DBS/POSB Security Compromised
- Thread starter 9V-Orion Images
- Start date
allenleonhart
Senior Member
hmm posb is under dbs, or dbs is under posb? i know they now same company liao hmm.
It's simple ATM card fraud, nothing to do with Internet banking. (Or is anybody using ATM cards for Internet banking?)
As long as local banks are too lazy, complacent, stingy (call it whatever you want) to issue ATM cards and ATM systems using security chip there is a possibility for ATM card frauds. Has happened in European countries on a large scale: ATM were compromised by installing additional readers around the slot, the content of magnetic stripe was read and stored. In addition, a small camera was placed above the keyboard. This way the gangsters got the card and the PIN. Some of these ATM installations had even WLAN links so that the data were transferred immediately. Creating a new card is a matter of seconds. The idea is just that small amounts being withdrawn might go unnoticed.
As long as local banks are too lazy, complacent, stingy (call it whatever you want) to issue ATM cards and ATM systems using security chip there is a possibility for ATM card frauds. Has happened in European countries on a large scale: ATM were compromised by installing additional readers around the slot, the content of magnetic stripe was read and stored. In addition, a small camera was placed above the keyboard. This way the gangsters got the card and the PIN. Some of these ATM installations had even WLAN links so that the data were transferred immediately. Creating a new card is a matter of seconds. The idea is just that small amounts being withdrawn might go unnoticed.
allenleonhart
Senior Member
singapore had its share last time already, pretty large scale too. thats why most ATMs now have a green color attachment, which is to prevent any other attachments to be attached.
anyways for those who wanna learn more about it.
[video=youtube;Vt-k0xr1AzA]http://www.youtube.com/watch?v=Vt-k0xr1AzA[/video]
Big Kahuna
Senior Member
Additional measures are in place in atm to prevent id theft, but what about those nets payment kios from retail shop and carpark? Maybe they should also implement 2FA for atm withdrawal to reduce such threat .
kei1309
Senior Member
i saw a link that showed that the skimmers have already come up with something to cover that green-colored round thing.
allenleonhart
Senior Member
then the geniuses will invent another thing to cover the green coloured thing to prevent skimmers from attaching more things!
maybe red color?
Just the usual quick fix, not a solution. The green attachment is not transparent, so tiny electronics can be hidden inside as well.
9V-Orion Images
New Member
Arh..., no doubt. Sieve through the virtual cesspool of raw sewerage and from time to time you may just yield yourself a valuable gem stone or precious metal.
TV News say 2 ATMs at Bugis have been compromised.
If you have been there and withdrawn money recently, watch your bank account.
This fraud requires at least two elements.
1. The ability to reproduce your card. i.e. somehow in your routine Nets purchase you may have handed the card to some cashier who got a machine to secretly phish your ATM card. Or they have a device at the ATM itself.
2. The ability to capture your PIN. This can be done by computer data capture or by a secret camera filming your PIN entry.
If you checked your account and you feel safe, don't relax. Keep checking the next few weeks.
The fraudsters may have your (recreated) ATM card + PIN but have not yet withdrawn money from your account.
One last thing.
400 accounts were affected. In view of the large number of accounts compromised, I am not discounting the possibility of an inside job.
If you have been there and withdrawn money recently, watch your bank account.
This fraud requires at least two elements.
1. The ability to reproduce your card. i.e. somehow in your routine Nets purchase you may have handed the card to some cashier who got a machine to secretly phish your ATM card. Or they have a device at the ATM itself.
2. The ability to capture your PIN. This can be done by computer data capture or by a secret camera filming your PIN entry.
If you checked your account and you feel safe, don't relax. Keep checking the next few weeks.
The fraudsters may have your (recreated) ATM card + PIN but have not yet withdrawn money from your account.
One last thing.
400 accounts were affected. In view of the large number of accounts compromised, I am not discounting the possibility of an inside job.
Last edited:
9V-Orion Images
New Member
Have you ever read what the other posters had mentioned previously? This is nothing new. There are even unauthorised magnetic card readers disguised as supposedly tamper proof anti-skimming devices.
Also in November 2008, $9,000,000 was stolen worldwide from 130 ATMs with duplicated magnetic debit cards within a span of just 30 minutes.
Last edited:
voxies09
New Member
this clone atm card is not a new technology, it has been reported in several other country; but i guess in Singapore is not this case but rather then the NETS payment from rogue shop. The rogue shop can modified the NETS machine + camera to capture the PIN, some people tot that SG so safe and no need to hide their pin.. i also do that sometime
Last edited:
Sion
Senior Member
mine kosong moneyso i got no fear.
Please check and see whether $1,000,000 has been wrongly put into your account. :bsmilie:
Why? Get new ATM cards, define the PIN at the counter, done. Whatever those people now still have on their copied ATM cards is worth nothing.
1) If a fraudster stole the ATM card details and also the PINs (supposedly at the alleged 2 Bugis ATMs). That was in November 2011 according to the news. You mean that he waited until early Jan 2012 to start stealing money? Does it make sense?
2) Normally in any banking fraud case e.g. internet banking fraud or ATM card skimming; a bank is strongly defensive and upfront will contend that it may have been the account holders' fault in not keeping their PIN private and secure possession of their ATM cards. But now the bank is so generous in replacing the money stole within 24 hours. It is good of them though, not complaining here. Not the normal way they handle such issues and out of character.
3) If a fraudster was so skilled at ATM skimming that he can steal from ANY bank, then money is still money no matter which bank he steals from. So why would he concentrate on stealing ONLY from DBS/POSB bank when there are so many other banks such as OCBC, Standard Chartered, UOB, Citibank, etc to also steal from at the same time? Why is the theft/fraud confined only to 1 bank?
4) Why the fraudster withdrew from ATMs ONLY in Malaysia and not in Singapore or other nearby countries? Are the ATMs in Malaysia less secure with no CCTV to record the person doing the withdrawal? Any other reasons that we did not think of?
5) Before a debit card / ATM card is issued by any bank, some one has to make the card. What are the internal and external controls to ensure security of the computer data in the magnetic stripes and the original PIN issued to card holders. Card holders may or may not change the original PIN to their own. Hypothetically, if there is a leak, and card holders do not change PIN, then no need to skim.
6) Did all the account holders of the 400 compromised accounts use the alleged 2 Bugis ATMs during November 2011? This part not clear. Maybe need to read the news again.
2) Normally in any banking fraud case e.g. internet banking fraud or ATM card skimming; a bank is strongly defensive and upfront will contend that it may have been the account holders' fault in not keeping their PIN private and secure possession of their ATM cards. But now the bank is so generous in replacing the money stole within 24 hours. It is good of them though, not complaining here. Not the normal way they handle such issues and out of character.
3) If a fraudster was so skilled at ATM skimming that he can steal from ANY bank, then money is still money no matter which bank he steals from. So why would he concentrate on stealing ONLY from DBS/POSB bank when there are so many other banks such as OCBC, Standard Chartered, UOB, Citibank, etc to also steal from at the same time? Why is the theft/fraud confined only to 1 bank?
4) Why the fraudster withdrew from ATMs ONLY in Malaysia and not in Singapore or other nearby countries? Are the ATMs in Malaysia less secure with no CCTV to record the person doing the withdrawal? Any other reasons that we did not think of?
5) Before a debit card / ATM card is issued by any bank, some one has to make the card. What are the internal and external controls to ensure security of the computer data in the magnetic stripes and the original PIN issued to card holders. Card holders may or may not change the original PIN to their own. Hypothetically, if there is a leak, and card holders do not change PIN, then no need to skim.
6) Did all the account holders of the 400 compromised accounts use the alleged 2 Bugis ATMs during November 2011? This part not clear. Maybe need to read the news again.
Last edited:
cks2k2
New Member
1. Maybe they wait for 2011 year-end bonus to be banked-in before striking?
2. They act fast you also complain...
3. Maybe because DBS/POSB has the most ATM?
4. Maybe their home base is in MY?
5. This is really the responsibility of the card-holder. But if you are issued the card over-the-counter you have to assign a PIN before it is activated.
From CNA article:
"Speaking for the first time publicly on the incident, Mr Gupta added that there's no "internal involvement" in the fraud incident."
Actually he cannot and should not make such a public declaration, when the entire case is still under Police investigation. And no arrests have been made yet.
He is not God and he is not All-Knowing, omni-present and omni-potent.
So how can he know for sure, at this early stage?
The Singapore Police and Malaysian Police will have to make the arrests, interrogate the fraudsters and charge the fraudsters in court.
Only then will anyone know whether the fraudsters have any insider collusion or whether the fraudsters were the staff or whether the fraudsters were working alone without any internal involvement.
"Speaking for the first time publicly on the incident, Mr Gupta added that there's no "internal involvement" in the fraud incident."
Actually he cannot and should not make such a public declaration, when the entire case is still under Police investigation. And no arrests have been made yet.
He is not God and he is not All-Knowing, omni-present and omni-potent.
So how can he know for sure, at this early stage?
The Singapore Police and Malaysian Police will have to make the arrests, interrogate the fraudsters and charge the fraudsters in court.
Only then will anyone know whether the fraudsters have any insider collusion or whether the fraudsters were the staff or whether the fraudsters were working alone without any internal involvement.
