According to a report from Channel News Asia, a total of nearly 200 DBS and POSB customers in Singapore have been hit by unauthorized withdrawals averaging S$1000 each. The withdrawals were done in Malaysia “while the ATM cards were with them safely in Singapore”. Which begs the question what does ‘safely in Singapore’ mean?
Channel News Asia goes on to report that withdrawals were made in Kuala Lumpur (not neighboring Johor Bahru) and done approximately the same time as ‘valid’ withdrawals. ZDNet has reported DBS is working together with its IT vendor, NCR to understand the issue and investigate further. It’s also suspended all suspected cards and are contacting customers to give them what it says would be a full refund. NCR also happen to make almost 90% of all ATMs in Malaysia, and according to Yahoo! news, this was “a security breach to its anti-skimming devices installed on ATM machines“, so I’m just wondering why this wasn’t done to Malaysian accounts of local banks?
This is a rather interesting case, Malaysia is known for it’s criminals. There was a report late last year of a bust on a credit card cloning operation barely 5 minutes from my home , and there have been numerous reports including this one by the Malaysian Insider that reported Post-men were being paid Rm50 to RM100 for intercepting credit cards on their way to customers. That probably explains why I had to collect my Credit Card from my nearby branch rather than from the mail box.
Of course all of this leads to is how much do we trust our banks? Do you check every single withdrawal in your bank statement? Do you check the transactions you’re billed for in your credit card? Do you check your salary in your bank account and how much interest the bank is charging or paying you back?
I personally don’t, because I just think it’s a waste of time to check something that’s accurate 99% of the time, but that could change. This little incident may not seem like much, but POSB and DBS have reason to jump. These thieves seemed to have found a flaw in their system and they have the means to exploit it. Of course capping each transaction , like the Rm3,000 or Rm5,000 limit we have here in Malaysia, may have capped their loses to something insignificant for a bank the size of DBS, it still points to something rather relevant…
No matter how secure your systems are, there’s always a weakness and there’s always someone willing to exploit it.
Trust it seems needs to be earned and can be lost at anytime.