Check your accounts: 10,000 victims lose money from many banks in a single day

[digger70]

20 hours ago, Neeranam said:

The Great Heist is a wonderful Columbian series. 

The show is a dramatic interpretation based on the true story of the 1994 heist of the robbery of the national bank El Banco de la Republica (Bank of the Republic) in Valledupar, where the criminals came away with 33 million US dollars.

[Neeranam]

1 minute ago, digger70 said:

The show is a dramatic interpretation based on the true story of the 1994 heist of the robbery of the national bank El Banco de la Republica (Bank of the Republic) in Valledupar, where the criminals came away with 33 million US dollars.

And the same 2 lead actors as Pablo Escobar

[orchidfan]

5 hours ago, StevieAus said:

We discovered our last week about 1500 baht which the BB has already agreed to refund 

Last week (5th) I lost about B12,000 and the BB certainly have not, as yet, agreed to refund it.

All reports, including police , have been submitted, but it's under investigation...along with thousands of others who have been hacked

[Chongalulu]

On 10/18/2021 at 11:05 AM, Berkshire said:

I'll concede that I'm a novice when it comes to smartphones.  I just never felt the need to do finances on my phone.  On my PC and laptop, I have all manner of security and anti-virus protections.  On my phone, nothing.  That's why I'm a bit cautious. 

You need to get up,to date - my phone/iPad uses fingerprint id to authorize/confirm transactions or access my account . Does your computer have that ? 

[treetops]

3 minutes ago, nchuckle said:

You need to get up,to date - my phone/iPad uses fingerprint id to authorize/confirm transactions or access my account . Does your computer have that ? 

I wouldn't gloat about that.  iPhone fingerprint ID was compromised since about day 1.

[Salerno]

6 minutes ago, nchuckle said:

You need to get up,to date - my phone/iPad uses fingerprint id to authorize/confirm transactions or access my account . Does your computer have that ? 

If you pass out drunk/get knocked out by a burglar which would you prefer; a laptop without finger print scanner (and yes some have them) or a phone with?

 

Possibly extreme scenarios but I don't see fingerprint scanners as the be all and end all for security.

[Chongalulu]

3 minutes ago, Salerno said:

If you pass out drunk/get knocked out by a burglar which would you prefer; a laptop without finger print scanner (and yes some have them) or a phone with?

 

Possibly extreme scenarios but I don't see fingerprint scanners as the be all and end all for security.

And if Aliens abducted me inserting an anal probe…. ???? 

[khunken]

5 hours ago, smedly said:

two posts from another that covers this theft

 

In order for this scam to work two things are required 

 

A CC or Debit Card and all its details 

 

A CC or Debit card that is enabled for comercial transactions 

 

As I pay attention - a poster on here yesterday who is a victim of this theft does have a card issued by a bank in Thailand  - he has never used it not even in an ATM machine, from that it is not hard to figure out that whoever stole his money had access to his card details from an internal system - so that is either at a bank or the CC company

 

It doesn't matter where the money went or how it was requested - an insider had to have access to the card details to make it happen

 

 

additionally 

 

In order for this crime to work you need -

 

- a source for the money - Thailand bank or CC company with an insider who has access 

- an account with company like paypal using fake id and credentials 

- a bank account in a foreign country (China/Russia) using the same fake id and credentials 

- a team cooperating across borders at the source and destination of the stolen funds 

- once the stolen funds have been retrieved at the destination then this theft is over 

 

It is difficult to investigate the whole process as it will involve angencies in different countries, the Thai police primary goal is to identify the insiders at the source in Thailand 

 

People wonder why banks are so particular about making sure of your identity when opening an account - this is why, I don't know how difficult it is to create bogus accounts in say China or Russion for example but it could much easier than in Europe or the US 

 

This crime will operate for a few days just long enough for the funds to transferred and withdrawal completed and that will be the end of it.

 

Apologies - finger trouble with the first attempt at replying.

 

As the fraud is not just in one bank, it's unlikely to be a bank internal problem.

 

I currently have a fraudulent transaction under investigation at Bangkok Bank. There are a number of ways it could have happened:

1. Internal bank fraud (unlikely IMO)

2. When setting up a direct debit, I gave my account number to my ISP who arranged it with the bank. (more likely)

3. I sometimes use my bank debit card to pay for items online. (also more likely)

4. The transaction was not made from an ATM so not an ATM hack.

5. With the number of (admitted & not admitted)  hacks and companies/governments leaking data online, it is unsurprising that fraud occurs & it's not just in Thailand.

[dj230]

7 hours ago, hioctane said:

There are different levels of security. Yes, you need to trust the VPN company. However, if there was any breach in a major VPN company, you would have heard about it before anything really bad happens.

 

VPNs are a MUST when you connect to any public wifi or any wifi you do not know. Even better would be to use your mobile data. Even then you would need to trust your mobile company. 

 

Of course the safest way is to set up your own VPN server, but that is going a bit overboard for most people. 

I don’t see the benefit here, you’re still connected directly to the public wifi. 
 

A VPN routes your network connection through the VPN, not the other way around where the VPN routes your data to the network you’re connected to. 
 

ie. it’s a “barrier” between the website and your internet connection, you’re still directly connected to the network you’re connected to regardless if you are using a VPN or not. 
In the public wifi example, your data goes to the public wifi, then the VPN, then the website. 

 

[LikeItHot]

On 10/18/2021 at 11:25 PM, ArcticFox said:

What's a "Wise" card?

 

You've never heard of Transferwise? You're the only one. Google

[lopburi3]

1 hour ago, LikeItHot said:

You've never heard of Transferwise? You're the only one. Google

Actually suspect most of us using Wise here in Thailand do not have a Wise Card.

[TallGuyJohninBKK]

On 10/18/2021 at 11:29 AM, 4MyEgo said:

SCB notifies me every time I access my account online by an email, they also send me a confirmation withdrawal email when I transfer funds, so am not fussed, also keep under a million in the bank in case of fraud and I believe that is all the bank will cover if you have had a fraud or they go under.

 

The government's Deposit Protection law is designed to protect depositors up to the specific limit in the event a Thai commercial bank totally fails/goes out of business.

 

However, the DPA scheme does absolutely nothing and provides zero protection for anything to do with financial theft, fraud, etc., regardless of who the stealing/thieving party might be.

 

[jacko45k]

21 hours ago, LikeItHot said:

You've never heard of Transferwise? You're the only one. Google

Now called simply 'Wise' of course. 

[Jonathan Swift]

I can't remember If I posted on this story, so I'll post again to be sure. I must have been lucky in my choice of banks. I use Bangkok Bank and Kasikorn Bank, and one has a Mastercard/debit, the other has a VISA/debit. In the case of both of these banks, each and every log in or transaction generates an instantaneous SMS message to me, and Bangkok Bank emails me instantaneously whenever I sign in online. I'm sure they have other forms of effective security. I use these cards for online purchases from everyone including Ebay, Amazon, all local merchants, Shopee, Lazada, All my bills in the US as I select them, and I don't think anyone using either of those banks needs to worry about these things. I've lived in Bangkok 9 years now. There is also security built into Google Chrome which requires the CVC code with each transaction. All in all, I think this crime was likely a combination of lax security on the part of the merchants, and banks who are not up to speed with their transaction monitoring and notification. I once long ago had an employee at a merchant steal my credit info, but she got caught.  But for those of you who are still reticent about online transactions, in the US all banks will without question reimburse any form of fraudulent transactions, so if I were to use my US credit/debit cards I would be doubly secure. So if you need to and can, use a card issued by your home bank.  For example, I use my US cards when buying air tickets so that if they play games with cancellations and refunds I can have the bank claw back my money, and I did it a number of times with this covid mess. But there are new and more secure payment methods evolving in today's world which I have not kept up with. I just wanted to weigh in with my experience. I do 95% of all my shopping for merchandise online, and this story does not shake my confidence, largely due to the dependability and track records of my banks. In the case of big C or Homepro you can pay by card at time of delivery - I do that when there is a glitch in paying online. But if you exercise reasonable caution and discretion, there's no need to fear these very few worst case scenarios. 

[orchidfan]

Update 

After a call to customer service today (15 days after the theft) BBL have returned some of my money....that attributed to "Steampower.com".

But not the B8000 fraudulently paid to "Cult Beauty" ( a UK company I think)

Will wait and see.

Very slow "investigation" !!

[rott]

Are these frauds continuing.? How long since the the last reported one.? Not been into my account anyway. 

[elgenon]

On 10/17/2021 at 8:15 PM, Berkshire said:

This made me check all of my Thailand bank accounts.  Luckily, no problems.  But then I don't use my credit/debit cards for any online transactions.  And I definitely don't do banking on my phone.

Do you pay for online transactions another way? or don't do any online transactions? Curious.

 

How do you pay for flights?

[VBF]

On 10/19/2021 at 11:37 AM, dj230 said:

I don’t see the benefit here, you’re still connected directly to the public wifi. 
 

A VPN routes your network connection through the VPN, not the other way around where the VPN routes your data to the network you’re connected to. 
 

ie. it’s a “barrier” between the website and your internet connection, you’re still directly connected to the network you’re connected to regardless if you are using a VPN or not. 
In the public wifi example, your data goes to the public wifi, then the VPN, then the website. 

 

Not quite.... "In the public wifi example, your data is encrypted then goes to the public wifi, then the VPN, then the website. "

 

https://superuser.com/questions/1122911/data-through-vpn-vs-internet  See Para 3 Answers.  You do have to set your VPN correctly!

 

Also note the comment about HTTPS as opposed to HTTP - never deal with an organisation that only uses HTTP - they're WAY behind the times!

 

[orchidfan]

51 minutes ago, TallGuyJohninBKK said:

 Doesn't change the fact that the DPA law ONLY deals with one situation -- the complete financial failure of a Thai commercial bank -- nothing about fraud or theft.

 

Anything else is in much murkier and discretionary legal terrain in Thailand. Note the initial comment by those same entities you mention that they'd reimburse customers IF the customer could PROVE that they didn't make any of the disputed charges.

 

Just how exactly would a defrauded customer PROVE they didn't do something like that?

 

Done it (partially) with BBL.

Submitted a statement declaring these were not my transactions, nor in anyway authorized, copies of their SMS  messages, and I think most importantly, a police report (cost B20).

Got half back already (out of 3 separate "transfers") and last one being investigated. 

I didn't have to PROVE anything. Just be truthful and declare the facts.

I think they know the score by now. 

[TallGuyJohninBKK]

23 hours ago, orchidfan said:

I think they know the score by now. 

But do Thai bank customers know the score?

 

In my home country, there is a national law that provides very clear and comprehensive protection against bank card fraud and theft. And the card holder is NOT presumed responsible, as long as the fraud/theft is reported to the bank in a timely manner. And even VISA and MC in some countries, including mine, advertise "zero fraud liability" for cardholders as card network policies.

 

In Thailand, in the past with individual bank card fraud/theft cases, Thai banks have often taken the position (as cited in past threads here) that card holders are responsible for any fraud or theft that occurs prior to the cardholder reporting the issue to their bank. Bank reps also have responded to reported theft claims by blaming the cardholder's spouse or other family members as being responsible. And AFAIK, the advertised VISA and MC "zero fraud liability" policies have never applied for Thailand-issued bank cards.

 

If Thailand has any clear national consumer protection law that requires Thai banks to timely reimburse customers in the case of reported bank card fraud or theft, I've never seen it or heard of it.

 

Edited October 23, 2021 by TallGuyJohninBKK

[MikeyIdea]

Minimum limit for credit card OTP with scb is 500 baht. Not possible to set lower. So lazada should send OTP for everything over 500 baht but that very occasionally fails. Happened to me one time only last week. Error with payment, no OTP. Checked orders before ordering again and the payment had gone through, order was paid. I read on pantip.com that other Thais have reported the same problem in the past. 

 

Shopee stopped their credit card and bank transfer functionality for non saved cards totally only ten days ago or so. Those with cards saved in the system can still use them. I do occasionally use my credit card to buy on lazada and shopee but I have never ever saved it on lazada. Shopee saves automatically so I go directly after ßnd remove it manually. Hope its safe enough. 

 

There is quite a big difference in safety between an updated pc and mobile phones. Pc safety is more robust. also, the mobile phone online shopping ßnd banking market is much bigger than the pc market in Thailand nowadays, another reason why mobile phone apps would be targeted more often. Both less robust security ßnd higher volume of transactions. 

 

Time to be extra careful

 

Edited October 23, 2021 by MikeyIdea

[metisdead]

A post with a link to the Bangkok Post and a reply has been removed.

 

Inflammatory posts and the replies have been removed.  

[Pravda]

On 10/22/2021 at 4:31 PM, orchidfan said:

Done it (partially) with BBL.

Submitted a statement declaring these were not my transactions, nor in anyway authorized, copies of their SMS  messages, and I think most importantly, a police report (cost B20).

 

The fact that you have to do a police report is beyond stupid. Name me 1 country with a serious banking system that does it. It's even incredibly unbelievable you have to do this since this fraud has been on national news for a while now.

[MikeyIdea]

On 10/19/2021 at 2:49 PM, nchuckle said:

You need to get up,to date - my phone/iPad uses fingerprint id to authorize/confirm transactions or access my account . Does your computer have that ? 

If they can sniff one authorisation, break the encryption and duplicate it, it doesn't matter which authorisation you choose. The difficult thing is breaking the encryption and duplicate it, not which method you use

Edited October 24, 2021 by MikeyIdea

[MikeyIdea]

On 10/19/2021 at 9:04 AM, Neeranam said:

Yes, surprised me. However, I doubt many use credit cards as there is a 3% charge. 

Lazada has zero surchange. Shopee claims that they take a 3% surcharge in their help area but they don't. They also have zero surcharge, been like that for years. My own experience. 

[MikeyIdea]

There are a lot! of interfaces between different (internal) bank systems, different banks and various other systems. The way the trend has been for many years now, half of them may be outsourced. I'd say the problem is likely to have come from that.

 

It may not even have started or come from Thailand. It's easy to check bank policies (OTP / email) in countries and chose a country. SCB for instance has minimum credit card OTP limit set to 500 baht. Anything below that will go straight through without notification.  

[jomtienisgood]

On 10/18/2021 at 6:04 PM, George masaoka said:

Curious.  Many people commenting about never using any kind of cards online.  How do you  book hotels and flights, especially when traveling?

 

We don't travel anymore.. lol