Posts tagged with "dbs skimmers"

Friday 27th April 2012

No ATMs skimming from DBS profits!

Icon from the Tango Desktop project

Remember all those DBS ATM skimmer problems I talked about earlier this year? Seems that it hasn't affected their bottom line:

SINGAPORE - DBS Group, Southeast Asia's largest bank, posted a record quarterly profit that beat analysts' expectations due to higher loan margins and trading income, and was bullish in its outlook.

The money is all in Asia now folks!

Ironically, I'm thinking of moving to OCBC. During some recent family adventures with a handful of banks, they've been by far the most tolerable. As far as banks go, that's high praise!

Sunday 15th January 2012

DBS responds to ATM skimmer fun

I didn't intend for this to be a series, but here we are again! We heard of the skimmer problems with DBS ATMs, and the response the bank garnered from customers. Now we're finding out what DBS is going to do about it.

Photo from the DBS 2010 Annual Report. I'll bet their 2011 report will mention losses incurred from this incident. Maybe!

Prevention is good, but...

Channel NewsAsia reported on the basics, but for the real story we turn to the DBS Newsroom which inexplicably needs JavaScript enabled to work. How terribly frustrating!

If you're a cardholder you'll want to read the full report, but this seems to be the primary action they're taking:

All customers who have made overseas withdrawals using their ATM/ Debit cards at any point in time on or after 1 July 2011 will be able to continue to use their cards outside Singapore. However, they can also choose to block the overseas ATM cash withdrawal function at any DBS/POSB ATM, branch or by calling the DBS contact centre. For added protection, they can also choose to lower their daily cash withdrawal limit at any branch

If I'm parsing this correct, DBS are implementing an opt-in approach for overseas ATM banking. This would seem to be the opposite of what HSBC does; I handle some finances for my father, and in the case of his HSBC cards he's informed by SMS when overseas transactions occur. I think both serve their purpose, but the opt-in approach would be the most foolproof.

Maybe! Hey, I've said that once before here. No wait, twice. Maybe. Ah, crap.

Yes, but what about the hardware?

While these preventitive measures are valuable, they don't address the underlying hardware issue: that ATMs in Singapore can have skimmers installed which record customer information. To that end, DBS offered some advice:

Be Observant - If something about the ATM does not seem or 'feel' right, then stop your transaction and use another ATM. Do not remove any suspicious devices from the ATM, as it may be under surveillance by fraudsters.

I'll be looking out for another followup press release. In the meantime, I'd better check that I've used my POSB ATM card in Sydney since July last year; I'm pretty sure I haven't!

Thursday 12th January 2012

You can just skim this DBS ATM story

Two follow-up stories on my post regarding the DBS/POSB ATM saga. Encasing my NETS card in lucite!

Photo by the writer of Some things to Remember.

Notifications

From Channel News Asia, posted yesterday evening:

SINGAPORE: DBS Group Holdings chief executive Piyush Gupta said the bank will provide SMS alerts for ATM withdrawals beyond a certain amount or when it detects unusual transaction activity.

The move comes after 400 customers fell victim to a card skimming fraud where S$500,000 was withdrawn from their bank accounts without their authorisation over two days on January 4 and 5.

On the surface this sounds like great news, and I applaud it.

What worries me are the dates reported. If you'll recall, in my last post the article I quoted said the skimming took place last November. An honest mistake, or have there been more incidents since? And if so, I'm sure other banks have been affected too... are DBS/POSB the only ones fessing up?

Give us better security!

Whatever the case, it seems consumers are starting to demand better security which makes nothing but sense:

SINGAPORE: Most Singaporeans Channel NewsAsia spoke to said they will continue to use ATMs despite the latest fraud which hit 400 POSB and DBS customers this week.

However, they said they expect the bank to beef up ATM security to prevent a similar incident in the future.

Of course, they have reservations about security that should sound familiar to those setting up any secure IT infrastructre:

"Change the PIN number? But I'm afraid I can't remember the number," said one customer.

"Everyone has so many numbers to remember, so many passwords to remember. I think it's difficult," said another.

Leaving aside the issue that unless PINs were changed every single time the precaution wouldn't have prevented the fraud, one can't help but think there has to be a better way.

In the meantime, our old buddy education will have to be employed. The onus should be on banks to inspect their ATMs more thoroughly and regularly for tampering, but consumers should also be made aware of how to spot fraudulent modifications, just as they would look out for suspect email. The fact Singaporeans have largely been spared the onslaught of skimmers in the past may be a fact that works against them.

Sunday 08th January 2012

DBS ATM skimmers

Despite living in Sydney for now, as a DBS cardholder this story about compromised ATMs still made my blood chill!

Photo by the writer of Some things to Remember.

The backstory

For those who aren't already sick of the news, Robin Chan at The Straits Times summarises the situation:

At least 200 DBS Bank and POSB customers have been hit by an ATM fraud that has seen some $200,000 stolen from their accounts.

The stolen funds were withdrawn from ATMs in Malaysia, DBS said on Thursday.

This was done possibly using 'cloned' cards created by using data stolen at ATMs here, sources say, and is the largest such case of ATM fraud to hit DBS in recent years.

The stories from various sources are heavy on reactions, but light on details. I've seen the words hacking and skimming used, which suggests the ATMs themselves were modified, or extra devices were unscrupiously installed.

The reaction

DBS released a statement on the 05th:

SINGAPORE, 05 January 2012 - Yesterday, some customers informed the bank of unauthorised withdrawals made in Malaysia through their DBS/POSB ATM/Debit cards. [..] The average amount withdrawn was about S$1,000 per account. (The bank’s standard ATM/Debit card withdrawal limit is S$2,000 per day). [..] Investigations are underway.

Sure demonstrates the value of having a withdrawal limit. I'd have mine set even lower, if I could.

The following day, DBS posted a followup with more detail:

SINGAPORE, 06 January 2012 - While investigations are still underway, increasing evidence points to the unauthorised withdrawals as being part of a card skimming operation. Preliminary investigations at this stage reveal that two ATMs at Bugis street have possibly been compromised. We have identified the specific periods when the compromise could have taken place.

I'd noticed most ATMs in Singapore had those green, bulbous "fraudulent device inhibitors" installed on card slots years ago. Either they weren't installed on all machines, or they're not as tamper resistant as we thought they were. In any case, eep.

Needless to say, if you've noticed any suspicous activity on your DBS or POSB accounts, be sure to contact the bank ASAP! If I were in my old apartment there I'd go down the street to Liat Towers and sort it out because... oh wait, they closed that branch :P