Mobile company employee stole 10 million baht from customers in credit card data fraud

[webfact]

Mobile company employee stole 10 million baht from customers in credit card data fraud

 

Picture: Daily News

 

A Thai man who worked on the counter for two well known mobile phone operators stole the credit card details of customers and helped himself to riches in an elaborate fraud. 

 

He bought foreign goods which he sold online and purchased a house and several cars on the proceeds. 

 

Sathit Janpho, 29, - a man from Uttaradit who got a degree in computers at a Bangkok university - was arrested on Tuesday outside Central Rama II west of Bangkok. 

 

Taken into evidence were a large quantity of shoes, designer bags and expensive watches that had been purchased on Amazon and Ebay and other platforms. 

 

Also seized was a two million baht house in the Rama II area, a 2.5 million baht Mini Cooper, and Honda and  Toyota vehicles worth a further 2.4 million. 

 

Economic Crime Suppression police were called in after many complaints from customers of mobile phone operators. They said that the method used by Sathit to cover his tracks was designed to make him difficult to trace.

 

At his work he would steal the credit card numbers, expiry dates and CVC three digit codes from customers. He would then order goods from abroad online. 

 

These were delivered to a bogus address and would then be returned to the distributor. Sathit then arranged with a motorcycle taxi rider to go to the distributor to present fake documents to claim the goods.

 

He was thus never seen in person.

 

The goods were then sold on Facebook and elsewhere. 

 

Sathit admitted the fraud saying that he was employed by one operator but was sacked. But he got another job at a new phone company where he had been for the last three or four months. 

 

In total he had been stealing credit card details for the last three years and had grown rich on the proceeds. 

 

Police advised customers never to let credit cards out of their sight and to cover the CVC code with a sticker. In addition customers should sign up for bank alerts when their credit card is used to help stop them becoming victims of credit card fraud. 

 

Source: Daily News

 

 

-- © Copyright Thai Visa News 2019-09-12

Follow Thaivisa on LINE for breaking Thailand news and visa info

[neeray]

Scumbag.

 

No. Dumb scumbag!

[ezzra]

A thief and a forger ok but how long this moron thought he can get away with stealing millions that no one will be the wiser? people like him even gives crimmilas a bad name...

[andre47]

Greed

[dddave]

Actually a useful suggestion to just cover the CVC code...That had never occurred to me.  I know it by heart so it doesn't need to be visible.  Without that, very difficult to use the card online.

[scorecard]

Same, I never thought about it before, im putting a small sticker on it right now. 

 

Further, seems to me that it's easy enough to use credit cards fraudulently, and with the fast rise of instant funds transfer using internet banking (even across countries) and instant SMS to advise customers of all transactions and from what I read security is fairly good, so I'm wondering whether credit card usage will wain substantially. 

[KhunBENQ]

4 hours ago, webfact said:

Police advised customers never to let credit cards out of their sight and to cover the CVC code with a sticker.

Note it at a safe place and then use a sharp knife to scratch it off!

 

[TallGuyJohninBKK]

A true Thai success story of financial well-being and ingenuity... The man is to be congratulated.... right after he gets out of prison.

 

[sammieuk1]

Give him a cabinet role they need some "elaborate" fraudsters all the ones they have now are so easy to spot these days your career awaits in politics not phones????

[fuzzie]

He seems very smart, but he left to many bread crums..

Sent from my SM-G935F using Thailand Forum - Thaivisa mobile app

[gamesgplayemail]

4 hours ago, neeray said:

Scumbag.

 

No. Dumb scumbag!

 

yes, too smart for you to understand I guess ❤️

 

 

[Selatan]

4 hours ago, dddave said:

Actually a useful suggestion to just cover the CVC code...That had never occurred to me.  I know it by heart so it doesn't need to be visible.  Without that, very difficult to use the card online.

It's a useless idea. You have already provided your CVC code to mobile phone operators and online shopping sites. What online shopping sites must do is to authenticate payments via TAC (Transaction Authorisation Code) that are sent as SMS from banks to cardholders. Problem is, just like the US banks still haven't migrated totally to chip-based credit cards, many US online shopping sites also still have not used TACs. The US is now very backward in many ways.

[Selatan]

By the way, anyone can confirm if Shopee and Lazada in Thailand use TACs or not in authenticating payments? Have never done any online shopping there so I don't know. I can confirm that both Shopee and Lazada in Malaysia use TACs.

[hotchilli]

Like most Thais they do it without contemplating getting caught.

[bluesofa]

22 minutes ago, Selatan said:

It's a useless idea. You have already provided your CVC code to mobile phone operators and online shopping sites. What online shopping sites must do is to authenticate payments via TAC (Transaction Authorisation Code) that are sent as SMS from banks to cardholders. Problem is, just like the US banks still haven't migrated totally to chip-based credit cards, many US online shopping sites also still have not used TACs. The US is now very backward in many ways.

The Bank Of Thailand has instructed all Thai banks the transition to chip & pin cards must be completed by the end of December this year. After that, all old Thai cards without a chip will be invalid. That includes credit cards, debit cards and ATM cards.

However, I saw a recent article saying the banks had requested a short extension, as there were still some customers not aware of the need to replace their cards. It seemed to be an extension of a few weeks, IIRC.

[Selatan]

4 minutes ago, bluesofa said:

The Bank Of Thailand has instructed all Thai banks the transition to chip & pin cards must be completed by the end of December this year. After that, all old Thai cards without a chip will be invalid. That includes credit cards, debit cards and ATM cards.

However, I saw a recent article saying the banks had requested a short extension, as there were still some customers not aware of the need to replace their cards. It seemed to be an extension of a few weeks, IIRC.

Yes, Thailand is 15-years behind Malaysia in migrating to chip-based cards. What about TACs though? Do online shopping sites in Thailand use them?

[bluesofa]

2 minutes ago, Selatan said:

Yes, Thailand is 15-years behind Malaysia in migrating to chip-based cards. What about TACs though? Do online shopping sites in Thailand use them?

I can only confirm that SCB and Bangkok Bank do.

When you fill in the secure form with your details, you are asked to click a button to "request an OTP". For me, it arrives as an SMS on my mobile within five seconds, and has worked fine.

The bank also SMS a confirmation of the transaction, saying that if you didn't authorise it to contact them immediately.

 

It's good regarding the introduction of chip & pin cards here in Thailand - at last.

I've also read about the US being 'in the process' of introducing them. They have been in use in Europe for twenty years now.

[Brigand]

This guy was smart but not smart enough to not fall into the hubris and greedy trap on this sort of crime, which is pushing it too far as you become comfortable. Rather like gambling, you need to know when to quit after you have made enough. If he had stopped after making his first million and a half or so in say 16 months and disengaged to let all go cold plus quiet, then he could have let the trail cool off and just hung out for a year or so and then done it again from a fresh position. This would also give him time to refine his MO and become even harder to catch ... but no, he fell into the hubris trap that is that everything is fine and things will continue the same indefinitely. That is where he was a dimwit but the scam was good for out here to be fair.  

[KhunBENQ]

3 hours ago, Selatan said:

It's a useless idea. You have already provided your CVC code to mobile phone operators and online shopping sites.

Does the article say he hacked into the IT system to steal the data?

Or is he just in the league of the pump station attendants taking picture/photocopy of the physical cards? (another reported fraud some months ago).

 

[KhunBENQ]

3 hours ago, Selatan said:

What about TACs though? Do online shopping sites in Thailand use them?

When using my credit card the authorization is not dependent on the shop but on the credit card issuer. I always had to confirm via the Verified by VISA procedure even for the Kasikorn virtual credit card and small amounts less than 2000 Baht.

Recently bought a laptop at Lenovo Thailand online shop.

This went through to a Thai service provider and then I had to do the full two factor authorization for my German credit card/issuing bank.

With the EU PSD2 directive being mandatory from tommorow all such transactions have to follow a two factor authorization. Methods may vary.

[neeray]

7 hours ago, gamesgplayemail said:

 

yes, too smart for you to understand I guess ❤️

 

 

There are some great members on TVF. And then there are axxholes like you.

Just because I call a thief a "scumbag" for stealing, then a "dumb scumbag" because sooner or later he should have known he would get found out, best you can do is insult me.

But ...... Your screen name alone pretty much says it all. I see you as just a lonely, bored "game player" who's got nothing better to do than troll a site.

Or perhaps you are akin to him and collect illicit funds in a similar manner. That said, you too qualify as a "dumb scumbag".

[gamesgplayemail]

18 hours ago, neeray said:

There are some great members on TVF. And then there are axxholes like you.

Just because I call a thief a "scumbag" for stealing, then a "dumb scumbag" because sooner or later he should have known he would get found out, best you can do is insult me.

But ...... Your screen name alone pretty much says it all. I see you as just a lonely, bored "game player" who's got nothing better to do than troll a site.

Or perhaps you are akin to him and collect illicit funds in a similar manner. That said, you too qualify as a "dumb scumbag".

 

I only said

yes, too smart for you to understand I guess 

 

 

you said

axxholes like you.

 

 

the one who insults is you.

 

And yes, I have been scamming smart people like you in another life, and I will never regret ❤️

 

 

 

[olfu]

Oh, I see really nice people here insulting each other.

[Selatan]

On 9/12/2019 at 8:42 PM, KhunBENQ said:

Does the article say he hacked into the IT system to steal the data?

Or is he just in the league of the pump station attendants taking picture/photocopy of the physical cards? (another reported fraud some months ago).

 

He probably doesn't need to hack into the IT system because he was working at the mobile phone company. He could have easily copied the database out. Mobile phone and online shopping companies may not be as stringent as banks when in comes to security. 

Malaysian data breach sees 46 million phone numbers leaked

[Selatan]

On 9/12/2019 at 8:48 PM, KhunBENQ said:

When using my credit card the authorization is not dependent on the shop but on the credit card issuer. I always had to confirm via the Verified by VISA procedure even for the Kasikorn virtual credit card and small amounts less than 2000 Baht.

Recently bought a laptop at Lenovo Thailand online shop.

This went through to a Thai service provider and then I had to do the full two factor authorization for my German credit card/issuing bank.

With the EU PSD2 directive being mandatory from tommorow all such transactions have to follow a two factor authorization. Methods may vary.

I think it does depend on the shop. For example, if I buy something on Amazon (US) or Aliexpress (China), I don't get the Verified by Visa procedure. But when buying from Shopee Malaysia, I do get the Verified by Visa procedure using the same card. Just like the article had said, the perpetrator had been buying from Amazon and eBay using the stolen card information. If a two-factor authorisation have been used by eBay and Amazon, then how did he managed to buy all those things? 

[the guest]

You've got to give him "credit" that he lasted so long without getting caught !