38 people's SCB bank accounts hacked

[webfact]

CRIME
38 people's bank accounts hacked
The Nation

BANGKOK: -- A total of 38 people have fallen victim to a hacker who stole their ATM information and withdrew Bt500,000 cash from their accounts.

Pol Lt Khomsan Tutiyanon of Bangkok's Prachacheun Police Station said police had received complaints about ATM hacking since last Friday.

Police initially found that most victims had Siam Commercial Bank accounts and had at some point withdrawn money from an automated teller machine on Tesaban Songkhro Road in Lat Yao sub-district of Chatuchak district.

Most victims' money was withdrawn via an ATM at Songkhla's Hat Yai district, he said.

SCB has frozen the ATM cards of the 38 victims and will be responsible for the stolen money, he added.


-- The Nation 2014-04-09

[assayer]

SCB has frozen the ATM cards of the 38 victims and will be responsible for the stolen money, he added.

Is this a first in Thailand?? Someone is actually doing the right thing!!!!!

[juliusk]

Well they will be responsible for the stolen money but will they ever get something back? Hope so, because that will be a very good improvement from the Thai banks!

[NongKhaiKid]

It's reported that shortly after the thefts some rice farmers were paid some of their overdue pledged money

[wprime]

SCB has frozen the ATM cards of the 38 victims and will be responsible for the stolen money, he added.

Is this a first in Thailand?? Someone is actually doing the right thing!!!!!

They always say they're responsible on the media - how is that a first?

[TallGuyJohninBKK]

I'm not aware of any Thai law or banking regulation that requires Thai banks to reimburse account/cardholders in these kinds of situations.

However, where there's an established hacking incident at a or some group of ATMs, I believe the Thai banks will tend to reimburse in those situations...where there's a group of victims.

That's a different situation, apparently, from where you alone as an individual have some problem, and they try to go to the bank. That's where we hear the repeated reports of customers getting ignored or dismissed or given the run-around.

That said, it would be interesting to know/hear if these victims really do get ALL their stolen funds back, and how long it takes. Normally, there's little if any media follow-up on these kinds of episodes.

Likewise, I also view with a grain of salt anytime I hear news reports talking about government agencies and corporations here being "responsible" for something, because rarely do they seem to actually take responsibility for what they're responsible for.

Edited April 9, 2014 by TallGuyJohninBKK

[Cylon]

This is not the first time accounts at SCB have been hacked.

[slapout]

What is intially reported as a business taking responsibility in the press seems to follow the Thai legal system pattern, delay, delay, appeal. cease responding, and then as those deemed guilty/responsible, just fade away.

[angsta]

I'm not aware of any Thai law or banking regulation that requires Thai banks to reimburse account/cardholders in these kinds of situations.

Maybe that's because you are a poster on Thaivisa and not an expert in Thai banking practices...just sayin

[spacemand]

I'm not aware of any Thai law or banking regulation that requires Thai banks to reimburse account/cardholders in these kinds of situations.

However, where there's an established hacking incident at a or some group of ATMs, I believe the Thai banks will tend to reimburse in those situations...where there's a group of victims.

That's a different situation, apparently, from where you alone as an individual have some problem, and they try to go to the bank. That's where we hear the repeated reports of customers getting ignored or dismissed or given the run-around.

That said, it would be interesting to know/hear if these victims really do get ALL their stolen funds back, and how long it takes. Normally, there's little if any media follow-up on these kinds of episodes.

Likewise, I also view with a grain of salt anytime I hear news reports talking about government agencies and corporations here being "responsible" for something, because rarely do they seem to actually take responsibility for what they're responsible for.

Look into Visa/MC rules regarding this there might not be a Thai law but the licensing from Visa/MC might

[spacemand]

This is not the first time accounts at SCB have been hacked.

They were not hacked, another misleading headline. Definition of hacked "use a computer to gain unauthorized access to data in a system."

Someone placed a skimming device on what appears to be one of their ATMs.

Happens every day in many countries around the world, organized gangs place skimming devices that are almost impossible to detect unless you know what to look for. Then from 1 hour to 90 days later they use the information gathered to make new fake ATM cards and withdraw from any ATM in the world.

Edited April 9, 2014 by spacemand

[LaraC]

Well they will be responsible for the stolen money but will they ever get something back? Hope so, because that will be a very good improvement from the Thai banks!

Talk is cheap, right.

Will believe it when i hear an update that all accounts were reinbursed!

[OMGImInPattaya]

SCB has frozen the ATM cards of the 38 victims and will be responsible for the stolen money, he added.

Is this a first in Thailand?? Someone is actually doing the right thing!!!!!

No. Its been done many times in the past in such cases. In fact, as it looks like it was an ATM skimmer operation, SCB is not under any obligation to reimburse these losses as it's the cardholders who allowed their card numbers and PINS to be compromised.

[OMGImInPattaya]

I'm not aware of any Thai law or banking regulation that requires Thai banks to reimburse account/cardholders in these kinds of situations.

However, where there's an established hacking incident at a or some group of ATMs, I believe the Thai banks will tend to reimburse in those situations...where there's a group of victims.

That's a different situation, apparently, from where you alone as an individual have some problem, and they try to go to the bank. That's where we hear the repeated reports of customers getting ignored or dismissed or given the run-around.

That said, it would be interesting to know/hear if these victims really do get ALL their stolen funds back, and how long it takes. Normally, there's little if any media follow-up on these kinds of episodes.

Likewise, I also view with a grain of salt anytime I hear news reports talking about government agencies and corporations here being "responsible" for something, because rarely do they seem to actually take responsibility for what they're responsible for.

Look into Visa/MC rules regarding this there might not be a Thai law but the licensing from Visa/MC might

Where did you read these were Visa/MC credit or network ATM cards involved?

[wilcopops]

I heard on the news yesterday that Microsoft have stopped support and updates for WINDOWS XP.

apparently this is the software used by many banks for ATMs and as such are now potentially more at risk from hackers etc.......... Could this be the first of many?

[thedoctor]

My Visa was hacked in phuket

i got back to Australia 2 days later, went into the comm bank asked why i couldnt access my account ,, it was locked ,,

someone had emptied my account in london ,, 2 days after copying my card ,, my bank belived me ,, i still had my card. and never went to the UK

Visa fraud protection paid all my money back but it took 6 weeks ,,

i then read on the net a french gang were caught in bangkok after visiting phuket and pattaya

[OMGImInPattaya]

I heard on the news yesterday that Microsoft have stopped support and updates for WINDOWS XP.

apparently this is the software used by many banks for ATMs and as such are now potentially more at risk from hackers etc.......... Could this be the first of many?

The accounts were not "hacked" as has been pointed out already! They were accessed as intended by criminals who stole the account credentials from careless ATM card holders.

[Travel Dude]

Good that SCB is straight forward and immediately takes responsibility, saying that the bank will take responsibility for the stolen money. That's proper management and also avoids a PR disaster. Well done SCB!

[TallGuyJohninBKK]

I'm not aware of any Thai law or banking regulation that requires Thai banks to reimburse account/cardholders in these kinds of situations.

Maybe that's because you are a poster on Thaivisa and not an expert in Thai banking practices...just sayin

Feel free to link to or excerpt the pertinent law or regulation, if you are aware of one.

I won't be holding my breath waiting.

Edited April 9, 2014 by TallGuyJohninBKK

[wilcopops]

I heard on the news yesterday that Microsoft have stopped support and updates for WINDOWS XP.

apparently this is the software used by many banks for ATMs and as such are now potentially more at risk from hackers etc.......... Could this be the first of many?

The accounts were not "hacked" as has been pointed out already! They were accessed as intended by criminals who stole the account credentials from careless ATM card holders.

Careless? If they were skimmed - an electronic device placed on the slot.....i've seen one in Thailand in operation......they aren't immediately noticeable, if they were, they wouldn't work.

I still also think it is worth noting that the XP software is now more vulnerable.........whether or not it can detect a skimmer.

Edited April 9, 2014 by wilcopops

[TallGuyJohninBKK]

I heard on the news yesterday that Microsoft have stopped support and updates for WINDOWS XP.

apparently this is the software used by many banks for ATMs and as such are now potentially more at risk from hackers etc.......... Could this be the first of many?

The accounts were not "hacked" as has been pointed out already! They were accessed as intended by criminals who stole the account credentials from careless ATM card holders.

I too think the use of the term "hacked" in the headline and article is probably factually incorrect.

Although article doesn't say exactly, it certainly sounds like this was just another episode of ATM card skimming at the machine. The crooks added a skimmer to the ATM(s) or used some other means to gain customers' card info and PIN numbers.

I wouldn't go so far, however, as to say the victims were "careless ATM card holders." You don't have to be "careless" to fall victim to an ATM card skimming scam.

There was, if memory serves, another big, similar episode in Bangkok just a few months back.

http://www.thaivisa.com/forum/topic/680231-atms-on-bangkoks-wireless-road-hacked-card-users-say/

And then there was the case of the Thai tourist police officer aiding the gang of card skimmers about the same time.

http://www.thaivisa.com/forum/topic/682907-thai-tourist-police-involved-with-atm-skimming-gang-sacked/?hl=+tourist%20+police%20+officer%20+dismissed

It does seem to be quite the thriving industry here. That's one reason why I don't keep any sizeable money in any Thai bank account with ATM card access.

[Ricardo]

SCB has frozen the ATM cards of the 38 victims and will be responsible for the stolen money, he added.

Is this a first in Thailand?? Someone is actually doing the right thing!!!!!

No. Its been done many times in the past in such cases. In fact, as it looks like it was an ATM skimmer operation, SCB is not under any obligation to reimburse these losses as it's the cardholders who allowed their card numbers and PINS to be compromised.

"as it's the cardholders who allowed their card numbers and PINS to be compromised"

by using their cards as normal in an SCB-ATM ?

That's hardly conniving at compromising their cards, by using them as-intended in an SCB-ATM, is it ?

What use would an SCB-card be, if you couldn't use it in ATMs, as these cardholders did ?

[worgeordie]

Thats the reason i keep a minimal amount in the account linked

to ATM card,just transfer as need,keep loses to a minimum,as

you could never be sure the bank would reimburse you,even if

you are not at fault.I trust banks as much as I would a Cobra,

regards Worgeordie

[Bkungbank]

Hat Yai smell the smoking guns as most hackers are from Malaysia, they have must code and withdraw over there but why the credit limit should not exceed 20,000 per day if need to change the limit need ID card number or date if birth,

Beware of using credit card in Malaysia have they have clone card, those card still have no chips pose the great risk.

[unanimosity]

I'm not aware of any Thai law or banking regulation that requires Thai banks to reimburse account/cardholders in these kinds of situations.

However, where there's an established hacking incident at a or some group of ATMs, I believe the Thai banks will tend to reimburse in those situations...where there's a group of victims.

That's a different situation, apparently, from where you alone as an individual have some problem, and they try to go to the bank. That's where we hear the repeated reports of customers getting ignored or dismissed or given the run-around.

That said, it would be interesting to know/hear if these victims really do get ALL their stolen funds back, and how long it takes. Normally, there's little if any media follow-up on these kinds of episodes.

Likewise, I also view with a grain of salt anytime I hear news reports talking about government agencies and corporations here being "responsible" for something, because rarely do they seem to actually take responsibility for what they're responsible for.

It is not unlike the liberal democrats in the USA that believe "intent" equates to action. The Thai banks are a product of the local culture that considers it okay to buy degrees and bribe away problems and blame others for causing an individual to lose face by testifying to his nefarious acts. It is the same "intent" mindset that advertises claims of being "green" with no substantiation whatsoever.

[BudRight]

38 is not quite two score.

[MoonShadow]

Truely unbelievable headline...."Major Security breach at SCB, Scores of accounts hacked!"

1) as others have already pointed out, its not hacking but "skimming" so NO SCB security protocols have been breached.

2) 38 isn't even 2 score!!

If I were SCB I would be asking for an apology from who ever put this stupid headline out.

Skimming is a world wide problem, not just Thailand/Asia. It was a major issue in the UK for years until the banks adopted imbedded chips instead of only magnetic stripes. Its not as widely reported as its an accepted business risk for the banks. In my experience, if a machine has been compromised by a Skimming device the bank will take responsibility; if its an individual transaction then its have to prove that the card holder wasn't complicit in the transaction....

How many readers happily pass their cards to complete strangers when transacting via cards in hotels/restaurants etc.?

Equally its not a Visa/MC as most Thailand based transactions on Thai bank cards would use a propriety card system like "Plus" for this type of transaction.

[Jonners]

I had an experience with SCB where an ATM failed to dispense cash but my account was debited for it anyway (20,000 THB), My wife and I took it up with SCB, They looked into it and credited it back to my account within 24 hours.

[biplanebluey]

I heard on the news yesterday that Microsoft have stopped support and updates for WINDOWS XP.

apparently this is the software used by many banks for ATMs and as such are now potentially more at risk from hackers etc.......... Could this be the first of many?

The accounts were not "hacked" as has been pointed out already! They were accessed as intended by criminals who stole the account credentials from careless ATM card holders.

"careless ATM card holders" ???????? We have already been told that the skimming device is almost undetectable.They do not put a piece of cardboard over it with a hole cut in it !!!!!!!! For heavens sake stop trying to be so self-righteous and show some sympathy.It's with people like you that I wish it would happen to,Just to see how you like losing half a million Bt.

[MMarlow]

SCB has frozen the ATM cards of the 38 victims and will be responsible for the stolen money, he added.

Is this a first in Thailand?? Someone is actually doing the right thing!!!!!

No it's not a first. Similar things have been reported previously, but most TV posters prefer to ignore those reports.