Thai man says bank and phone company should take responsibility for 1 million baht internet loss

[webfact]

Thai man says bank and phone company should take responsibility for 1 million baht internet loss

 

Image: Thairath

 

BANGKOK: -- A Thai man has made a complaint with Tech Police after he was robbed in a one million baht internet banking fraud.

 

Phansuthee Meeleukit, 28, is a man who sells car accessories online on Facebook. He says that he has lost more than a million baht after thieves used his details to contact a phone company for a new sim card then get a password from a bank under false pretences, reported Thairath.

 

But the bank and the phone company - both household names - refuse to take responsibility for his losses. Technology Crime Suppression Division police are investigating the matter.

 

Phansuthee said that on July 28th he received an inquiry for his goods from a man who said he wanted to buy 48,000 baht worth of merchandise.

 

He gave out his bank account number and ID number so that the transfer of funds could be effected.

 

But according to Phansuthee these details were used to get a new sim card from the phone company on his existing number. The thief then went to the bank and the new sim card was used to gain access to his internet banking account through a one time password.

 

More than one million baht was removed on the same day.

 

Source: Thairath

 

-- © Copyright Thai Visa News 2016-08-10

[robblok]

Scary, i have Thai internet banking too and you get codes send to you on your phone. So getting a new sim would help to intercept those codes.

 

The part that I don't understand is how they could get to his internet banking because that is protected with a separate password. 

[kotsak]

Banks and telcos now have cameras everywhere. Behind every clerk there is a ceiling mounted camera. They can easily find the related transaction timestamps and then locate the footage with the perpetrator's image in it. 

 

[KhunBENQ]

This "get a new SIM without proper identification" is unfortunately not limited to Thailand.

A while ago I read similar stories from Germany.

Some Telcos are more than frivolous with this.

 

 

What happened at the bank is a bit unclear to me from the report.

 

If there is no story behind it would indeed be two cases of extreme negligence.

[ClutchClark]

I deposited funds into someone elses Thai bank and only needed the account number--not the Gov't issued ID number. 

 

So if I read this correctly:

 

1) Victim provided telephone # and bank account # and ID details to bad guy. 

2) Bad guy gets new SIM card with vic's telephone number on it.

3) Bad guy goes to Bank and identifies himself as Victim.

4) Bank sends temporary account password texted to him at the phone number on new SIM.

 

Doesn't the bad guy still have to show the Bank an ID to receive funds?

 

I would say the ultimate responsibilty belonged to the Bank IF a Gov't issued photo ID is required to withdraw funds AND my wife says it is required.

 

Victim should not give out personal info.

Telephone company should not give out SIMs without photo ID.

 

But the Bank actually released the funds.

[jspill]

5 minutes ago, ClutchClark said:

1) Victim provided telephone # and bank account # and ID details to bad guy. 

 

Victim should not give out personal info.

 

When you enter the bank account number to make a transfer, on the next screen it shows the full name of the account owner. 

[ClutchClark]

3 minutes ago, jspill said:

 

When you enter the bank account number to make a transfer, on the next screen it shows the full name of the account owner. 

 

So this bad guy never actually went to the Bank then?

 

I don't quite understand the events but I would say the Bank is ultimately responsible since the vast majority of their clients send/receive wire transfers every day and there is a procedure to check ID.

 

Tough break for the victim but he should not have kept that kind of cash in one single account. 

I have money split up in seversl accounts and they are not electronically tied to each other.

 

I am old school.

 

 

[DLang]

This type of security lapse is why I do the following:

 

1 main Thai bank account for my main Thai money that no one knows about. One passbook, one ATM (non-debit card), both kept in separate places. No online account.

 

1 secondary Thai bank account that I top up with cash for everyday use, online banking, etc. Never an amount that I'd cry about losing.

 

This country is still in the jungle -age regarding security. Alai wa.

Edited August 10, 2016 by DLang

[DLang]

12 minutes ago, jspill said:

 

When you enter the bank account number to make a transfer, on the next screen it shows the full name of the account owner. 

 

I don't believe there was any need for him to pass out his ID details.

 

Bank account number, the name of the account owner, that should be it for someone to transfer money to your account.

Edited August 10, 2016 by DLang

[jspill]

3 minutes ago, ClutchClark said:

 

So this bad guy never actually went to the Bank then?

 

I mean, when you say 'he shouldn't have given personal info' I don't think he gave his name. The recipient's name shows up anyway when you go to make a transfer. At least that's how it works with Kasikorn.

[DLang]

Quote

The thief then went to the bank and the new sim card was used to gain access to his internet banking account through a one time password.

 

Check the account of the teller.

 

No ID or account passbook needed to get a password to the account....

 

Something tells me the teller has recently come into a little bit of cash.

Edited August 10, 2016 by DLang

[Kerryd]

30 minutes ago, robblok said:

Scary, i have Thai internet banking too and you get codes send to you on your phone. So getting a new sim would help to intercept those codes.

 

The part that I don't understand is how they could get to his internet banking because that is protected with a separate password. 

 

I'm guessing that when the thief went to the bank, he claimed to have forgotten his (iBank ?) password and requested a reset. The bank sent an OTOP to the phone number attached to that account (which he had because of the sim). Not sure how he'd have gotten the username for the account though unless he guessed it or someone at the bank showed him ?

 

Doesn't surprise me in the least though. Dear old (departed) dad's "girlfriend" was able to go to the bank and convince them to give her a new bankbook for his account (as I had taken the book, and ATM card, and Passport and everything else when dad died). She apparently had photocopies of his passport stashed and after he was dead she went to the bank everyday and withdrew 20,000 baht from his account until it was empty. I never notified the bank when dad died because I thought they were supposed to verify with him before allowing any withdrawals and I had his phone and everything else. By rights, no one should have been able to take anything from his account.

 

I couldn't touch the account until his will was probated and unfortunately, I had to go back to work a week after he died so I didn't have a lot of time to sort things out. 2 days after the cremation I was on my way back to work. When I got back 3 months later to do the probate of the will, that is when I found out what she'd done. Of course nobody at the bank knew how it happened. <deleted> - she'd even been checking his account balance regularly and when she saw an interest payment of a couple thousand baht deposited she was able to scoop that as well. Luckily she wasn't able to access his other (fixed term) account or his Canadian accounts. 

 

Lesson learned. Be like Fox Mulder and Trust No One !

[ClutchClark]

^^^KerryD^^^

 

I am sure sorry to hear that happened and hopefully your relating it now might be a warning to others here.

 

This electronic banking is something I do not trust even in the US.

 

[smedly]

I believe he convinced the bank he was the account holder showing his phone number and perhaps even a fake id card, he then requested a new password for his online login to the banking app on his phone which from there gave him full access to the account

 

IMO the bank failed on several security related issue here, but I would also say that there is always the possibility that the owner of the account was involved in this scam......I wouldn't rule it out 

[chainarong]

2 hours ago, KhunBENQ said:

This "get a new SIM without proper identification" is unfortunately not limited to Thailand.

A while ago I read similar stories from Germany.

Some Telcos are more than frivolous with this.

 

 

What happened at the bank is a bit unclear to me from the report.

 

If there is no story behind it would indeed be two cases of extreme negligence.

Awhile back the bank I used  in OZ had this plus a pendant that came up with a six set of numbers, I used the pendant, another in HK just used a pendant, the bank I am with now uses a password and also sends a SMS to let you know if money has been transferred.  

[balo]

Poor man , he's been running a great business and now all his savings are gone in a few seconds.  The lesson to this story is to have a separate bank account not connected to any ATM card or internet banking where you keep most of your money .    

[Udox]

Doesn't it give you a nice warm feeling that the new immigration form asks for your bank account number, phone number, home and Thai address, facebook and email accounts, date of birth, passport No. & even your parents names.

And then they re-cycle many of their forms to use as photo-copy paper for the next customer.

 

It's only a matter of time.................

[SOTIRIOS]

....might be possible....and yet.......

 

...the question is...why would they issue a SIM Card to anyone except The Account Holder...which requires an ID Card...

[seajae]

I have to use a password with my bank account online or have my passport at the bank itself, thais need their id cards, an ID number is not required to transfer money, just a name and account number, definitely something fishy here. Anyone using an online account knows not to give out anything more than required but really have to wonder how they were issued a new pin without an ID card and how the bank allowed them to access the account as well, doesnt ring right to me, some suspicion has to go onto the account holder or someone involved at the bank for this to happen as stated.

 

 

[bark]

5 minutes ago, seajae said:

I have to use a password with my bank account online or have my passport at the bank itself, thais need their id cards, an ID number is not required to transfer money, just a name and account number, definitely something fishy here. Anyone using an online account knows not to give out anything more than required but really have to wonder how they were issued a new pin without an ID card and how the bank allowed them to access the account as well, doesnt ring right to me, some suspicion has to go onto the account holder or someone involved at the bank for this to happen as stated.

 

 

Agreed. By George, I think you got it.

[snowgard]

Something stink!!! For every small change (phone-no, pin, email, ...) I must apply self in person at my Thai bank, sign a lot of forms and they make every time a copy of my passport. And this every time I want change something.

 

Something stink!!! About this the bank reject it!!!

[clockman]

Name the bank!

[2008bangkok]

As far as I was aware if you got a new Sim card it would deactivate the old one, you cannot have 2 Sim cards with the same number ringing at the same time unless one was data only and they don't receive SMS.

[Norvid]

It looks from what I read that: 

1. he gave all unnecessarily information to the thief,
2. the bank teller was somehow involved in the scam,
3. he the alleged victim was part of the scam. 

By the way, I'm getting at least two scam proposals per week. This is an internet today and multitude of pretenders from regular barely English speakers to sophisticated scammers, who actually make a mistake in correspondence.  Check on Skype their faces (they will have an excuse not to be there), check on Google their full names, check with a company they suppose to represent (right to them and wait for an answer), before you deal with them. There are sheikhs -presidents-ministers-princes-all deceitful  identities with real pictures -real companies, only they are PRETENDERS - SCAMMERS. 

[carlyai]

8 hours ago, kotsak said:

Banks and telcos now have cameras everywhere. Behind every clerk there is a ceiling mounted camera. They can easily find the related transaction timestamps and then locate the footage with the perpetrator's image in it. 

 

Yeah, cameras everywhere...good thing.

 

I had experiece with a camera at a 7 service station store.

 

I went in and wanted B1000 true money.

 

I got two slips of paper and left.

 

About 3 hours later at home i went to top up my internet subscription with the B1000, on two slips, but each slip was only for B50 not B500.

 

So I thought the cashier had dudded me, so i went back, saw the manager and explained the problem.

 

All nice and friendly. She said 'wait' and left the store.

 

So i waited and waited, but the staff kept smiling and saying 'wait'.

 

About 20 min later the manager came back with a small tablet and replayed the video of me entering the store, giving over the B 1000 for the true money, and, me getting the change, which i had completely forgotten about.

 

The cashier just didnt understand me.

 

I gave them another B1000 and got my 2 B500 true money chits.

 

So....it's all there on the cameras, every transaction, and i would suspect the bank to be the same.

[Jiu-Jitsu]

With my current TRUE H SIM, I get regular updates from someone's K Bank account. I have no idea as to who it belongs. I keep meaning to pop along to a K-Bank in order to get them to take the number off the offending account.

[Keesters]

16 hours ago, clockman said:

Name the bank!

 

They have not been found guilty of any wrongdoing yet. How would you like your name plastered all over the Internet when someone accused you of something you were perhaps not guilty of?

 

 

[jonclark]

21 hours ago, ClutchClark said:

I deposited funds into someone elses Thai bank and only needed the account number--not the Gov't issued ID number. 

 

So if I read this correctly:

 

1) Victim provided telephone # and bank account # and ID details to bad guy. 

2) Bad guy gets new SIM card with vic's telephone number on it.

3) Bad guy goes to Bank and identifies himself as Victim.

4) Bank sends temporary account password texted to him at the phone number on new SIM.

 

Doesn't the bad guy still have to show the Bank an ID to receive funds?

 

I would say the ultimate responsibilty belonged to the Bank IF a Gov't issued photo ID is required to withdraw funds AND my wife says it is required.

 

Victim should not give out personal info.

Telephone company should not give out SIMs without photo ID.

 

But the Bank actually released the funds.

 

Agreed and to add...is running a business ie selling stuff through facebook legal? Hope he pays tax??

[DrTuner]

Keep your money overseas and only have what you need here. Applies to Thais too.

[jacko45k]

On 10/08/2016 at 6:03 AM, ClutchClark said:

I deposited funds into someone elses Thai bank and only needed the account number--not the Gov't issued ID number. 

 

So if I read this correctly:

 

1) Victim provided telephone # and bank account # and ID details to bad guy. 

2) Bad guy gets new SIM card with vic's telephone number on it.

3) Bad guy goes to Bank and identifies himself as Victim.

4) Bank sends temporary account password texted to him at the phone number on new SIM.

 

Doesn't the bad guy still have to show the Bank an ID to receive funds?

 

I would say the ultimate responsibilty belonged to the Bank IF a Gov't issued photo ID is required to withdraw funds AND my wife says it is required.

 

Victim should not give out personal info.

Telephone company should not give out SIMs without photo ID.

 

But the Bank actually released the funds.

I believe he simply needs to set up a transfer to a new recipient and transfer the funds there. That requires a one time password via SMS. Usually transfers are temporaraily limited to a new recipient for a short period. Quite a slick operation highlighting the dangers of providing too much information... identity theft. Sort of like how every single Expat in Thailand on an extension has to do each year.