Cases of losing money in banks due to personal information disclosure

• August 13, 2016 09:34

Consumers are often at a disadvantage when it comes to protecting their rights in these cases, as there is no independent agency to decide who is at fault.

Hijacking phone numbers, robbing tens of millions in accounts

At around 8pm on July 10, 2014, Mr. Dang Thanh Hai (HCMC) suddenly received a text message from Viettel's 155 number, informing him that his current phone number would be changed to a new SIM card. Immediately, the SIM card on his phone was locked and could not be used. Contacting the operator, the subscriber was informed that someone had reported the loss of his SIM card and requested a replacement for the SIM card he was using. The "robbed" phone number had been registered by him to use for Internet and SMS banking transactions.

Feeling guilty and suspecting that he might have lost money, that same night he went to the Maritime Bank ATM and checked and discovered that his account had "evaporated" 30 million VND with 3 suspicious transactions. After reporting and getting involved, the person who stole Mr. Hai's SIM card was also found and dealt with, but the incident also left a big lesson for customers, banks and network operators.

nhung-vu-mat-tien-oan-o-ngan-hang-vi-lo-thong-tin-ca-nhan

The customer's SIM card was suddenly deactivated immediately after receiving this message even though the SIM card was not changed.

Telecommunications and banking experts later said that there were two loopholes in this unfortunate incident. First, the cardholder’s information was leaked, and second, the network operator’s SIM card reissuance process was problematic, too sketchy and simple. However, both banks and networks said that customers had exposed their personal information, allowing criminals to take advantage.

Stealing card information and making 'ghost' transactions abroad

Ms. Trang lives and works in Ho Chi Minh City and has never been to the UK. Therefore, in 2013, she was extremely shocked when she received a text message from the bank notifying her that money had been deducted even though her credit card was still in her wallet. The scammer had made food purchases in the UK worth £174 (about 5.7 million VND).

After Ms. Trang called the issuing bank to block the card, the fraudster still made 3 other transactions but failed. Saigon Thuong Tin Commercial Bank - Sacombank (the credit card issuer) said it had asked the payment acceptance unit to provide relevant documents. After checking, Sacombank said it could not refund the customer in this case. "Because the transaction was made on the Internet, the agent's response document was information about purchasing nutritional products, the goods were provided immediately after the transaction, so the document is valid," the bank explained.

nhung-vu-mat-tien-oan-o-ngan-hang-vi-lo-thong-tin-ca-nhan-1

High-tech crime is increasingly dangerous with many tricks to steal customers' card and account information.

Similarly, Nguyen Tung Duong (Nam Dinh) was also "hacked" for tens of millions of dong in the UK on his Visa Debit card, even though he kept the card carefully in the cabinet and scraped off the last 3 digits. Duong opened a Visa Debit card from Asia Commercial Bank (ACB) in July 2015 with the purpose of receiving money transfers via Paypal. By the end of September, his account had more than 48 million dong. On the evening of September 30, Duong received a call from an ACB employee informing him that there were continuous strange transactions to purchase goods abroad from his Visa Debit account. Specifically, 5 online payment transactions were all in British pounds for services such as: Apple Store, Uber... The total loss from these 5 transactions was more than 48 million dong.

In both cases, banks blame customers for losing their card information, and consumers are once again in a weak position with no intermediary agency to protect them or identify the error.

Never borrowed money but still owe billions of dong

The first time he knocked on the door of a bank to borrow money to buy a house with a package of 30,000 billion VND, Mr. Ngoc (Hanoi) just realized that he had bad debt for several years. After nearly completing the loan application, the bank's credit officer checked on the Vietnam National Credit Information Center (CIC) and informed him that he had a loan of nearly 2 billion VND at a joint stock bank. This loan has been overdue for nearly 2 years and has been transferred by that bank to the "Potentially bad debt" group. "Someone used the information on my ID card to create this fake loan application. The signature on the loan application is completely fake. Moreover, if I had bad debt, why haven't I received any debt collection notices from the bank during this time?", he said. VnExpress's source said that, in addition to Mr. Ngoc, there are a number of other cases that "suddenly" became debtors even though they did not borrow money from the bank.

Bank account evaporated 500 million VND overnight

Ms. Na Huong (Hanoi) was shocked after waking up in the morning to see a notification that there were 7 money transfer transactions from her Vietcombank card number to another card number during the night, with a total amount of up to 500 million VND. Because the transaction was made while she was sleeping at home and her ATM card was still in her bag, this customer thought that the bank's security process was too lax because she did not receive any OTP (one-time password) notification messages sent by the bank.

nhung-vu-mat-tien-oan-o-ngan-hang-vi-lo-thong-tin-ca-nhan-2

There are still many questions surrounding the security process of Smart OTP at Vietcombank.

Meanwhile, Vietcombank determined that Ms. Na Huong lost her information and password by accessing a fake website. In addition, Vietcombank said that she had been switched to the password authentication form using Smart OTP without knowing it. According to the explanation of a Vietcombank representative, when accessing the fake bank website, Ms. Na Huong accidentally provided both her account name and password to Internet Banking and OTP for the fraudster to activate Smart OTP on another mobile device. Smart OTP is a software installed on mobile devices (mobile phones, tablets), allowing users to proactively obtain OTP authentication codes for transactions.

At Vietcombank and some other banks today, there are many forms of password authentication when customers make Internet Banking transactions, one of which is OTP (sent via regular SMS) and Smart OTP.

However, according to many experts, the conditions for activating Vietcombank's Smart OTP are too simple when only requiring a one-time OTP password entry instead of forcing customers to go to the transaction office to register at the counter. "In addition, to ensure safety, the bank should have stipulated that the mobile device registered to install Smart OTP and the device previously registered for SMS banking service to receive regular OTP must be the same. In this case, the thief took Ms. Huong's SmartOTP to install on another mobile device and freely make transactions," the expert analyzed.

According to VNE

RELATED NEWS
Children 6 years and older can use ATM cards Tens of millions of ATM cards must be converted 500 million VND from customer's ATM card was taken out of account Two foreigners detained for using fake ATM cards to withdraw money Withdrawing money during Tet: Warning about ATM card safety