It's simple ATM card fraud, nothing to do with Internet banking. (Or is anybody using ATM cards for Internet banking?)
As long as local banks are too lazy, complacent, stingy (call it whatever you want) to issue ATM cards and ATM systems using security chip there is a possibility for ATM card frauds. Has happened in European countries on a large scale: ATM were compromised by installing additional readers around the slot, the content of magnetic stripe was read and stored. In addition, a small camera was placed above the keyboard. This way the gangsters got the card and the PIN. Some of these ATM installations had even WLAN links so that the data were transferred immediately. Creating a new card is a matter of seconds. The idea is just that small amounts being withdrawn might go unnoticed.
thank for the info, I just checked my account. nothing happen to me
Additional measures are in place in atm to prevent id theft, but what about those nets payment kios from retail shop and carpark? Maybe they should also implement 2FA for atm withdrawal to reduce such threat .
TV News say 2 ATMs at Bugis have been compromised.
If you have been there and withdrawn money recently, watch your bank account.
This fraud requires at least two elements.
1. The ability to reproduce your card. i.e. somehow in your routine Nets purchase you may have handed the card to some cashier who got a machine to secretly phish your ATM card. Or they have a device at the ATM itself.
2. The ability to capture your PIN. This can be done by computer data capture or by a secret camera filming your PIN entry.
If you checked your account and you feel safe, don't relax. Keep checking the next few weeks.
The fraudsters may have your (recreated) ATM card + PIN but have not yet withdrawn money from your account.
One last thing.
400 accounts were affected. In view of the large number of accounts compromised, I am not discounting the possibility of an inside job.
Last edited by ricohflex; 7th January 2012 at 10:22 AM.
this clone atm card is not a new technology, it has been reported in several other country; but i guess in Singapore is not this case but rather then the NETS payment from rogue shop. The rogue shop can modified the NETS machine + camera to capture the PIN, some people tot that SG so safe and no need to hide their pin.. i also do that sometime
Last edited by voxies09; 7th January 2012 at 10:05 AM.
Canon Kiss X4 | 18-55mm f3.5-5.6 IS II Kit lens | 50mm f1.8
to those who use DBS / POSB ATM last year or specifically at Bugis to change PIN asap or close their account n re-open a new one if you are a die-hard fan of DBS/POSB
1) If a fraudster stole the ATM card details and also the PINs (supposedly at the alleged 2 Bugis ATMs). That was in November 2011 according to the news. You mean that he waited until early Jan 2012 to start stealing money? Does it make sense?
2) Normally in any banking fraud case e.g. internet banking fraud or ATM card skimming; a bank is strongly defensive and upfront will contend that it may have been the account holders' fault in not keeping their PIN private and secure possession of their ATM cards. But now the bank is so generous in replacing the money stole within 24 hours. It is good of them though, not complaining here. Not the normal way they handle such issues and out of character.
3) If a fraudster was so skilled at ATM skimming that he can steal from ANY bank, then money is still money no matter which bank he steals from. So why would he concentrate on stealing ONLY from DBS/POSB bank when there are so many other banks such as OCBC, Standard Chartered, UOB, Citibank, etc to also steal from at the same time? Why is the theft/fraud confined only to 1 bank?
4) Why the fraudster withdrew from ATMs ONLY in Malaysia and not in Singapore or other nearby countries? Are the ATMs in Malaysia less secure with no CCTV to record the person doing the withdrawal? Any other reasons that we did not think of?
5) Before a debit card / ATM card is issued by any bank, some one has to make the card. What are the internal and external controls to ensure security of the computer data in the magnetic stripes and the original PIN issued to card holders. Card holders may or may not change the original PIN to their own. Hypothetically, if there is a leak, and card holders do not change PIN, then no need to skim.
6) Did all the account holders of the 400 compromised accounts use the alleged 2 Bugis ATMs during November 2011? This part not clear. Maybe need to read the news again.
Last edited by ricohflex; 7th January 2012 at 03:13 PM.
2. They act fast you also complain...
3. Maybe because DBS/POSB has the most ATM?
4. Maybe their home base is in MY?
5. This is really the responsibility of the card-holder. But if you are issued the card over-the-counter you have to assign a PIN before it is activated.
From CNA article:
"Speaking for the first time publicly on the incident, Mr Gupta added that there's no "internal involvement" in the fraud incident."
Actually he cannot and should not make such a public declaration, when the entire case is still under Police investigation. And no arrests have been made yet.
He is not God and he is not All-Knowing, omni-present and omni-potent.
So how can he know for sure, at this early stage?
The Singapore Police and Malaysian Police will have to make the arrests, interrogate the fraudsters and charge the fraudsters in court.
Only then will anyone know whether the fraudsters have any insider collusion or whether the fraudsters were the staff or whether the fraudsters were working alone without any internal involvement.