Woman Claims Bank Can’t Refund The Charges As OTP Was Used
UPDATE (24 Jun): In response to MS News queries, a DBS spokesperson reminded customers not to click on links or install any programs from suspicious sources.
More security tips can be found here.
–
As e-commerce takes over our shopping habits, using a credit card to buy anything online usually involves various security measures.
One of these measures is a One-Time Password (OTP) that’s sent to your phone to make sure it’s really you making the transaction.
However, a Singapore woman has claimed that somebody made 7 transactions on her credit card, amounting to a massive $10,150, without her authorisation.
Photo for illustration purposes only
Source
Strangely enough, the alleged scammer managed to bypass the OTP security, she said.
Ms Danica Alena Choo told the incredible incident in a long post on Facebook made on Wednesday (16 Jun).
Check out the full post here, or you can read on for our summary.
Credit card exceeded credit limit
It all started in January when Ms Choo making an online purchase with her supplementary credit card.
The transaction couldn’t go, though, but she thought it was just a glitch.
A few days later, she tried using the card again, but it was declined.
Photo for illustration purposes only
Source
This time, she said she called DBS Bank, and it was only then that they told her she’d exceeded her credit limit.
7 transactions made of about $1,400 each
Baffled, she was informed that 7 transactions of about $1,400 each were charged to her card consecutively.
They amounted to a sum of $10,150 – no wonder her credit limit was reached.
She said she didn’t carry out these transactions and asked them to investigate.
OTP allegedly not received
When people make online transactions, the bank usually sends them an OTP via SMS to authorise it.
But even more strangely, Ms Choo said she didn’t get anything – not for any of the 7 transactions.
She also said that the bank suggested that she could have keyed in the OTP by mistake.
However, it’s unlikely that she could’ve made the same mistake 7 times, she pointed out.
The bank then advised her to make a police report, which would help their request for a refund.
Transactions allegedly wired to a Malaysian company
Ms Choo said she made a police report, despite the stress of being pregnant.
She found out that the 7 transactions were made via Wise, a website formerly named TransferWise that enables overseas money transfers.
It was also revealed that the money was allegedly wired to a Malaysian company and processed in ringgit.
10 transactions in total allegedly made, only 7 went through
However, Wise couldn’t do anything except suspending the account that made them, which they’d already done.
That was because DBS had allegedly informed them of possible fraud.
In fact, Ms Choo said Wise told her that a total of 10 transactions were made, but just 7 went through.
DBS started to reject the 8th transaction onwards and informed Wise of the possible fraud, she added.
Wise account allegedly created via identity theft
The police then interviewed the holder of the Wise account but came to another dead end – that person was said to be innocent.
The account was created using that person’s personal details in a case of identity theft, Ms Choo said.
As all the leads were exhausted, the police had to conclude the case, she added.
Screenshot of apparent conversation between OP and the police.
Source
Unfortunately, that means she’s still liable to repay the bank.
Woman claims bank was unwilling to waive interest
Ms Choo said the bank couldn’t refund the money as the transactions were made with a secure OTP.
She also claimed that the bank was unwilling to waive the monthly interest while the case was under police investigation.
After her child was born, her husband had to see MP Gan Kim Yong, who sent an email to the Monetary Authority Of Singapore (MAS) and DBS, she said.
The following day, DBS told them that they would waive the interest, she said.
Woman insists she didn’t get any OTPs
Finally, Ms Choo brought the case before the Financial Industry Disputes Resolution Centre (FIDRec), an independent and impartial body.
The bank allegedly argued that the transactions could’ve gone through only via OTPs. SMS alerts were also sent to her mobile number after each transaction was completed.
However, she insists she didn’t get any OTP or SMS alerts about them.
Photo for illustration purposes only
Source
The bank also allegedly said that they’ve never encountered a case of OTP bypassing.
She even went to StarHub, who allegedly told her they only track calls and outgoing text messages.
To check whether people have received SMSes, the police have to ask StarHub for the data.
However, as she said earlier, the police concluded the case without a favourable outcome.
Here’s Ms Choo’s entire post so you can read her entire story in her own words:
An unusual case
Ms Choo seems to be near the end of her rope, as she says she’s still liable for the money.
But she claims she didn’t make the transactions and didn’t receive the OTPs at all.
On the other hand, the bank allegedly said that OTPs are secure, and the transactions wouldn’t have gone through without her authorisation.
It’s indeed unusual that a possible scammer can allegedly bypass the secure OTP and make unauthorised transactions. If that can happen, many will fear for the security of their accounts.
What do you believe happened in this case? MS News has reached out to DBS for a response and will update the story when we get one.
Have news you must share? Get in touch with us via email at news@mustsharenews.com.
Featured image adapted from Pickawood @ Unsplash and is for illustration purposes only.