Some credit card holders from several major banks in Singapore have reported of being hit with fraudulent charges from Taiwan-based Neweb Technologies.
The banks affected include Citibank, DBS Bank, the United Overseas Bank (UOB), and the Oversea-Chinese Banking Corporation (OCBC) Bank.
According to the Hardware Zone online forum, the victims said that they were charged with multiple transactions from Neweb Technologies. Some were alerted to the charges after receiving SMS notifications of the transactions.
Acknowledging this incident, DBS is "actively reaching out to customers who may have been impacted and is promptly replacing their cards," said its spokesperson in a media statement. DBS will also "refund affected customers for confirmed unauthorised transactions." Likewise, OCBC will be reimbursing unauthorised transactions and replacing the affected cards, said Wong Chung Yee, head of Cards and Personal Loans at OCBC Bank. As for UOB, it has gone a step further by blocking transactions with Neweb Technologies, according to its spokesperson in a media statement.
DBS is currently investigating the matter and will "continue to monitor card transactions for any unusual or suspicious transactions," said DBS' spokesperson. Citibank on the other hand told The Straits Times that it has tasked credit cards firms such as Visa and MasterCard to investigate this incident as there was no breach of its systems in which customer information was stolen.
While it is difficult to pinpoint the exact cause of this breach at this juncture, Anshuman Singh, director of Product Management at Barracuda Networks provided three possibilities. One possibility is that hackers could have collected the credit card information from bank databases, credit card processing companies, online portals or from point of sales transactions in retail store. Another possibility would be that a credit card payment processing company's network was compromised. The last possibility would be that a retail store had its point of sales system compromised by malware that reads credit card information when they are swiped during payment.
To protect themselves from such breach, credit card holders should enable the two factor authentication for their transactions, said Singh. Banks are also encouraging their customers to subscribe to SMS alerts in which text messages are sent to their mobile phones if unusual transactions above the pre-specified threshold limit are made to their accounts.