Hello from Team OCBC

[Frankiefool]

Anyone facing issues with logging into ocbc account, be it via mobile or com? OTP, singpass and apps notification all cannot

 

[lzydata]

OCBC is going to cover all the money lost!

https://www.channelnewsasia.com/sin...ishing-full-sum-lost-goodwill-payouts-2445231

 

[BBCWatcher]

Please drop us a PM, so we may arrange for a callback to you for a check on this, thank you.

 

[oceanicmanta]

I guess OCBC will never learn, even after $8.5 million in fraud.

all banks in SG has this practice

any exception ?

it is particularly bad for OCBC bcos their hotline is impossible to connect to a human

 

[BBCWatcher]

all banks in SG has this practice

First of all, even if that were true that wouldn't be a good thing. Bank customers in Singapore are obviously under attack, and (on average) they're getting older and more vulnerable. When there's a war underway (there is), you learn and adapt, quickly. (Or die.) But fortunately all banks in Singapore are not doing what this bank is still doing.

any exception ?

Multiple.

 

[oceanicmanta]

First of all, even if that were true that wouldn't be a good thing. Bank customers in Singapore are obviously under attack, and (on average) they're getting older and more vulnerable. When there's a war underway (there is), you learn and adapt, quickly. (Or die.) But fortunately all banks in Singapore are not doing what this bank is still doing.

Multiple.

which bank/s not doing this ?

i got a call back from UOB about my CC waiver, person asked for my details for verification.

recently MayBank called back on a query and also ask for verification

 

[OCBC Bank]

Anyone facing issues with logging into ocbc account, be it via mobile or com? OTP, singpass and apps notification all cannot

Hi

Our Internet Banking is up & running

Have you tried to reset your accesses? On the login page, click 'No Access Code/PIN? Click here.'

^Sh

 

[tesarise]

which bank/s not doing this ?

i got a call back from UOB about my CC waiver, person asked for my details for verification.

recently MayBank called back on a query and also ask for verification

Those callbacks are because you initiated something on their website/app.

This is some dude on HWZ asking you to PM them. See the difference?

 

[oceanicmanta]

Those callbacks are because you initiated something on their website/app.

This is some dude on HWZ asking you to PM them. See the difference?

No, I am not referring to PMing some random dude to call me back.

It's about Banks calling customers back, seeking authentification when customers have no easy way of telling if Caller is actually from the Bank.

 

[tesarise]

No, I am not referring to PMing some random dude to call me back.

It's about Banks calling customers back, seeking authentification when customers have no easy way of telling if Caller is actually from the Bank.

Is that what the person you were quoting think it was about?

 

[BBCWatcher]

Banks shouldn't be calling their customers except for very short "push" messages along the lines I've described. One-way handshakes don't work. They must be two-way handshakes, so BOTH parties can establish trust. And if you train your own customers to be trusting of your outbound calls and messages (because you're calling them and asking "verification" questions), what on earth did you expect? This was all predictable and predicted, and here we are, again.

Yes, there are a couple retail banks in Singapore that have figured this out already. Not any of the ones named so far. And I've mentioned this before but if you look at other national banking associations, such as the U.K. association, they figured this out a long time ago, too.

 

[reddevil0728]

Banks shouldn't be calling their customers except for very short "push" messages along the lines I've described. One-way handshakes don't work. They must be two-way handshakes, so BOTH parties can establish trust. And if you train your own customers to be trusting of your outbound calls and messages (because you're calling them and asking "verification" questions), what on earth did you expect? This was all predictable and predicted, and here we are, again.

Yes, there are a couple retail banks in Singapore that have figured this out already. Not any of the ones named so far. And I've mentioned this before but if you look at other national banking associations, such as the U.K. association, they figured this out a long time ago, too.

What’s the alternative to that?

 

[BBCWatcher]

What’s the alternative to that?

I've been very clear about what the alternatives are. So has the British Bankers Association, as an example. This is a rather well solved problem...except at a certain bank (or a few) in Singapore. Among a few other things, don't have any "one-way handshakes" over any communications channels. Zero, get rid of them, and educate your customers that one-way handshakes aren't you and are scammers.

I do business with several banks and brokers that never call me and ask "verification questions." They never get on a forum like this one, even after a significant incident, and ask customers to message their phone numbers to call them back (for one-way handshakes). If/when I receive any such requests I already know they're scam attempts, or at the very least I have zero assurance they are communications with a bank employee acting in an official capacity over a bank monitored/supervised channel.

I'm glad the Monetary Authority of Singapore is finally announcing a systemic review of some kind. Some banks are doing OK, but there are way too many deficiencies at other banks. And it's not just banking, although that's a start.

By the way, anyone else getting those calls from "DBS" and the "Ministry of Health" in English and Chinese? "Press 3 to speak with our customer service representative"? Singapore is getting bombarded with scam attempts because they work so often. And this line of attack will never end until the public and institutions (public and private) all shift from one-way handshakes to two-way handshakes. So let's get going already. We're late, but better late than never.

 

[reddevil0728]

I've been very clear about what the alternatives are. So has the British Bankers Association, as an example. This is a rather well solved problem...except at a certain bank (or a few) in Singapore. Among a few other things, don't have any "one-way handshakes" over any communications channels. Zero, get rid of them, and educate your customers that one-way handshakes aren't you and are scammers.

I do business with several banks and brokers that never call me and ask "verification questions." They never get on a forum like this one, even after a significant incident, and ask customers to message their phone numbers to call them back (for one-way handshakes). If/when I receive any such requests I already know they're scam attempts, or at the very least I have zero assurance they are communications with a bank employee acting in an official capacity over a bank monitored/supervised channel.

I'm glad the Monetary Authority of Singapore is finally announcing a systemic review of some kind. Some banks are doing OK, but there are way too many deficiencies at other banks. And it's not just banking, although that's a start.

By the way, anyone else getting those calls from "DBS" and the "Ministry of Health" in English and Chinese? "Press 3 to speak with our customer service representative"? Singapore is getting bombarded with scam attempts because they work so often. And this line of attack will never end until the public and institutions (public and private) all shift from one-way handshakes to two-way handshakes. So let's get going already. We're late, but better late than never.

Can you point me to your post about the alternatives?

 

[BBCWatcher]

Just read upthread, RD. You have my ID, and every post I make on this forum is readable. And this isn't the right forum for a dissertation on bank security anyway. I think I've been quite specific enough, but if you disagree, "tough."

 

[reddevil0728]

Just read upthread, RD. You have my ID, and every post I make on this forum is readable. And this isn't the right forum for a dissertation on bank security anyway. I think I've been quite specific enough, but if you disagree, "tough."

I’m not disagreeing. I’m just curious and inquisitive to know what’s the alternatives to be better informed.

many posts to go through so would be easier if you quote it or what’s the key word I should search with your ID give that you posted many stuff so will be more difficult to find

 

[CrashWire]

many posts to go through so would be easier if you quote it or what’s the key word I should search with your ID give that you posted many stuff so will be more difficult to find

Wow, BBCWatcher's advice has gone unheeded since at least 2019:

https://forums.hardwarezone.com.sg/threads/hello-from-team-ocbc.4379022/post-123317588
https://forums.hardwarezone.com.sg/threads/hello-from-team-ocbc.4379022/post-124825102
https://forums.hardwarezone.com.sg/threads/official-bbcwatcher-club.5855578/post-120123037

 

[Steyr69]

There is a big concern why the digital token thing didn't stop the fraud txn.
I mean the scammers got the user id and pin thru the fake website.

But in order to go in successfully, need to click Approve. And any transfer of $ also needs approval via digital token.
Unless the mobile phones were also compromised when the victims went inside the fake website.

If yes, this is really very scary.

There is a need to bring back physical token. I don't mind paying $20 to exchange for a peace of mind.

 

[CrashWire]

There is a need to bring back physical token. I don't mind paying $20 to exchange for a peace of mind.

Don't give the banks ideas. Tokens cost much less than this, and they shouldn't be charging people for the privilege of being more secure.

 

[zhane]

can we still change for new notes now that the reservation period is over?