Thread: Check your bank transactions....

Originally Posted by Joe 90

Casting doubt on the banks liability, nice.

Inside job it is then, with the BIB involved.

Great for consumer confidence...

Since this has happened to customers of all banks, it's almost certainly not a bank that has been compromised.

I sincerely doubt the BiB have enough brain cells between them to engineer this kind of scam.

But yes, it only goes to show that cash is king.

Someone actually did point out that Lazada was breached in the last year....

Banks to return money to cardholders who encounter recent irregular transactions

BANGKOK (NNT) - Abnormal money deductions through accounts tied to people’s credit and debit cards have affected many card users this month, with banks having identified irregular transactions involving 10,700 cards so far. The Bank of Thailand said debit cardholders will have their money returned within 5 working days and banks will now implement verification steps for transactions involving very small amounts.


Thai Bankers’ Association President Payong Srivanich disclosed that irregular transactions were detected in 10,700 card accounts upon inspection of data from the start of October until October 17. Most of the transactions occurred between October 14 and 17, and involved debit cards and credit cards in roughly equal proportions. However, about 30 million baht of damage was incurred through debit cards whereas about 100 million baht was incurred through credit cards. Mr. Payong reasserted that the fraudulent transactions did not stem from data leaks, but were the results of the perpetrators producing random card numbers and ordering small amounts of deductions that bypassed the verification system in place.


Bank of Thailand Assistant Governor Siritida Panomwon Na Ayudhya, who is in charge of the BOT’s Payment Systems Policy and Financial Technology Group, said the central bank is working with the bankers’ association to put in place measures to prevent the problem. Scrutiny over irregular transactions has now been expanded to cover small, recurring amounts. Banks will immediately suspend card use upon discovering an irregular transaction and will inform the cardholder through all available channels. Banks will also be on a special lookout for overseas transactions.


Miss Siritida added that debit cardholders will have the stolen amount returned within 5 working days whereas banks will simply cancel the fraudulent transactions in the case of credit card holders, who will not need to pay for any amount or for interest incurred from the irregular transactions. She said the BOT will discuss implementing additional transaction verification steps with card providers such as Visa and Mastercard, but said any new system would have to be accepted by online vendors in Thailand as well as abroad.

https://thainews.prd.go.th/en/news/d...11019172044658

Mr. Payong reasserted that the fraudulent transactions did not stem from data leaks, but were the results of the perpetrators producing random card numbers and ordering small amounts of deductions that bypassed the verification system in place.

So not only can they "randomly generate" card numbers that have a check digit built in, but "randomly" guess the correct name and expiry date (and possibly even CVV)?

Perhaps it was monkeys with typewriters that came up with the data.

Originally Posted by harrybarracuda

ordering small amounts of deductions that bypassed the verification system in place

happened to me last month. And not in Thailand…

Mr. Payong reasserted that the fraudulent transactions did not stem from data leaks, but were the results of the perpetrators producing random card numbers and ordering small amounts of deductions that bypassed the verification system in place.

Originally Posted by harrybarracuda

So not only can they "randomly generate" card numbers that have a check digit built in, but "randomly" guess the correct name and expiry date (and possibly even CVV)?

Perhaps it was monkeys with typewriters that came up with the data.

I reckon he's talking about some sort of computer-based randomisation, and this is just a poor translation by a reporter who doesn't understand it.

Happens a lot here.

It would be interesting to find out if any foreigners have been affected by this. I'd guess 'no'.

Originally Posted by cyrille

I reckon he's talking about some sort of computer-based randomisation, and this is just a poor translation by a reporter who doesn't understand it.

Happens a lot here.

It would be interesting to find out if any foreigners have been affected by this. I'd guess 'no'.

this first came to light on the other planet by a farang on the 12th.oct.and since many others have had the same problem,but it was channel 3 news that reported it days after,many foreignsrs have been affected,so far about 50thousand at the last count.

Originally Posted by cyrille

I reckon he's talking about some sort of computer-based randomisation, and this is just a poor translation by a reporter who doesn't understand it.

Happens a lot here.

It would be interesting to find out if any foreigners have been affected by this. I'd guess 'no'.

I reckon he's talking shit.

It's almost certainly a breach of someone's payment systems, this is nothing new.

As such any customer's data is up for grabs.

POS Malware Data Breaches and Why They Keep Happening

^^Well the Bangkok Post reports that ​at least 40,000 people in total have been affected.

Originally Posted by harrybarracuda

I reckon he's talking shit.

It's almost certainly a breach of someone's payment systems, this is nothing new.

As such any customer's data is up for grabs.

POS Malware Data Breaches and Why They Keep Happening

Don’t get me wrong - it wouldn’t quite be the first time a highly placed Thai has completely made something up to save face.

what i have read the past few days,the blame has been,
google pay,
google store,
steamgames.com.and edc which is a shopping channel.
what is interesting NOT a word from any bank,gov.office untill bangkok post reported it on their front page,even the P.M.has ordered a search as to what has been going on.

Originally Posted by cyrille

^^Well the Bangkok Post reports that ​at least 40,000 people in total have been affected.

They also said there are 57,000 people in just one FB group for victims.

I'm sure there's a lot more that have yet to check their bank accounts.

Originally Posted by Shutree

They sent nothing to me.

I'll see them tomorrow to ask why.

I visited Bangkok Bank yesterday. First I asked for my passbook to be updated but when they did no individual transactions were listed, only an updated total. That in itself was a bit useless. So I showed her my phone app and then the penny dropped, so to speak.

It seems I had over 200 transactions on my debit card, split between the 12th and the 14th. Nothing on the 13th or later, which I thought was odd. I cancelled the card when I discovered the problem on the 18th.

Total amount taken was just over Baht 8,000. The bank teller told me that I'd get the money back within a couple of weeks.

I asked her about the missing SMS alerts. She said that if I transfer money on the app then even B5 I'd see a message, but that the floor for debit card transactions was B300. I did not know that, anyway that is what she told me.

My abused card had a daily limit of B20,000 so I consider myself lucky that I was only hit on 2 days and only for a fraction of what they might have taken. The bank gave me a new card free of charge and I set the spending limit to zero, so it can only be used to withdraw cash at the ATM machine.

I rarely used the old card except for cash. In recent memory I used it once on Agoda to book the Chiang Khan hotel and once online to buy a couple of T-shirts from Uniqlo. Sad admission, I know, but there are no fashion police out here in the sticks. Obviously I never share my card details with others.

Overall I'd say this was/is a well-organised fraud. To repeat myself, be sure to check your bank.

It's definitely well engineered.

They have yet to identify the mysterious online shop (or shops) that were the recipient(s) of this bounty.

That’s the key, isn’t it.

That they seem to have no idea what to do.

Originally Posted by cyrille

That’s the key, isn’t it.

That they seem to have no idea what to do.

The BOT are the regulatory body.

They should be at least telling the banks to identify what payment system all these cards have in common.

Originally Posted by Buckaroo Banzai

Ok, so I was just on the phone with Kasikorn bank, they speak very good English and were very helpful.
In view of recent developments we were concerned, because we keep relatively large amounts in the account, and we did not want the account to have debit card access.
The person I talked to suggested the following workaround.
Keep the debit card, but in the mobile app, set all debit card transaction amounts to Zero, (there were three different settings.) Then he suggested if we ever wanted to use the debit card, To go to the App, change the amount to our desired transaction amount, complete the ATM withdrawal , and then go back to the App and change all transaction parameters' back to Zero.
It sounded reasonable to me. What do you all think?

Better to keep the large amounts in an account with NO card.

Open a current account with debit card and just transfer limited amounts of working cash to it when you need to.

Copped on a long time ago that the bank account for visa money etc should have nothing but the bank book.

Not sure if it's still the case, but BAY Mee Tae Dai was the best at almost 5% paid monthly around 10 years ago, think it's down to around 1% at this stage.

latest is that all the banks are REFUNDING the amounts stolen. doubt if you find out who is responsible.

reasons why in over 38yrs.i have never had any sort of credit cards.even the wife has none.
banks report over 10,700cards are involved in the scam,of which 5,900 were credit cards involving over 100million baht and 4800 debit cards of which 31million bht.involved.
bkk.post today.
those worried about their extension money in the banks being got at,should use a fixed acount and leave it there.
these type of fixed deposit acs.you cant have a card of any kind,money can only be drawn in person,with phoyo id,pass book and passport at the bank.
maybe its another VIRUS.

I think it would be a good idea to make people more literate about scams if they want to have a credit or debit card. Banks are paying a lot for people just not being attentive to some good practices.

Digital literacy a must for bank card holders after recent cyber fraud incident | Thaiger

In light of the recent cyber fraud incident, in which 40,000 people were victimised in Thailand, a cybersecurity expert is emphasizing the need for digital literacy. Prinya Hom-anek, president of the ACIS Professional Centre, an IT security consulting service, says bank card holders are the most vulnerable in the payment ecosystem. This vulnerability sees criminals targetting the group first, as many still aren’t aware that debit and credit cards can be used to make online purchases.


Such digital literacy includes receiving and monitoring SMS notifications when a transaction is made on one’s account, as the recent incident saw criminals succeed in withdrawing small amounts of funds frequently. In regards to the scam, the Bank of Thailand and Thai Bankers’ Association has stated that no commercial banks’ systems had been hacked and the irregular transactions were for payment to online shops registered overseas.


Prinya says there are 3 crucial cybersecurity trends that will start in 2022. The first trend includes users needing to become digitally literate to fend off attackers.
“We cannot focus only on tackling technical problems, but need to educate people so as to eliminate risk.”


The 2nd is in the vulnerabilities of supply chains, in which cyberattacks can happen in any unit of the chains, opening the door for attacks through the same supply chain. He says a proper security standards must be in place throughout the chain. Such examples include attacks coming from suppliers or 3rd parties that are connected with organisations.


In response to the predicted upcoming trends, the US has issued a Cybersecurity Maturity Model Certification that sets a standard which needs to be applied by companies bidding for projects of the Department of Homeland Security to ward off security risks. The standards may affect other companies in the supply chain, including Thailand. Prinya says this standard needs to be applied in Thailand by making a Thai version of the CMMC to get prepared.


The last trend is enacting a zero trust design. This means that people must not trust any devices to access data, and perform frequent checks to detect any suspicious transactions. Recently, banks have confirmed that they will refund money to the victims of the recent cyber fraud incident. Payong Srivanich, chairman of the Thai Bankers’ Association, says banks will pay back money to the victims of these cases within 5 business days for debit card holders. For those holding credit cards, the banks will cancel suspicious transactions while not collecting interest or fees for the transactions from cardholders. Payong also said the banks will close affected credit card accounts and open new ones for customers, all free of charge.

Originally Posted by headhunter

latest is that all the banks are REFUNDING the amounts stolen. doubt if you find out who is responsible.

If the banks are having to swallow it, you can bet they'll be looking for who is responsible.

Of course if it is a gang of Moscow hackers protected by Vlad, there will be no consequences.

Originally Posted by harrybarracuda

If the banks are having to swallow it, you can bet they'll be looking for who is responsible.

Of course if it is a gang of Moscow hackers protected by Vlad, there will be no consequences.

or it could be a couple of BURMESE.