions > SMS) to see which apps have permission related to SMS. See if anything is weird here.
(b) SMS Redirect. More details here, but to my limited knowledge not aware of any documented cases in SG:


You might want to consider changing to a new phone, and new mobile number - to be on safe side.

Regarding M1's update to you:
Did they mention what date/time the OTB SMS were sent.
And what is the content of the SMS.
Do the above info correspond to what is expected from the bank SMS of the fraudulent transactions?

Thanks for the advice.
The details M1 gave to me was "sender", "deliver date" and "deliver time". But no details of the sms, M1 said they dont have and dont keep the details of the sms.
The SMS OTPs was more than the transactions, eg 19 SMS-OTPs, but 11 transactions went through.
 

Red_Manta

Member
Joined
Dec 23, 2018
Messages
115
Reaction score
8
Thanks for the advice.
The details M1 gave to me was "sender", "deliver date" and "deliver time". But no details of the sms, M1 said they dont have and dont keep the details of the sms.
The SMS OTPs was more than the transactions, eg 19 SMS-OTPs, but 11 transactions went through.

So let's assume the SMS was delivered.
Deleted SMS recovery is possible, but not guaranteed.
Especially so if you have been using the phone from since Dec 2020 till now.
The more it was used, the higher chance of the data where the deleted SMS occupies, get overwritten.
You could try to do recovery using certain Android recovery apps.
But even if you recover the deleted SMS, I don't think it helps your case.
As it only proves that there was SMS but got deleted (bank would probably still insist it could have been you who deleted them).

Interesting that you mentioned they had indicated other similar cases.
If only we had the info on multiple such cases to investigate further, it might help to shed some light on the modus operandi.

Did you check that phone for app permissions, suspicious apps? Found anything?
Ensure to consider apps that were in place at that time during Dec 2020.
You can refer to Play Store - installed apps, and library for any uninstalled apps (assuming library wasn't cleaned up before).
 

Rong626

Senior Member
Joined
Mar 18, 2009
Messages
1,167
Reaction score
181
Good idea to check on sms permissions. I'll make it a habit to go through every now and then just in case
 

aloysc

Junior Member
Joined
May 21, 2018
Messages
4
Reaction score
0
yrs is UOB one card?
I was offered 50% waiver, but the waiver was called off after I approached fidrec. The bank pointed me to fidrec, and at the same time, advised if i approach fidrec, waiver will be off.
yrs is M1 telco also? android hp?(mine was motorola hp, now changed to samsung)
We may need to find common points, it might lead to somewhere, who knows.

Why the bank didnt even offer any waiver, if your case is similar?
Yup it is the UOB one card.
I have no idea why they did not offer any waiver because I would have probably accepted the waiver so that the case can be closed since it has been almost 7++ months.
Plus it seems like going to FIDREC is pretty much useless since it will be hard to prove/disprove whatever happened.

My telco is singtel and I am on an iPhone so i guess not that many similarities besides same bank and card.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ Forums. Forum members and moderators are responsible for their own posts. Please refer to our Community Guidelines and Standards and Terms and Conditions for more information.
Top