Jump to content
MCF HangOut X Lexus – 9 May 2024, Lexus Boutique ×

SIC: DBS OTP Credit Card Fraud

BabyBlade

By BabyBlade,
in Lite & EZ

 Share

Recommended Posts

BabyBlade

BabyBlade

Internal Moderator

fraud.thumb.jpg.e179e8c30fe943166121f51d8d29e8c6.jpg

https://m.facebook.com/story.php?story_fbid=10157731133872610&id=572922609

OTP FRAUD

So this happened months ago, in January 2021, and has dragged on long enough to wear us out.

At this point, we are helpless and have no idea how to move forward. It seems the last resort is to refer the case for adjudication and risk DBS retracting their offer of waiving 30% of the amount (and having to pay a 5-figure sum).

Here’s what happened:

Sometime in early January 2021, I tried using my supplementary credit card to make a purchase online but the transaction could not go through. I thought there was a glitch and simply used another card to make the purchase. A few days later, I tried using the same card and was told that my card was declined. Curious, I called DBS to find out why I hadn’t been able to use my card. It was then that I found out that I had almost exceeded the credit limit. Baffled, I asked for details of the transactions charged to my card since I only recalled using it for some items we needed for our new home. To my horror, I learnt that a total of SEVEN consecutive transactions were charged to my card, each amounting to approximately $1,400. The total damage was $10,150. Note that we had not received the hard copy of our credit card statement then. I informed the staff that I most definitely did not carry out these transactions and requested that they look into the case. Unfortunately, the bank told us that there is no way they are able to refund the money because these were secure transactions, made with OTP.

But guess what? I did NOT receive any OTP for these seven transactions at all. The bank claimed I could have keyed in the OTP by mistake. But seven times?! Did the bank seriously think I would be tricked into giving the OTP to a stranger seven times? Long story short, we are liable for the charges.

We were advised to lodge a police report so the police could investigate the matter, and were told that an investigation could help with our request for a refund. Imagine being told that there’s nothing you can do but to pay $10,150. I was heavily pregnant then, and was sooo flustered 😭 We rushed to the nearest police station to lodge a police report.

So these seven transactions were made to TransferWise (now Wise), a website for monetary transfers abroad. Neither of us knew of TransferWise until this incident. The following morning, I called TransferWise to see if there was anything they could do. The transactions had gone through and there was no way they could reverse the transactions. By the time I called, they had suspended the account used to process these transactions. I was told that the bank had brought to their attention that the account could possibly have been used in a case of fraud, so they acted on the bank’s suspicion and suspended the account. A check showed that the transactions were wired to a Malaysian company, CWP Global Enterprise. The transactions were transferred and processed in ringgit. I then called the police officer assigned to our case and told her of what I had learnt and was asked if I could make a trip down to the station to add these details to my statement.

The police has since concluded the case with no favourable outcome. We were told that there were no more leads so her superior advised her to conclude the case. She interviewed the TransferWise account user and found that it was a case of identity theft. Someone had used this person’s personal details to create an account on TransferWise. The transactions were not carried out by this person.

A dead end is what we’ve come to. The bank refuses to do anything about the case and insists that we pay the sum of $10,150. In fact, they were unwilling to waive the monthly interest while the police investigation was ongoing. We explained that we had lodged a police report and were waiting for the police to get back to us. Still, they did not want to waive the interest of a few hundred bucks despite my husband putting in an appeal. If we had done nothing, the amount would have snowballed in no time. So I told hubby to go to our MP to see if he could get the bank to waive the interest for us. Days after Ethan’s birth, N went to see our MP, Mr Gan Kim Yong. His assistant helped send an email to Monetary Authority Of Singapore and DBS. The following day (yes, all it took was a day), a manager from DBS called N and told him that the bank would waive the interest for us while the investigation was ongoing. How efficient.

Fast forward today.. We acted on the officer’s recommendation to bring our case to FIDReC, an independent and impartial alternative dispute resolution institution. The result? The bank explained that all the disputed transactions were deemed authorised by me since they could only go through with SMS OTPs. There were apparently SMS alerts sent to my mobile number once each disputed transaction was completed. At this point, I wish to reiterate that I did NOT receive a single SMS OTP or alert regarding any of the seven transactions, so help me God.. We are clearly victims of a fraud case. What do we do now? 😭

StarHub says they are only able to track incoming and outgoing calls, and outgoing messages — basically, “anything chargeable”, according to the customer service representative I spoke with. I asked if receipts of text messages are recorded in their system, and was told that Singapore Police Force would have to approach StarHub HQ for access to this data (still unsure at this point if they even have this data). This was communicated to the police officer but as I have said above, there is no favourable outcome — to be honest, I am not sure if she tried.

Has any of you experienced something similar? Or do you know of someone who experienced something similar? If it’s not too much trouble, please help to share this post. Thank you 🙏🏼

EDIT:
We did try to escalate the case to a higher authority i.e. the head of credit cards. Was told he would get the frauds team to look into the case, and that they’ve not encountered bypassing of OTP before. Frauds team concluded it isn’t fraud because the transactions are “secure with OTP”. I realised I didn’t mention that a total of 10 transactions were made and 7 went through because DBS only started to reject after the 7th transaction and sent a message or email to Wise warning of possible fraudulent activity. Yet they are telling me this isn’t fraud 🙄🤷🏻‍♀ This, I found out through Wise, not DBS. The bank did not inform me about the attempt to charge 10 transactions to my card.

https://mothership.sg/2021/06/dbs-credit-card-fraud-bypass-otp-sms/

↡ Advertisement
  • Praise 5
  • Shocked 1
Link to post
Share on other sites
Jamesc

Jamesc

Hypersonic

So she is willing to pay the $10,150

but didn't want to pay the interest?

:D

I wouldn't want to pay even one cent.

Having said that

How come only she had this problem?

  • Praise 1
Link to post
Share on other sites
Invigorated

Invigorated

Supercharged

even without OTPs, smses should have been sent to cardholders for such repeated transfers that resulted in bursting of the credit limit.

a couple of red flags here that DBS may consider looking into. I have had the privilege of banks proactively stopping dubious transactions (not from dbs though).

Plus.. I wonder if it may be possible that the company that took the transfer may have wired it over using POS terminals instead? 

Starhub would actually have a major role to play in checking on whether the OTPs came in and the police have to pursue this as they wont care about the end users. These parties would all have to come together and if the lady has indeed no idea of these transactions, she should really just wait out for these agencies to do the necessary.

my 2c, don't give a cent.

  • Praise 1
Link to post
Share on other sites
Invigorated

Invigorated

Supercharged

https://www.tomsguide.com/news/why-to-use-authenticator-app

"Vice News reporter Joseph Cox worked with a white-hat hacker to demonstrate how easy it was to reroute SMS text messages intended for Cox's T-Mobile phone to a different phone number controlled by the hacker. Cox never got the texts at all, nor did he get any notifications on his phone that the texts were being redirected."

Has been done and its one way for hackers to gain entry to OTPs.

For grab now, they seem to have implemented 3fa for some transactions as you have to key in another pin for certain grabcard payments.

  • Praise 3
  • Shocked 1
Link to post
Share on other sites
1fast1

1fast1

Supersonic
(edited)
6 minutes ago, Chongster said:

i just bought somethin from lazada using a amex card, no otp leh

My Shopee small value transactions also no OTP. But I have SMS alerts turned on for even sub dollar transactions. 

Oh and thankfully, I *don't* use any DBS/POSB credit or debit cards. Just an ATM card.

Edited by Turboflat4
  • Praise 2
Link to post
Share on other sites
D3badge

D3badge

6th Gear
(edited)
5 hours ago, Chongster said:

i just bought somethin from lazada using a amex card, no otp leh

same for Amazon, because OTP dun always needed in foreign website! in short for whatever reason you lost ur card details, someone pass it to somebody overseas and amount is not in millions not worth overseas police resources to investigate and also because different countries jury, you are quite gone!

globalisation cross boarder risk somethings people always overlook!

Edited by D3badge
Link to post
Share on other sites
Kyrios

Kyrios

Turbocharged

Hope this piyush gupta from dunno what worlds best bank can clarify..

Wait didnt this bank in recent days have issues with duplicate transactions?

  • Haha! 1
Link to post
Share on other sites
Spidey10

Spidey10

Supercharged

Shitty man....and the stress the pregnant lady have to endure...ahhhh

my experience many years ago with CC fraud...the bank waive our fraud transactions and then they went after the merchant to get the refunds (looks like is not the case now). they will ask the merchant to provide the copy of the scanned signature, or carbon copy of the slip...i guess now they dun have all these....

anyway, i seldom buy anything on line...i am old school, i like to see and feel my things when i buy...[laugh], no see, no touch, no buy...

  • Praise 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...