Three Foreigners Arrested Over A T M Fraud In Phuket

[blackthorn2005]

I was recently approached by a Frenchman, while I was using an ATM in Patong, he was clearly trying to me enter my PIN,over my shoulder. When I had finished he was telling me my transaction was not finished, I told him it was, he insisted I re-insert my card, I walked away and took his photo, from a distance he was very obviously skimmer. I tried to report this to the police, as usual, they did not want to know!

[Guest]

It's funny how you can do an internet bank transaction in the safety of your own home, using a secure connection to the bank, VPN's, firewalls, antivirus etc and the bank requires a OTP for that transaction, but at the ATM, very little security, just a magnetic strip and only one four digit PIN number required. There's a camera filming the transaction, that's about it.

One major part of data security is availability and usability.

I would guess the banks have people to calculate which is the best overall way to handle security and the winner is still the current solution.

On the other hand, some countries are already pretty far using other payment methods than cash.

[Jimi007]

With many banks now, you have to ring them and tell them the card will be used overseas Eg. Thailand, during in the next 2 weeks.

I have come across many tourists at ATM's where their card didn't work. I asked them if they rang their bank and told them they were going overseas on holidays. They didn't.

This is also an anti theft measure, but obviously, you can still be skimmed in your own country.

This thread is rather amusing to me at this point. My "Platinum Privileges Reward" credit card has a chip in it. None of my ATM cards do (I have four), because I use them internationally! I also have a really cool card called "safe pass" it generates OTP passwords at the push of a button anywhere in the world! It's the size and thickness of a credit card with an LCD display! It still is only used for online banking, not for ATM or credit card transactions... And yes, you do need to notify your bank if you are using a debit or credit card outside of your home country in the west at least. When I put my BKK Bank ATM card in a US ATM it gave me my account balance right away.

[quote name="NamKangMan" post="6306195" timestamp="1366034193

I agree. There has been some funny posts. I'm sure many have found my idea amusing as well.

It was just an idea. It's a service I would use, it may not be for everyone.

It's funny how you can do an internet bank transaction in the safety of your own home, using a secure connection to the bank, VPN's, firewalls, antivirus etc and the bank requires a OTP for that transaction, but at the ATM, very little security, just a magnetic strip and only one four digit PIN number required. There's a camera filming the transaction, that's about it.

Anyway, anyone would think I suggested a DNA sample must be lodged for every ATM transaction.

I rather doubt the camera uses "film"! But have you ever ATM card been skimmed? Mine never has, but I do check my usual ATM machines for anything that I could pull off of the card reader or anyone lurking around. I also cover my PIN number input with my hand. Thailand is a mostly cash economy, and you need to take care. I never leave cash around my house and have bank accounts at the banks that have the most ATMs here. Edited April 15, 2013 by Jimi007

[NamKangMan]

I would think that the amount of money which is skimmed is minuscule compared to the cost of the system to enable international SMS pin code verification.

At this point is good to start to think of the magnitude of the system. Specifications, agreements between banks, mobile operators, etc. ATM software upgrades, backend system upgrades. Clarifying who owns the customer mobile number information. Who overviews all of this?

What messages will be sent from the ATM to local bank to foreign bank, to foreign mobile operator, to local mobile operator, to the mobile device.. and verifications.

After this it's time to think what if scenarios. What happens if some fisherman cut's and internet backbone and wide area routing is messed up for 15 minutes.. That's only one very simplified branch of what could ever go wrong while a person is waiting for SMS at the ATM, which never came.. or could not be verified.

It's all but simple and will cost way more than few millions or tens of millions euros which are lost due ATM skimming.

I hear you, it was just an idea.

Another idea from a member was something similar to "Verified by Visa" - I have that as well, but you still have to enter your password, which can be captured by the skimmer. The phone SMS is a OTP so even if the skimmer captures it, it has been used and no longer of any value and the PIN and magnetic strip information is no good to him because he also needs the owners sim card/phone.

Yes, there would be some logistics that would have to be addressed, but currently, I have internet banking with Kasikorn and a Thai sim card on global roaming. When I do a visa run, or visit family in my home counrty, my Thai internet banking still works with my Thai sim card, in the other country. I would suggest, the ATM transaction would work the same.

Also, the bank from my home country still SMS me, in Thailand, on the same phone (dual sim phone) when monthly bills are being paid. The withdrawal transactions are SMS to me. Now if that was an unauthorised withdrawal, I would ring the bank and cancel the card straight away.

So, I'm currently using global roaming sim cards, OTP, SMS "alerts" for two countries, whilst in other countries. I really can't see why this couldn't be extended to cover ATM's.

Sure, some time SMS are delayed etc - but sometimes internet bank goes down for maintenance as well. Even over the counter transactions have limitation Eg. you must show ID and/or it has to be in business hours. It could be offered to those who would accept the extra security may come with some unreliabilty.

Like I said, I would request the service if it existed, but it may not be for everyone.

[khaowong1]

A little common sense is all that is required. If there's some kind of phony looking device attached where the atm card goes into the slot, hmmm. Cover the key pad with your hand while entering your pin number. etc. I try to use only those atm machines in front of a bank and if not possible, really look at the machine before putting in your card. Another useful tip, get your money somewhere safe before you start at the bars. After you've imbibed a dozen beers your common sense goes out the door. just saying.. been there, done that.

[NamKangMan]

Amazing to see it's farang doing that in Thailand as it's Eastern Europe and Balkans criminals doing it in Western Europe !

Strange how they only catch the farang for this crime.

Thailand is famous for copying things. DVD's, CD's, handbags, T-Shirts, computer software etc etc - but NEVER an ATM card. :)

[zaZa9]

Well, that's 3 undesirable "guests" accounted for ...and good riddance ,although it seems that they spent more ,and stayed longer than the average tourist ...............

I bet they rented T Max's and drove full pelt to Laem Singh each day , doing their best to endanger others lives and wear out the brakes and horn...

[Locationthailand]

If we all only knew that anything we do through banks is open to anyone. Including the police.

[maidu]

I started a thread on this over a week ago on the Chiang Rai forum. I got money stolen via fake ATM card on my SCB account. The breach seems v. likely to have been at Bank of Ayutaya ATM machine located at Overbrook Hospital here. All but one of the thieving withdrawals happened at KrungThai ATM machines. Yes, I have no problem with 'naming and shaming' whereas the articles in this thread are too pussy-footed to name any banks involved. Of course, the culprits are the thieves themselves.

Update: a local cop says he's on the case, though he won't specify what he's done or is about to do. I'm told that cops don't work during Songkran week - or at least not on anything outside the Songkran sphere. The banks I mentioned in the earlier paragraph have not contacted me or given me any news about anything. No surprise, as they're all Thai banks. They're hoping this whole problem will blow away, and they can go back to the biz of controlling other peoples' money.

[Locationthailand]

HSBC (HK) use a toggle for internet banking and transactions like transfer. Brilliant system and I think exceptionally safe, but ATM's? No. I only bring into the Thai banks the amount I need to draw.

[Hugh Jarse]

A simple authenticator (either as a keyring device or as a free app on your smartphone) will do the trick. Add biometrics if you're paranoid.

- Something you have

- Something you know

- Something you are

One of my banks have them, but if you lose it, have it stolen, or it gets broken, you're in some trouble.

No, you simply get a new one.

Great. I'm sure you do get a new one.

How do you get a new one when your bank is in Russin/UK/America/Europe etc and you are on holiday on Phuket for 10 nights????????

How do you get your money out for your holiday?

Even if someone is back home and gets your post and gives you the code over the phone, you are still waiting 3 days to access your money.

Good point, suggest you get travelllers cheques as a back-up and ideally a second or third ATM account, as well as a cash reserve.

[kiniyow]

According to Bangkok Bank they can't cover any losses neither can they send an SMS showing any withdrawals.....A Major International Bank...

[Jimi007]

If we all only knew that anything we do through banks is open to anyone. Including the police.

Not anyone, unless they are a hacker or a Government or your bank... But yes, I am well aware that my data is accessible! Therefore I am legitimate and file all necessary paperwork to live where I chose to, so I never have any problems...

[JDGRUEN]

Interesting that banks from western countries cover the losses from fraud while Thailand banks do not.

Yes it is. That's why I have two accounts with one Thai bank. I simply go online and transfer the amount I want to withdraw from the ATM to the account with little to no money in it...

This is a very good practical idea - especially for Expats... Tourists in Thailand could do this in a similar way ... use a PrePaid Debit / ATM card like the American Express Bluebird card (and there are a number of others). Then just transfer money into it from another account over a secure Internet server as needed. It works great. Then just use the prepaid debit card for ATM withdrawals and even POS purchases. Recharge the card as necessary. Keep your real cards locked up. Yes - there are charges - but reducing the risk of a large loss - it is worth it. And the pin number for most of these cards can be changed in minutes by a visit to a secure on line server or by a telephone call.

[kevinc]

I have a good idea, Why dont the banks let you pick a pin (password) that has 6 digits but is not too difficult for you to remember, e.g: 162434 then when you put your card the ATM asks you to imput only 3 of those numbers, for example, the first, fourth, and fifth number. Then next time (for example), the second, third, and fifth, that way if someone scammed your pin then they will only have the 3 digits of a 6 digit code. It would be very difficult for the scammers to 'guess' your other 3 numbers and after 3 failed attempts the card should be 'swallowed' then reported thus saving the banks having to pay you out?

..Just an idea, please dont hammer me for my simple idea.. ha ha.

[Jimi007]

I have a good idea, Why dont the banks let you pick a pin (password) that has 6 digits but is not too difficult for you to remember, e.g: 162434 then when you put your card the ATM asks you to imput only 3 of those numbers, for example, the first, fourth, and fifth number. Then next time (for example), the second, third, and fifth, that way if someone scammed your pin then they will only have the 3 digits of a 6 digit code. It would be very difficult for the scammers to 'guess' your other 3 numbers and after 3 failed attempts the card should be 'swallowed' then reported thus saving the banks having to pay you out?

..Just an idea, please dont hammer me for my simple idea.. ha ha.

Okay, I won't hammer you! LOL! But the four digit PIN is the worldwide standard. Until there is an international agreement with VISA and Mastercard to change it.

[atyclb]

Its a relief in itself to see an african guy not selling drugs

[Jimi007]

It's really entertaining to see old mongers pretend they understand basic concepts like SIM cards when actually they don't.

It's even more entertaining to read that some young punk doesn't even know the difference between CDMA and GSM! Hum.. Then again you may not know the difference between HSPA and LTE...

Edited April 15, 2013 by Jimi007

[Anon999]

Skimming is becoming more and more prevalent - what are the banks doing to ensure their ATM's are skim-free?

Also, the news report shows 3 people and lists 3 names - but then it switches to 4 and then back to 3...who edits these articles?

I have always wondered WHY the banks can't have an OTP (one time password) sent via SMS for every ATM transaction, just like they do for internet banking transactions.

The "skimmer" would also have to steal your phone - highly unlikely.

Surely this would be easy to implement and would make skimming a thing of the past, virtually overnight.

Very inconvenient, and who is going to pay for the roaming charges?

Quite a few banks have IMO much better solutions for internetbanking than the SMS passwords by the way.

"Inconvenient" - what, entering on the key pad an extra few numbers???? Most people are with their smart phone 24/7 these days. A smart phone has become like a watch/wallet/wedding ring. It goes where you go. Now what would be inconvenient is having your card skimmed and then having to cancel your card and wait around 6 weeks for your bank, if you are lucky, to refund you the money. I have no doubt these skimmers have ended many tourist's holidays by cleaning out their bank account.

"Roaming charges" - there are none to receive an SMS. There is to send one, but you are not sending, only receiving.

Taking onboard your post, the minor inconvenience using an OTP can be further minimised with any transaction under $100 not triggering the OTP, but more than one transaction a day does, or something similar.

It's just something I'm surprised the banks haven't implemented. All the hardware is in place. ATM, keypad and mobile phone and they already have similar software in operation for the internet banking.

And OTP's do not always arrive. Have had to try many times without success and then wait until late at night, on more than one occasion, to complete an on-line transaction. Therefore it can be very inconvenient,

[annabel]

Interesting that banks from western countries cover the losses from fraud while Thailand banks do not.

Yup and I can vouch for that ... 8 years ago I lost my Bangkok Bank ATM card in Canada and didn't notice it till I was back 3 weeks later as didn't need to use it there.. well let me tell you that 657,000 Baht later when I went to Bangkok Bank on Taphae Rd in Chiang Mai they were total <deleted> in dealing with this... for weeks on end and everyday withdrawals of the same amount 10 - 12 times every day and nobody in Bangkok Bank in Head office got suspicious and this went on for almost 3 weeks ... Pfff.. However when I needed a new bank book I had to fill in umpteen forms and have my passport photocopied and sign it at least 3 times just to get a New Stupid Bank book ... but did their brains work when they saw day after day the same amount of money been taking out 10 - 12 times every day ... Duhh!!!... And then give me the run around for a whole year and not support me one bit while I was trying to file a police case here and in Canada .. I finally gave up and lost out on a huge amount of money and Bangkok Bank just didn't give a hoot ... I even went to a lawyer (Sunbelt) to try and pressure them to at least give me what I needed for the Canadian Police to pursue the investigation which they were refusing to give me ,,,, and what was I told... Umm Khun Annabel ,,, cannot ... big case and big company and would cost more than your loss so in other words.. go home and forget it and swallow your minimal loss

[HarryMilton]

Skimming is becoming more and more prevalent - what are the banks doing to ensure their ATM's are skim-free?

Also, the news report shows 3 people and lists 3 names - but then it switches to 4 and then back to 3...who edits these articles?

I have always wondered WHY the banks can't have an OTP (one time password) sent via SMS for every ATM transaction, just like they do for internet banking transactions.

The "skimmer" would also have to steal your phone - highly unlikely.

Surely this would be easy to implement and would make skimming a thing of the past, virtually overnight.

Let me emphasize you made a very VALID and IMPORTANT point here Mr. NamKangMan!

You want the bank staff to have your password!?

[slipperylobster]

What lunacy. Still will not buy a phone to get money no matter what your preferences are. Good luck on the holidays standing ing line waiting for a phone call. lol

You obviously have no idea what an SMS is.

... -- ...

[Dancealot]

Skimming is becoming more and more prevalent - what are the banks doing to ensure their ATM's are skim-free?

Also, the news report shows 3 people and lists 3 names - but then it switches to 4 and then back to 3...who edits these articles?

I have always wondered WHY the banks can't have an OTP (one time password) sent via SMS for every ATM transaction, just like they do for internet banking transactions.

The "skimmer" would also have to steal your phone - highly unlikely.

Surely this would be easy to implement and would make skimming a thing of the past, virtually overnight.

Let me emphasize you made a very VALID and IMPORTANT point here Mr. NamKangMan!

You want the bank staff to have your password!?

Explanation of the OTP system at the ATM.

1 Get the bankcard and stick it in the ATM

2 Enter the PIN number

3 Request amount from the ATM

4 Get ANOTHER password(OTP) on your MOBILE to verify the transaction

5 Enter the OTP in the ATM

6 Get the money

This system is already there for years with online banking and IMO is 99.96% safe.

Edited April 15, 2013 by Dancealot

[Estrada]

According to Bangkok Bank they can't cover any losses neither can they send an SMS showing any withdrawals.....A Major International Bank...

I am with Bangkok Bank and I get an SMS every time I make a withdrawal. All you have to do is to register for internet banking. If someone were to withdraw money from my account I would know usually within seconds which would allow me to inform the Bank. Only a maximum of B40,000 can be withdrawn using my ATM.

Thai Banks issue ATM and Credit Cards like confetti to customers that cannot handle their expenditure. In the past too many customers withdrew everything from their accounts and/or max'd out their Credit Card Accounts and then reported them stolen. For this reason they will not cover compensate them for loss. Another scam affects the financing of vehicle purchase whereby customers buy cars they cannot afford on Bank Credit, then arrange for it to be stolen (often ending up in Cambodia). They get compensated from the insurance company and also get money from the car thieves.

[meatboy]

once again criminals over staying their visa's,these three were not staying in a run of the mill b.b.so is it not time that all hotels,clubs.guest houses took down the dates of visa's or is it too complicated,they would soon contact immigration if you didnt pay your bill.

[joecos]

Skimming is becoming more and more prevalent - what are the banks doing to ensure their ATM's are skim-free?

Also, the news report shows 3 people and lists 3 names - but then it switches to 4 and then back to 3...who edits these articles?

I have always wondered WHY the banks can't have an OTP (one time password) sent via SMS for every ATM transaction, just like they do for internet banking transactions.

The "skimmer" would also have to steal your phone - highly unlikely.

Surely this would be easy to implement and would make skimming a thing of the past, virtually overnight.

BKK bank do this for internet banking its a great idea. But i hope they throw away the key

for these scum, be very surprised if Eastern Europeans are not involved.

[NamKangMan]

I have a good idea, Why dont the banks let you pick a pin (password) that has 6 digits but is not too difficult for you to remember, e.g: 162434 then when you put your card the ATM asks you to imput only 3 of those numbers, for example, the first, fourth, and fifth number. Then next time (for example), the second, third, and fifth, that way if someone scammed your pin then they will only have the 3 digits of a 6 digit code. It would be very difficult for the scammers to 'guess' your other 3 numbers and after 3 failed attempts the card should be 'swallowed' then reported thus saving the banks having to pay you out?

..Just an idea, please dont hammer me for my simple idea.. ha ha.

Not a bad idea at all, but as Jimi007 says, it would have to be a 4 digit PIN - so, you would now be required to remember a 7 or 8 digit "composite PIN." Not too difficult, considering most people can remember a phone number.

[NamKangMan]

Interesting that banks from western countries cover the losses from fraud while Thailand banks do not.

Yes it is. That's why I have two accounts with one Thai bank. I simply go online and transfer the amount I want to withdraw from the ATM to the account with little to no money in it...

This is a very good practical idea - especially for Expats... Tourists in Thailand could do this in a similar way ... use a PrePaid Debit / ATM card like the American Express Bluebird card (and there are a number of others). Then just transfer money into it from another account over a secure Internet server as needed. It works great. Then just use the prepaid debit card for ATM withdrawals and even POS purchases. Recharge the card as necessary. Keep your real cards locked up. Yes - there are charges - but reducing the risk of a large loss - it is worth it. And the pin number for most of these cards can be changed in minutes by a visit to a secure on line server or by a telephone call.

This is the way I do it when I go to high risk countries. Even if they have a gun to my head at the ATM, they can take the card and I'll give them the PIN - there's not much money on the pre-paid card once I leave the hotel room. Just enough for dinner, drinks and transport.

Just before leaving the hotel, I use the phone or internet to just put the small amount of money I will need on the card.

I carry more than one pre-paid card, so, even if skimmed, mugged, pick-pocketed, bag snatched, armed robbed etc - I don't lose much and don't have to even bother with ringing up and canceling the card. They can have it, it's useless to them with "insufficient funds."

[NamKangMan]

Interesting that banks from western countries cover the losses from fraud while Thailand banks do not.

Yup and I can vouch for that ... 8 years ago I lost my Bangkok Bank ATM card in Canada and didn't notice it till I was back 3 weeks later as didn't need to use it there.. well let me tell you that 657,000 Baht later when I went to Bangkok Bank on Taphae Rd in Chiang Mai they were total <deleted> in dealing with this... for weeks on end and everyday withdrawals of the same amount 10 - 12 times every day and nobody in Bangkok Bank in Head office got suspicious and this went on for almost 3 weeks ... Pfff.. However when I needed a new bank book I had to fill in umpteen forms and have my passport photocopied and sign it at least 3 times just to get a New Stupid Bank book ... but did their brains work when they saw day after day the same amount of money been taking out 10 - 12 times every day ... Duhh!!!... And then give me the run around for a whole year and not support me one bit while I was trying to file a police case here and in Canada .. I finally gave up and lost out on a huge amount of money and Bangkok Bank just didn't give a hoot ... I even went to a lawyer (Sunbelt) to try and pressure them to at least give me what I needed for the Canadian Police to pursue the investigation which they were refusing to give me ,,,, and what was I told... Umm Khun Annabel ,,, cannot ... big case and big company and would cost more than your loss so in other words.. go home and forget it and swallow your minimal loss

This is why I have "SMS alerts" on the bank account from my home country. For every transaction on that account I receive an SMS and an email. I pay a small fee for the SMS (no roaming charges) and the email is for free.

I'm in Thailand and if there is a withdrawal from my home country that shouldn't have occurred, I know about it straight away and I can get straight on the phone to cancel the card. Even if they had that system here (maybe they do now - I haven't checked) it would go a long way to minimising the loss of the victims and making skimming a less profitable crime.

If the bank in my home country can do it, why not Thai banks???? It would have certainly stopped what happened to you.

[NamKangMan]

Skimming is becoming more and more prevalent - what are the banks doing to ensure their ATM's are skim-free?

Also, the news report shows 3 people and lists 3 names - but then it switches to 4 and then back to 3...who edits these articles?

I have always wondered WHY the banks can't have an OTP (one time password) sent via SMS for every ATM transaction, just like they do for internet banking transactions.

The "skimmer" would also have to steal your phone - highly unlikely.

Surely this would be easy to implement and would make skimming a thing of the past, virtually overnight.

Let me emphasize you made a very VALID and IMPORTANT point here Mr. NamKangMan!

You want the bank staff to have your password!?

It's a randomly generated "one time password" or OTP - it's usually a number, not a word. Computer software generates it and it's only good for one transaction. No bank staff know what it is and if they ever did, you have already used it by then and it's now no good for anything, hence, no good to the skimmers, either.