400.000 Baht disappeared, a story of BKK Bank, SCB and Advice IT

[RSD1]

1 hour ago, gamb00ler said:

I reduce my exposure even further.  I only transfer to the daily account 4K at a time.  If I do happen to have a need for more, it only takes me 30sec to initiate another transfer from the main savings account.  My main savings is an EZ Savings at SCB paying 1.5% with unlimited free transfers in and out.  Since I learned how to do cardless withdrawals I rarely use my ATM/debit card so the limit is set to 0 until its needed.

 

My wife knows my PIN and how to move money so I told her to empty my account before I'm cold and stiff.

 

That’s perfect. Yes, you can do it that way too, by moving over small amounts on a regular basis. For my daily spending account, I do have an ATM card, but I’ve set the daily withdrawal limit on the card to only ฿4,000. Additionally, the daily bank transfer limit is set to ฿3,000. This way, I minimize my exposure if the account is ever hacked. Plus, the total balance in that account never exceeds a month’s worth of spending money, so it’s all good.

 

Even if you set your ATM card’s daily limit to zero, you might still be able to make cardless ATM withdrawals using the app. I’m not 100% sure, but you can give it a try. I believe I’ve done that in the past, and if it works, you wouldn’t need to change your card limit every time you want to withdraw cash from an ATM using the app.

 

It’s also worth noting that withdrawing money from an ATM upcountry will incur a fee, usually around ฿25 or ฿30 per withdrawal. However, you can also avoid this fee by doing a cardless ATM withdrawal. 

 

Lastly, all local bank transfers between Thai banks are completely free, regardless of the bank, account type or how many transfers you make within a given time period. Some years ago, the Thai government passed a law prohibiting Thai banks from charging fees for local bank to bank transfers. I think they used to charge ฿25 for that, but that's long a thing of the past now. 

[riclag]

31 minutes ago, RSD1 said:

Nope, I have a credit card from the major US Bank and I keep it locked in the app all the time. Whenever I'm going to make a purchase, I unlock the card temporarily and then lock it again once the purchase is completed. I've kept it this way for years already. Never a problem.

You miss the point!

You use your card.

My comment was directed towards 

those who don’t use their card frequently , months go by while locked.

[RSD1]

24 minutes ago, riclag said:

You miss the point!

You use your card.

My comment was directed towards 

those who don’t use their card frequently , months go by while locked.

I still doubt it's a problem. As long as you at least login online to your bank and/or credit card account from time to time to avoid a dormancy issue. As a security measure, some banks will lock an account automatically after a period of time of complete account inactivity, and normally that period is about one year. It's something they sometimes do in case the account holder has passed away and nobody has since contacted the bank about it. Best thing to do is do a small online transfer or transaction once every six months and then a possible account dormancy problem can be completely avoided. 

 

But I would check with the card company to be sure what their policies are if one is at all concerned about the specific issue that you raised. 

[snowgard]

On 1/14/2025 at 7:38 PM, Carsten07 said:

No.

 

Was done via Online banking = Browser.

No Card, no app.

However, with online banking you usually receive an OTP code via SMS on your mobile phone, which you must use to confirm the transfer. So it works with Krungsri.

[riclag]

1 hour ago, RSD1 said:

I still doubt it's a problem. As long as you at least login online to your bank and/or credit card account from time to time to avoid a dormancy issue. As a security measure, some banks will lock an account automatically after a period of time of complete account inactivity, and normally that period is about one year. It's something they sometimes do in case the account holder has passed away and nobody has since contacted the bank about it. Best thing to do is do a small online transfer or transaction once every six months and then a possible account dormancy problem can be completely avoided. 

 

But I would check with the card company to be sure what their policies are if one is at all concerned about the specific issue that you raised. 

Inactive means not using your card! Purchases ! 

It has nothing to do to do with logging into your account and fiddling around in it.
 

“But after a certain period of time, which varies depending on the lender or creditor’s policies, they may consider your account “inactive” and it may be closed”.
 

https://www.equifax.com/personal/education/credit-cards/articles/-/learn/inactive-credit-card-account-closed/
 

[riclag]

9 hours ago, placnx said:

My US card was recently compromised. I have used it for some recurring charges in the US, but here only in ATMs. So I checked whether there was any way my card details could have been captured here.

 

I use Bitdefender since last year when Kaspersky was outlawed in the US. I have learned that there are vulnerabilities, nonetheless.

1) Using older wireless devices such as keyboards and mice with Bluetooth, the transmissions are not encrypted, so someone fairly close by can intercept the data. Some current wireless devices, from Logitech for example. They use their own Logi Bolt dongle to send encrypted signals. Google "Mousejack".

2) Another danger is through a fake CAPTCHA popup where you click to confirm that you are a human. There is not the usual display of a photo divided in 9 sections where you have to identify a specified item appearing in certain sections. This is called Lumma Stealer.

https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captcha

Antivirus programs including Bitdefender cannot detect this activity.

 

One solution is using virtual or burner cards as much as possible. Also, avoid storing sensitive data such as passwords in unencrypted files on your computer.

 

Aside from concealed cameras at ATMs, I wonder whether there is any way that bank employees or the authorities can intercept the transmission of chip card details and what details are in the transmission. Does anyone here know? 

Good question !

I to have had my CC # compromised here!

 Now when I use my card i dont let them swipe it and I cuff the card so the numbers are never exposed to the shops security cameras. 
I use the tap to pay feature mostly!

I  try to stay away from the swipe or insert my card transactions. If there comes a time where I must use this less secure method , I’ll use a card company’s card thats never been compromised!

It sucks having been hacked .Those cameras above on the ceiling can zoom in .

[RSD1]

27 minutes ago, riclag said:

Inactive means not using your card! Purchases ! 

It has nothing to do to do with logging into your account and fiddling around in it.
 

“But after a certain period of time, which varies depending on the lender or creditor’s policies, they may consider your account “inactive” and it may be closed”.
 

https://www.equifax.com/personal/education/credit-cards/articles/-/learn/inactive-credit-card-account-closed/
 

In my case, my bank credit card and my online banking both share the same login. It's the same for nearly every big American bank. So I can't log into my bank account without logging into my credit card account. That means any online banking I do is the same as doing something with the credit card.

 

In regards to your paranoid conspiracy, I've never seen it in practice. But go on living in fear about it if that helps you sleep better at night.