Jump to content
Login with your Gmail HERE and start posting in seconds! ×

Swift moves to protect against bank/phone fraud in wake of Bangkok man's 900K loss

webfact

By webfact
in Thailand News

 Share

Recommended Posts

deepcell Advanced Member

deepcell

Posted
Posted
Quote

Meanwhile, Kasikorn have said that in future no password changes can be made through their call centre - customers must go into the bank branch and present proper ID.

wow! really? Another day I was trying to update my phone number with Santander, and it was not possible, should be done in person in the agency. Wife transfer money from her account via phone call and all she was asked was her id number(idcard) and account password, she uses KrungThai Bank.

Link to comment
Share on other sites
  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Confuscious Gold Member

Confuscious

Posted
Posted

As I read the story, the perp was going to buy something from the victim.
That's how he got the name, bank account, phone number, and other information about the victim.
Giving out this information is not unusual in business transactions.

The MAIN error lies with the phone company (TRUE) who gave the perp a copy of the SIM card without verifying the perp's identity.
 

The way "Phone Banking" is achieved in Thailand is prone to abuse.
If someone can get a copy of your SIM card (very easy to make a copy yourself)
That's why I have coupled my Phone Banking account (and other Internet Banking accounts such as Paypal) to a separate account with maximum 10,000Baht on it.
If someone would try to steal money from my Phone Banking account, he will be able to get at the most 10,000 Baht with a court case hanging over him.

Link to comment
Share on other sites
akampa Advanced Member

akampa

Posted
Posted
1 hour ago, Dustdevil said:

Very badly written headline is confusing. Every long head should have a verb, usually simple present tense. This one says "Swift moves..." so reading it we conclude instinctively that the subject is "Swift" and the verb is "moves." Instead the copy editor chose to use the noun phrase "Swift moves" and a string of words without a verb. This simply isn't done in professional news writing. It's high-schoolish, annoying, confusing and readers should not be faulted for making the wrong assumption based on bad writing.

I agree my initial thought was Swift  the term used in transferring funds around the world.

Link to comment
Share on other sites
Whyamiandwhatamidoinghere Silver Member

Whyamiandwhatamidoinghere

Posted
Posted

I ever gave a phone and sim to my friend.  She later relieved me of 10,000 baht and disappeared. That number was Suay so I went to AIS and told them I wanted a replacement Sim, since had proof I bought that Sim and my ID. When I put the Sim in my phone I started getting phone calls and messages from her friends. It also gave me access to her line chat and whatsapp. Hehe. Got my phone and money back once all of her boyfriends and I had a conference at Gulliver's Pub. Sorry to those to ruin their clandestine operations. But good people need to heed my post. 

Link to comment
Share on other sites
timewilltell Gold Member

timewilltell

Posted
Posted

I think it may be helpful to understand the Thai mentality regarding fraud and blame here. As a victim of fraud myself where I had a 30 year lease cancelled and two businesses stolen through fraud I can tell you that it is incredibly easy. Not only that but the courts do not seem to want to lay responsibility on anyone.

 

To transfer land or cancel a registered lease or car you need a proxy. Anyone can be the proxy - as stupid as you like. A proxy is a simple form which is signed supposedly by the grantee and two witnesses. It is not signed by the person acting as proxy and the courts place NO responsibility on the proxy to check with the person giving it that the signature is correct. In fact no one has to check at all, nit even the land office  So anyone can write one up, transfer your land or cancel your lease. No one will be held  to blame unless the person receiving the property has not paid for it. And they will have long since disposed of the property or money to prevent you getting any back since they planned the feaud in the first place 

 

If it is a company is being transferred then in contrast to the land office you will need the proxy certified by a lawyer at least, that it is indeed the signature of the person giving the proxy and the lawyer verifies he has checked the identity and that the grantee has signed in front of the lawyer. In one court case the lawyer was found guilty as the proxy form was a fraud and in a second case in identical circumstances the court took the evidence of the lawyer admitting he did not witness the signature and deduced it was careless so not criminal despite a specific law covering professionals verifying forged documents.  This shows the importance placed on fraud and responsibility and countering fraud in Thailand and the weak attitude of the courts towards it.

 

The victim is not protected as responsibility is avoided by anyone pretty much regardless of circumstance with an ' I didn't know' defence. And even if you win the court case - which is horribly expensice - you can forget getting your costs and often even your court fees are not recoverable 

 

So I am not surprised that neither bank nor phone company feel responsible and feel they can just walk away and dump the mess at the victims feet. Not surprised he had to deminstrate outside police hq and expose phone company and Bank in a viral social media expose which is the only way the bank was persuaded to offer even partial compensation. 

 

Thailand simply does not care about fraud and makes little to no effort to bring criminals to justice, happy to leave the victims devastated.

Link to comment
Share on other sites
oldsailor35 Ruby Member

oldsailor35

Posted
Posted
4 hours ago, meatboy said:

police are waiting to interview the THEIF, shouldnt he be arrested?

Don't worry, the police have broadcast the thief's name and where he comes from and that they are going to interview him soon !    :cheesy:

Link to comment
Share on other sites
abrahamzvi Advanced Member

abrahamzvi

Posted
Posted
4 hours ago, AlphMichaels said:

No clue why the author would twist this story to infer blame on SWIFT.  Poorly written and researched.  SWIFT has NOTHING to do with funds transfers or withdrawals..., they merely facilitate them and then only if it is an inter-bank transfer with a member bank. If it was an inter-bank transfer, why no mention of the bank that received the funds or its location??  

 

This is the exclusive responsibility of the bank and all here are 20 years behind the western world.  They refuse to invest in easy-to-use, highly secure online solutions.  SCB easy is a great example.  The site is horrendous.   

 

A great example of the pervasive incompetence and ineptitude in financials institution's quality of services.    

 

I think there is a linguistic misunderstanding here. All the heading says is that swift (fast, quick) moves (steps) are taken to..... I agree if one doesn't read the article, one can understand , or interpret  the heading in a way sayingthat SWIFT (the firm) moves to...

Link to comment
Share on other sites
thaibeachlovers Star Member

thaibeachlovers

Posted
Posted
5 hours ago, dcnx said:

They gave 900,000b of his money to a thief, and the best they can do is offer him a free phone and usage for a year?

 

Did I read that right?

No. The BANK gave his money to a thief because they allowed passwords to be changed by phone. IMO they are liable.

The phone company gave the bad man a sim card, but I can't see that they were legally liable for the money.

The real answer is to never put anything on electronic media that makes one liable to fraud. I would never put anything on line unless I have no other option.

Link to comment
Share on other sites
Moonlover Ruby Member

Moonlover

Posted
Posted
3 hours ago, varun said:

Somebody please explain to me how the transfer of funds actually happened.

 

Correct me if I'm wrong:

 

The final frontier in the chain was the KBanking App.

 

1) The perp setup the app on his phone with the victim's credentials and initiated a transfer from the victim's account into his own.

2) The prerequisite to perform the above was that the app had to be 'bound' to the SIM card/number of the victim.
3) This is where the perp was able to get a new SIM card in the victim's name.

4) Since he presumably knew the victim's account number & account name, he requested a OTP from the bank

     to setup the app with the new SIM card.

 

Am I missing something here?

Yes Varum, you are missing something here!

 

To gain on line access to the victim's account Mr. Theuangphon had to have two vital pieces of confidential information. The USER NAME and the PASSWORD. Only then could he have made an on line transfer. The OTP is the last link in the transfer chain. So, just how did this Mr. Theuangphon get to know those two vital bits of information?

 

There's more to this than meets the eye

 

Link to comment
Share on other sites
thaibeachlovers Star Member

thaibeachlovers

Posted
Posted
1 hour ago, timewilltell said:

I think it may be helpful to understand the Thai mentality regarding fraud and blame here. As a victim of fraud myself where I had a 30 year lease cancelled and two businesses stolen through fraud I can tell you that it is incredibly easy. Not only that but the courts do not seem to want to lay responsibility on anyone.

 

To transfer land or cancel a registered lease or car you need a proxy. Anyone can be the proxy - as stupid as you like. A proxy is a simple form which is signed supposedly by the grantee and two witnesses. It is not signed by the person acting as proxy and the courts place NO responsibility on the proxy to check with the person giving it that the signature is correct. In fact no one has to check at all, nit even the land office  So anyone can write one up, transfer your land or cancel your lease. No one will be held  to blame unless the person receiving the property has not paid for it. And they will have long since disposed of the property or money to prevent you getting any back since they planned the feaud in the first place

 

If it is a company is being transferred then in contrast to the land office you will need the proxy certified by a lawyer at least, that it is indeed the signature of the person giving the proxy and the lawyer verifies he has checked the identity and that the grantee has signed in front of the lawyer. In one court case the lawyer was found guilty as the proxy form was a fraud and in a second case in identical circumstances the court took the evidence of the lawyer admitting he did not witness the signature and deduced it was careless so not criminal despite a specific law covering professionals verifying forged documents.  This shows the importance placed on fraud and responsibility and countering fraud in Thailand and the weak attitude of the courts towards it.

 

The victim is not protected as responsibility is avoided by anyone pretty much regardless of circumstance with an ' I didn't know' defence. And even if you win the court case - which is horribly expensice - you can forget getting your costs and often even your court fees are not recoverable

 

So I am not surprised that neither bank nor phone company feel responsible and feel they can just walk away and dump the mess at the victims feet. Not surprised he had to deminstrate outside police hq and expose phone company and Bank in a viral social media expose which is the only way the bank was persuaded to offer even partial compensation.

 

Thailand simply does not care about fraud and makes little to no effort to bring criminals to justice, happy to leave the victims devastated.

Did you know that before leasing property and opening businesses in LOS, or did you not do any research?

Sorry, but all that has been well known by anyone spending more than a two week holiday in LOS.

I understand that you feel agrieved at your loss, but Caveat Emptor is the watchword in Thailand, and has been for as long as I have been visiting.

 

Not for nothing have I and many others been warning not to invest/ spend/ give any more than one can afford to lose in LOS.

 

Not trying to attack you personally, but anyone else reading this might take the advice and save themselves a whole heap of regret.

Link to comment
Share on other sites
OMGImInPattaya Platinum Member

OMGImInPattaya

Posted
Posted
6 hours ago, dcnx said:

They gave 900,000b of his money to a thief, and the best they can do is offer him a free phone and usage for a year?

 

Did I read that right?

No, you read it wrong. Kasikorn bank held the money and transferred it to the thief. The bank has offered full restitution of the stolen funds. True didn't follow their own procedures and mistakenly issued a replacment SIM which was used in the bank fraud. They have offered a new phone (probably any model) and a years free service, which seems appropriate.

 

As to the victim, I would suggest to him and all others with local bank accounts to set the daily and per transaction limits on transfers to some reasonable amount (depending on one's wealth and what the account is used for...for me it's B 50k). This fella seems to have had no limits if his entire account was drained (maybe he didn't have SMS account activity notifications on either).

Link to comment
Share on other sites
Hawk Silver Member

Hawk

Posted
Posted
19 minutes ago, Moonlover said:

Yes Varum, you are missing something here!

 

To gain on line access to the victim's account Mr. Theuangphon had to have two vital pieces of confidential information. The USER NAME and the PASSWORD. Only then could he have made an on line transfer. The OTP is the last link in the transfer chain. So, just how did this Mr. Theuangphon get to know those two vital bits of information?

 

There's more to this than meets the eye

 

 

Usually people keep the user name showing at all times, there is a little box that asks whether you want the machine to permanently remember your user name and password. If the password is not available then a simple request will have it sent to your mail box, as the crook had the same sim number then google, gmail or whatever will automatically connect to it.

Link to comment
Share on other sites
elgordo38 Gold Member

elgordo38

Posted
Posted
5 hours ago, meatboy said:

police are waiting to interview the THEIF, shouldnt he be arrested?

He has been ordered to report to his local police office no doubt. One thing I have noticed here once a Thai company/individual has your money their hand closes like a steel trap. Trying to get all or part of it back should a problem arise is nigh impossible. Its gone wave goodbye. The country itself wants tourists to come and spend but the country per se is very slow in spending money to spruce up tourist venues to keep em coming. They only seem to emerge when a disaster happens to tourists and then your guaranteed a visit from the TAT lady with a bouquet of flowers and a free round trip air line ticket to return at a future date. 

Link to comment
Share on other sites
OMGImInPattaya Platinum Member

OMGImInPattaya

Posted
Posted
5 hours ago, AlphMichaels said:

No clue why the author would twist this story to infer blame on SWIFT.  Poorly written and researched.  SWIFT has NOTHING to do with funds transfers or withdrawals..., they merely facilitate them and then only if it is an inter-bank transfer with a member bank. If it was an inter-bank transfer, why no mention of the bank that received the funds or its location??  

 

This is the exclusive responsibility of the bank and all here are 20 years behind the western world.  They refuse to invest in easy-to-use, highly secure online solutions.  SCB easy is a great example.  The site is horrendous.   

 

A great example of the pervasive incompetence and ineptitude in financials institution's quality of services.    

 

What relevancy is the name of the receiving bank...they had ansolutely nothing to do with the chain of events causing the theft? Agree that the SWIFT in the headline just shows the ignorance of the author as it had nothing to do with this incident.

 

I don't feel the Thai banking system or their websites are insecure. My experience with doing all manner of transfers and online banking transactions is that to move any amount of money from my account to another as a transter or payment requires 2-step verification through my mobile phone. This is, as I understand it, one of the most secure ways to secure an account.

Link to comment
Share on other sites
Moonlover Ruby Member

Moonlover

Posted
Posted
2 minutes ago, Hawk said:

 

Usually people keep the user name showing at all times, there is a little box that asks whether you want the machine to permanently remember your user name and password. If the password is not available then a simple request will have it sent to your mail box, as the crook had the same sim number then google, gmail or whatever will automatically connect to it.

Sorry Hawk, but I beg to differ. The information that your refer to is held on the device, not the SIM. As the perp obtained a replacement SIM that had never been installed in the victim's (if that's the right word) device, it could not possibly hold the account access information.

 

Further, if I thought, for one moment, that I could obtain my password with a 'simple request', I would never use on-line banking again!

Link to comment
Share on other sites
Hawk Silver Member

Hawk

Posted
Posted
2 hours ago, SOTIRIOS said:

...hope this sets a precedent....

 

...had read of a few foreigners whose money disappeared from account...and they got nothing back...any chance for them...???

 

People have been coming to Thailand for years skimming  and scamming bank accounts, the police actually catch some now and again but Thai banks are not safe and never will be and they normally refuse to take responsibility for any losses. The government's "Prompt Pay" system is set to be a nightmare for  all Thai people, all losses will be the customer's responsibility, and I'm sure the fake Thai ID card industry will be back in full operation.

The main weakness is the staff who don't think, don't like to be rude by asking lots of questions, coupled with a large streak of laziness.

Link to comment
Share on other sites
Songlaw Senior Member

Songlaw

Posted
Posted
4 hours ago, oldlakey said:

Was the phone any good

Nice shooting. Unfortunately, among the typos, was an 'if.' So as of his writing, ezzra had not found himself eligible for the 'consolation prize.'

Link to comment
Share on other sites
OMGImInPattaya Platinum Member

OMGImInPattaya

Posted
Posted
4 hours ago, pkspeaker said:

still dont understand what happened.. he got a new simcard as if the old phine card had been lost.. didn't the victims phone immediatly go offline, or rather cant they tell that the simcard is still responding to the network as the victims phone would still be on.. and what is this 'password'. when i wire money from a desk like that picture shows i need the passbook and my passport id... ?

I think the picture is at the True office where he obtained the SIM card. There are still lots of details about the story that are left out as you point out. The big one being how exactly did the thief gain access to the victims account to transfer money out? Having someone's phone number, even their SIM card, hardly gives one access to their branch or online bank accounts. 

Link to comment
Share on other sites
Hawk Silver Member

Hawk

Posted
Posted (edited)
11 minutes ago, Moonlover said:

Sorry Hawk, but I beg to differ. The information that your refer to is held on the device, not the SIM. As the perp obtained a replacement SIM that had never been installed in the victim's (if that's the right word) device, it could not possibly hold the account access information.

 

Further, if I thought, for one moment, that I could obtain my password with a 'simple request', I would never use on-line banking again!

 

The sim connects you to the internet, so as he had the right phone number google etc would automatically accept it and pass the information to his mail box. Google  recognizes both number and device and will ask if it was you who used another device to sign in, so the guy says yes. The bank account is not on his device its in the cloud.

Check out how easy it can be to get a password that you have "forgotten".

Edited by Hawk
Link to comment
Share on other sites
OMGImInPattaya Platinum Member

OMGImInPattaya

Posted
Posted
3 hours ago, Confuscious said:

As I read the story, the perp was going to buy something from the victim.
That's how he got the name, bank account, phone number, and other information about the victim.
Giving out this information is not unusual in business transactions.

The MAIN error lies with the phone company (TRUE) who gave the perp a copy of the SIM card without verifying the perp's identity.
 

The way "Phone Banking" is achieved in Thailand is prone to abuse.
If someone can get a copy of your SIM card (very easy to make a copy yourself)
That's why I have coupled my Phone Banking account (and other Internet Banking accounts such as Paypal) to a separate account with maximum 10,000Baht on it.
If someone would try to steal money from my Phone Banking account, he will be able to get at the most 10,000 Baht with a court case hanging over him.

You can have all that information, which as you say is used in a tyoical business transaction, but without the bank online password doesn't get you anywhere. That's what's missing here...how did the alledged buyer get the password to access the seller's online bank account? Also, is it said if the funds transfer was initiated at a branch or online/mobile?

Link to comment
Share on other sites
Minnehaha Silver Member

Minnehaha

Posted
Posted
6 hours ago, trogers said:

The free phone and a year's usage are so that the victim can lose another Bt900...

 

phone companies here are essentially monopolies. TOT is obviously. This has been an issue forever. so, they dont really care about customers. they don't have to care. it costs too much

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.









×
×
  • Create New...