Thai police announced on Monday that they will investigate a recent case of online banking fraud involving unauthorized online transactions that affected over 40,000 people. In all, around THB 130 million (USD 3.9 million) was lost, according to the Bank of Thailand (BoT).
Kornchai Klaiklung, the Cyber Crime Investigation Bureau (CCIB) commissioner, said that police officers are in talks with the BoT and the Thai Bankers’ Association (TBA) to find a solution.
On Tuesday, the BoT and the TBA said at a joint press conference that the unauthorized payments were “not caused by leaks of information from the banking system.”
“The main cause is that scammers randomly collect card data and use it to fake transactions through foreign online stores without using one-time passwords. Around 10,700 cards were misused as a result of the incidents, with most of them being debit cards,” representatives of BoT and TBA said. Most of the incidents involved a small sum of transactions, around one US dollar, and were abused repeatedly, they added.
On Monday, officials from the CCIB said during a press conference that cybercriminals abused a loophole in the banking system. Some banks, as well as credit and debit card issuers, do not report transactions with low purchase amounts.
The BoT and the TBA promised to implement measures to prevent the incident from happening again, including improvements to their detection systems for low-amount and high-frequency transactions. They also announced joint measures to send out notifications for every transaction through channels such as mobile banking, email, or SMS. Furthermore, if a customer is found to be a victim of fraud, they will receive a refund within five business days.
An online support group on Facebook for victims who lost money in the scam has quickly amassed over 94,000 members. “I never thought I’d encounter something like this. [My money] was withdrawn over 300 times, totaling around THB 20,000 (USD 600). I just want my money back,” said a user named Numfon Sri on October 17.
In some claims that were viewed by KrASIA, victims only learned about the fraudulent transfers after checking their transaction records. “After contacting the bank, they told me to wait for the investigation, which takes around seven days. Hopefully, I’ll get my money back because this is not my fault. This is so sad,” Numfon said in the post.
Another group member who goes by Chompookammam Sangthong said that fraudsters were able to spend over THB 50,000 (USD 1,490) from her account. “They withdrew money every second,” she wrote.
This large-scale fraud involving 40,000 people is the latest in a series of high-profile cybercrimes that took place in Thailand. On September 7, the Ministry of Digital Economy and Society admitted that the data of 16 million patients stored by the Public Health Ministry was stolen in a hack. Two weeks later, the National Cybersecurity Agency of Thailand confirmed that the information of around 106 million visitors to Thailand was posted online as a result of a data breach.