Jump to content

Mobile company employee stole 10 million baht from customers in credit card data fraud


Recommended Posts

Posted

Mobile company employee stole 10 million baht from customers in credit card data fraud

 

3pm.jpg

Picture: Daily News

 

A Thai man who worked on the counter for two well known mobile phone operators stole the credit card details of customers and helped himself to riches in an elaborate fraud. 

 

He bought foreign goods which he sold online and purchased a house and several cars on the proceeds. 

 

Sathit Janpho, 29, - a man from Uttaradit who got a degree in computers at a Bangkok university - was arrested on Tuesday outside Central Rama II west of Bangkok. 

 

Taken into evidence were a large quantity of shoes, designer bags and expensive watches that had been purchased on Amazon and Ebay and other platforms. 

 

Also seized was a two million baht house in the Rama II area, a 2.5 million baht Mini Cooper, and Honda and  Toyota vehicles worth a further 2.4 million. 

 

Economic Crime Suppression police were called in after many complaints from customers of mobile phone operators. They said that the method used by Sathit to cover his tracks was designed to make him difficult to trace.

 

At his work he would steal the credit card numbers, expiry dates and CVC three digit codes from customers. He would then order goods from abroad online. 

 

These were delivered to a bogus address and would then be returned to the distributor. Sathit then arranged with a motorcycle taxi rider to go to the distributor to present fake documents to claim the goods.

 

He was thus never seen in person.

 

The goods were then sold on Facebook and elsewhere. 

 

Sathit admitted the fraud saying that he was employed by one operator but was sacked. But he got another job at a new phone company where he had been for the last three or four months. 

 

In total he had been stealing credit card details for the last three years and had grown rich on the proceeds. 

 

Police advised customers never to let credit cards out of their sight and to cover the CVC code with a sticker. In addition customers should sign up for bank alerts when their credit card is used to help stop them becoming victims of credit card fraud. 

 

Source: Daily News

 

 

thai+visa_news.jpg

-- © Copyright Thai Visa News 2019-09-12
  • Haha 1
Posted

Same, I never thought about it before, im putting a small sticker on it right now. 

 

Further, seems to me that it's easy enough to use credit cards fraudulently, and with the fast rise of instant funds transfer using internet banking (even across countries) and instant SMS to advise customers of all transactions and from what I read security is fairly good, so I'm wondering whether credit card usage will wain substantially. 

  • Like 1
Posted

Give him a cabinet role they need some "elaborate" fraudsters all the ones they have now are so easy to spot these days your career awaits in politics not phones????

  • Like 1
Posted
4 hours ago, dddave said:

Actually a useful suggestion to just cover the CVC code...That had never occurred to me.  I know it by heart so it doesn't need to be visible.  Without that, very difficult to use the card online.

It's a useless idea. You have already provided your CVC code to mobile phone operators and online shopping sites. What online shopping sites must do is to authenticate payments via TAC (Transaction Authorisation Code) that are sent as SMS from banks to cardholders. Problem is, just like the US banks still haven't migrated totally to chip-based credit cards, many US online shopping sites also still have not used TACs. The US is now very backward in many ways.

Posted

By the way, anyone can confirm if Shopee and Lazada in Thailand use TACs or not in authenticating payments? Have never done any online shopping there so I don't know. I can confirm that both Shopee and Lazada in Malaysia use TACs.

Posted
22 minutes ago, Selatan said:

It's a useless idea. You have already provided your CVC code to mobile phone operators and online shopping sites. What online shopping sites must do is to authenticate payments via TAC (Transaction Authorisation Code) that are sent as SMS from banks to cardholders. Problem is, just like the US banks still haven't migrated totally to chip-based credit cards, many US online shopping sites also still have not used TACs. The US is now very backward in many ways.

The Bank Of Thailand has instructed all Thai banks the transition to chip & pin cards must be completed by the end of December this year. After that, all old Thai cards without a chip will be invalid. That includes credit cards, debit cards and ATM cards.

However, I saw a recent article saying the banks had requested a short extension, as there were still some customers not aware of the need to replace their cards. It seemed to be an extension of a few weeks, IIRC.

Posted
4 minutes ago, bluesofa said:

The Bank Of Thailand has instructed all Thai banks the transition to chip & pin cards must be completed by the end of December this year. After that, all old Thai cards without a chip will be invalid. That includes credit cards, debit cards and ATM cards.

However, I saw a recent article saying the banks had requested a short extension, as there were still some customers not aware of the need to replace their cards. It seemed to be an extension of a few weeks, IIRC.

Yes, Thailand is 15-years behind Malaysia in migrating to chip-based cards. What about TACs though? Do online shopping sites in Thailand use them?

Posted
2 minutes ago, Selatan said:

Yes, Thailand is 15-years behind Malaysia in migrating to chip-based cards. What about TACs though? Do online shopping sites in Thailand use them?

I can only confirm that SCB and Bangkok Bank do.

When you fill in the secure form with your details, you are asked to click a button to "request an OTP". For me, it arrives as an SMS on my mobile within five seconds, and has worked fine.

The bank also SMS a confirmation of the transaction, saying that if you didn't authorise it to contact them immediately.

 

It's good regarding the introduction of chip & pin cards here in Thailand - at last.

I've also read about the US being 'in the process' of introducing them. They have been in use in Europe for twenty years now.

Posted (edited)

This guy was smart but not smart enough to not fall into the hubris and greedy trap on this sort of crime, which is pushing it too far as you become comfortable. Rather like gambling, you need to know when to quit after you have made enough. If he had stopped after making his first million and a half or so in say 16 months and disengaged to let all go cold plus quiet, then he could have let the trail cool off and just hung out for a year or so and then done it again from a fresh position. This would also give him time to refine his MO and become even harder to catch ... but no, he fell into the hubris trap that is that everything is fine and things will continue the same indefinitely. That is where he was a dimwit but the scam was good for out here to be fair.  

Edited by Brigand
  • Like 1
Posted (edited)
3 hours ago, Selatan said:

It's a useless idea. You have already provided your CVC code to mobile phone operators and online shopping sites.

Does the article say he hacked into the IT system to steal the data?

Or is he just in the league of the pump station attendants taking picture/photocopy of the physical cards? (another reported fraud some months ago).

 

Edited by KhunBENQ
Posted
3 hours ago, Selatan said:

What about TACs though? Do online shopping sites in Thailand use them?

When using my credit card the authorization is not dependent on the shop but on the credit card issuer. I always had to confirm via the Verified by VISA procedure even for the Kasikorn virtual credit card and small amounts less than 2000 Baht.

Recently bought a laptop at Lenovo Thailand online shop.

This went through to a Thai service provider and then I had to do the full two factor authorization for my German credit card/issuing bank.

With the EU PSD2 directive being mandatory from tommorow all such transactions have to follow a two factor authorization. Methods may vary.

Posted
7 hours ago, gamesgplayemail said:

 

yes, too smart for you to understand I guess ❤️

 

 

There are some great members on TVF. And then there are axxholes like you.

Just because I call a thief a "scumbag" for stealing, then a "dumb scumbag" because sooner or later he should have known he would get found out, best you can do is insult me.

But ...... Your screen name alone pretty much says it all. I see you as just a lonely, bored "game player" who's got nothing better to do than troll a site.

Or perhaps you are akin to him and collect illicit funds in a similar manner. That said, you too qualify as a "dumb scumbag".

  • Haha 1
Posted
18 hours ago, neeray said:

There are some great members on TVF. And then there are axxholes like you.

Just because I call a thief a "scumbag" for stealing, then a "dumb scumbag" because sooner or later he should have known he would get found out, best you can do is insult me.

But ...... Your screen name alone pretty much says it all. I see you as just a lonely, bored "game player" who's got nothing better to do than troll a site.

Or perhaps you are akin to him and collect illicit funds in a similar manner. That said, you too qualify as a "dumb scumbag".

 

I only said

yes, too smart for you to understand I guess ❤️

 

 

you said

axxholes like you.

 

 

the one who insults is you.

 

And yes, I have been scamming smart people like you in another life, and I will never regret ❤️

 

 

 

Posted
On 9/12/2019 at 8:42 PM, KhunBENQ said:

Does the article say he hacked into the IT system to steal the data?

Or is he just in the league of the pump station attendants taking picture/photocopy of the physical cards? (another reported fraud some months ago).

 

He probably doesn't need to hack into the IT system because he was working at the mobile phone company. He could have easily copied the database out. Mobile phone and online shopping companies may not be as stringent as banks when in comes to security. 

Malaysian data breach sees 46 million phone numbers leaked

Posted
On 9/12/2019 at 8:48 PM, KhunBENQ said:

When using my credit card the authorization is not dependent on the shop but on the credit card issuer. I always had to confirm via the Verified by VISA procedure even for the Kasikorn virtual credit card and small amounts less than 2000 Baht.

Recently bought a laptop at Lenovo Thailand online shop.

This went through to a Thai service provider and then I had to do the full two factor authorization for my German credit card/issuing bank.

With the EU PSD2 directive being mandatory from tommorow all such transactions have to follow a two factor authorization. Methods may vary.

I think it does depend on the shop. For example, if I buy something on Amazon (US) or Aliexpress (China), I don't get the Verified by Visa procedure. But when buying from Shopee Malaysia, I do get the Verified by Visa procedure using the same card. Just like the article had said, the perpetrator had been buying from Amazon and eBay using the stolen card information. If a two-factor authorisation have been used by eBay and Amazon, then how did he managed to buy all those things? 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...