Credit Card Fraud and SMS Alert

Credit Card Tutorial by GenX @ http://www.GenXGenYGenZ.com

Update August 2016 – RFID Blocking Wallet for PayWave and PayPass cards.

INTRODUCTION

I am sure you have received many SMSes from your bank(s) to warn you about Phishing and not to click on any links requesting you to update your personal information or password.

Nowadays, whenever we visit our Bank’s website, we are sure to be welcome by a warning “Protect Yourself” against all types of scams. And one of the most common scams is called Phishing.

I thought it might be worthwhile that I copy part of Maybank’s Scam Alert Notice and repost them below:

  • Phishing is a word stemmed from password + fishing.
  • Phishing scams are a form of identity theft, where spam emails are sent out to entice the victims to update their banking credentials.
  • The victims are tricked to click on a bogus hyperlink provided by the fraudster as long as they maintain an email account.
  • The victims will then be redirected to a fake login site that is identical to the Maybank2u website.
  • Phishing websites and emails often look like the real website. Because of that, unsuspecting victims may reply to them and provide confidential personal information that can result in financial losses and identity theft.

Never respond to emails that:

  • Requires you to submit your personal information directly into the e-mail or online.
  • Requires you to reregister your security image, caption and challenge questions.
  • Threatens to close or suspend your accounts if you do not respond.
  • Claims there are unauthorized transactions on your account and requires your account information.
  • Claims that your account has been compromised and requests you to enter, validate or verify your account information.
  • Requires you to enter your card number, password, user ID or account numbers into an email, pop-up window or non-secure webpage.
  • Requires you to confirm, validate, verify and/or update your account or credit card information.
  • Requires you to confirm your IP address.

I guess you may be asking, what the heck has Online Phishing got to do with credit card fraud? Well, they are related in a way and I am going to tell you how fraudsters/syndicates can call you up and even know your name.

If you are a regular reader of mine, you will know that I am an ultra kiasu person. I have  many email accounts for this and that. However, I have only one specific email account which I will only  disclose to the banks and nobody else.

I also have an email set up to receive junk mail. For example, when signing up for a discount/reward card with a specific merchant or when entering contests or when redeeming for free stuff at the malls.

I, myself have received Phishing emails but the odd thing is that they were sent to my email set up to receive junk emails only!!! As such, the only way the scammers obtain my junk email account was because I somehow “intentionally gave it to them” as mentioned in the paragraph above.

As for phone scams relating to credit cards, I tell you, I receive them very often and they know my name! They will call me and say they are from RHB Bank, MasterCard, Credit Card Agency (or something like that),  and once even AKPK (Agensi Kaunseling & Pengurusan Kredit)! How these syndicates obtain my mobile number and name is via the same method as in email scams – they purchase them!

Most of these unscrupulous syndicates that tricked you into releasing your personal information, obtain your contact number by purchasing them from unethical people who sell them for some cash. For example, you are at the mall where they are offering freebies with the use of your credit card. So in order to redeem the gift, you have to write down your name, credit card number, contact number and sometimes even your NRIC number. The person who has access to the list of names then sells it for some cash. Be extra careful of people who claim to be doing surveys or promoting products in public places. Sometimes I feel that bank employees may also be involved as it was reported in LYN forum that someone called a member where they correctly stated his name and the 16 digit card numbers to enquire if he activated the card. Once again banks have no time for social calls.

However, like I said, I’m ultra kiasu. I have 4 active sim cards (1 Dual Sim Phone and 2 other phones where one of them is not a smartphone). One of the mobile numbers (let’s call it number X) is disclosed only to my family members and the banks at the time of opening an account (to receive SMS Alert on my credit card usages). Another number that is in my non-smartphone (let’s call it number Y) is disclosed to everybody else who need to contact me plus it’s given out to whomever request for it (e.g. merchants, when redeeming for gifts, behind my cheque, filling up bank forms to purchase bank drafts, etc). The other two numbers, one is in another smartphone (to play games, hahaha) and the other is my Australian number in my Dual Sim Phone.

If you noted in the above paragraph, I mentioned cheque. You see, once I paid my HSBC credit card bill using my RHB Premier Banking cheque and deposited the cheque into a Cheque Deposit Machine at a HSBC Branch. I don’t have any banking accounts with HSBC. A few days after depositing the cheque, I got a call from a Relationship Manager from the HSBC branch  (that I deposited the cheque) asking if I was interested in their Term Deposit Promo. What this shows is that our personal details is not secured even though we are dealing with a reputable company because their staff may misuse confidential information/data for personal gain.

So far, I have not received any scam phone calls on my number X. As for number Y, I tell you, the number of scam calls I received is unbelievable and sometimes from overseas too!

 With the above, unless you have two or more phones like me, the probability of you getting a scam call is very very high.

Credit Card Fraud

I shall now present to you the various types of credit card scams.

CALLS FROM PERKY PESKY MARKETING PEOPLE PROMOTING INSURANCE, HOLIDAY RELATED PLANS AND OTHER SERVICES

You may get a call from a person claiming to be a bank representative promoting Personal Loans or Insurance . If they ask you what card you have or your IC number, straight away you know it is a fake call. But sometimes, these people can tell you your actual card type and even the 16 digit card number. They will then proceed to ask you for your address or the 3 digit security number (CCV) behind your card. Never ever release the 3 digit security number behind your card to any stranger who calls you. Don’t even talk to them.

Years ago, I got calls from representatives of genuine insurance companies. BUT, the caller will mention something like they are from the bank or even MasterCard or Visa instead of the insurance company and that will piss me off because they are lying out right. And usually, they don’t have my card number or much details about me.

And if you say you will call back to the bank to purchase the service, the caller will give you 101 reason why you can’t. Sure sign that the caller is not from the bank.

Another very common scam is you may get a call from a person claiming to be from your credit card issuer and they know your name and maybe even your 16 digit credit card number. They may say that they have a very special promo for you (e.g. holiday package) and then request some further personal information for verification purposes. DO NOT EVER entertain anyone who ask for your personal information especially the 3 digit CCV number behind your Visa/MasterCard or 4 digit CCV in front of your AMEX card. Many people have reported at LYN that they have been conned by this kind of modus operandi.

CALLS OFFERING PERSONAL LOANS AND DEBT SERVICES

Nowadays, the most common call I get are related to Personal Loans from banks. Most of the time the calls are genuine, and how do I know? Because the person on the other end of the line can speak pretty good English when I ask them to do so. I will just reply not interested and they will say thank you and hang up the phone.

The worst bank is HSBC which has my mobile number X. Their representative will call me every other week and those bloody fools can’t even differentiate overseas dial tone versus local and I have to waste my bloody money answering calls when I am overseas. I have called up their Customer Service twice before and instructed them not to have their representative call me but to no avail. The harassment by HSBC finally stopped after I cancelled my HSBC Visa Signature. Thank God!

Once in a while I will get a call relating to credit card debt on my mobile phone Y. The caller will claim they are from some Credit Card Processing Center or whatever. When I ask them to speak in English, they will answer in “broken” English that they  are offering to consolidate my credit card debt. I will just reply not interested and they will hang up without saying thank you.

Sometimes I will get a call where the caller will speak in either Cantonese or Mandarin and addresses me by Mr. XYZ (they know my name). The moment I ask them to speak in English, they will hang up the phone, hahaha.

And one time, a person called me on my mobile phone Y and claimed he is from AKPK!!? Unbelievable right, but I guess there are people out there who are easily fooled or else the syndicates won’t claim they are from AKPK.

In respect to the above examples, if you really really need help on your debt issues and are considering getting a loan product utilizing your credit card credit limit. My advise to you is to call your credit card issuer using the number behind your card and not talk to any person who calls you. How do you know if the other person on the other end of the line is not a scammer out to con you?

CALLS CLAIMING TO BE FROM THE BANK OR BNM

If anyone calls you to tell you that your card has been cloned and then proceed to ask you for your personal information such as Card Number or IC number or CCV number, that call is fake. If your card was really cloned, the bank may call you and tell you that they have suspended your card and that is all i.e. they won’t ask you for any information for verification purposes. And if you do receive this kind of call, hang up and call Customer Service immediately and inform them of such call.

One thing for sure, Bank Negara Malaysia doesn’t have the time and wouldn’t be bothered to call you and assist you with your problems.

CALLER ID SPOOFING – SCAM IMPERSONATING AS A POLICE OFFICER OR BANK OFFICER

It was reported by LYN members that they have received calls where the caller claims to be a representative of a card issuer and informing the victim that his name (they may even know the victim’s IC number) has been used for a credit card application which has accumulated a huge amount owing. The call will then be followed by another call by a person claiming to be a police officer wanting you to make a police report over the phone! (If your PDRM can take police reports over the phone, that would be just wonderful BUT that won’t happen in a zillion years.) And the victim may even get another follow up call from a person claiming to be from Bank Negara Malaysia. Once again, BNM will never call or email you.

Now, take note of this – the caller ID number that showed up on the victims’s mobile phone was the same as the genuine card issuer’s Customer Service number and a police station number. People are tricked into believing that they are actually receiving calls from a genuine source with Caller ID Spoofing. Click here to read more on Caller ID Spoofing at wikipedia.

I, myself have received a call where the scammer used Caller Spoofing ID. The number that showed up on my phone was the same as the one stated in RHB Website!!! When the caller said he was from RHB Bank, I immediately knew it was a fake call because he called my mobile phone Y (the one that I will disclose the number to the general public but not the one to the bank).

To Note:

  • Banks’ representatives who call you should be well versed in English.
  • If you get a call from a mobile phone, unknown number, private number and overseas number where the caller asks for your personal details, please do not ever entertain them.

Once again, I will emphasize here that you MUST NOT ever release your personal information to any stranger who calls you no matter how bad the news is. Even if the number looks genuine, say it looks exactly like the number behind your card, we can’t be 100% sure it is genuine with Caller ID Spoofing technology. If you get a call from the bank asking for personal info, hang up and call Customer Service (number behind your credit card) to verify the call.

INTERNET FRAUDULENT TRANSACTIONS

Fraud involving internet transactions are so rampant that BNM has issued a directive to banks that Debit Cards are not allowed to be used for overseas internet transactions unless requested by the cardholder. Some banks have gone even further by banning their Debit Cards from being used for Stream (to purchase credit for online games).

Two years back, my son’s Maybank 2 Cards AMEX was fraudulently used for  online transactions. Luckily I was made aware of the transactions vis SMS Alert and I notified Maybank immediately.

Nowadays, Maybank also does not generally allow their credit card users to perform overseas internet transactions. Many times my overseas internet transactions (e.g. paying my Australia apartment electricity bill) will be rejected whenever I used my Maybank Visa Infinite credit card. What I need to do is call Maybank Customer Service to inform them of the rejected transaction and they will tell me that they will “unlock” the transaction and ask me to try again in 10 to 15 minutes time.  It is a hassle but I don’t mind because it is for my own security and good.

However, for local internet transactions with one-time-password sent to my mobile phone (e.g. MSOS – Maybank Secured Online Shopping), I do not need to call Maybank as the transaction will be approved. For example, purchasing air tickets with AirAsia with Maybank 2 Cards AMEX (and earn 5X TP), we will need MSOS password. You need to call Maybank Customer Service to sign up for their MSOS.

CONCLUSION/REMINDER SO THAT YOU WILL NOT BE CONNED

Those of us who have credit cards are often disturbed by telemarketers offering bank products such as Personal Loans, Balance Transfers and Insurance. Well, some of us may be interested in signing up for a particular product but how do you know if the calls are genuine? And with Caller ID Spoofing we should be kiasu to the max.

Firstly, if the person is really calling from the bank, they will have your personal information such as your full name and credit card number. As such you do not need to tell them. If you are really interested in the product, my advise is that you call Customer Service (contact number is stated at back of your card and not the number given by others) to verify the call and in most cases you can apply for the product by simply calling Customer Service (number behind your card) or any of the banks’ branches or by fax (number given by CS or stated in the website) or by email (address given by CS or stated in the website).

Secondly, if the number is from a cell phone, you must not entertain them by releasing any of your personal info. Actually, don’t even talk to them.

Thirdly, Banks will never ask for your personal information over the phone. For example, you just made a “big” transaction, the bank may call you to verify the transaction and even tell you the exact amount but they will never ask you for any of your personal information.

Last but not least, never ever click on emails that show it is from a particular bank (unless you know for sure that it is genuine e.g. bank informing you that your statement is ready for viewing). If you want to log in online, sign out from your email and go to your browser, clear all cache and history and go directly to the bank’s website, but never from a link.

NEVER EVER RELEASE your full personal info to strangers (best if you can just give a name not as per your IC, example your IC name is Lee Leng Chai, write down your name as Bruce Lee or L C Lee instead. So when someone calls you with the nickname and claims to be from the bank, you’ll know it is fake. And if the caller address you by My. Lee, ask him/her which Mr. Lee? Same goes for emails. Create one account which is used for contests or merchant mailing and not related to banking. Actually, you should create one email account just for your online banking, separate from other emails and only known to the bank.

In my case, I carry many phones with different contact numbers, one for unlimited internet access, one for general use and one only known to the banks and my close family members. So when I get calls on my general line from people claiming they are from the banks, I will be extremely suspicious and if they call me on the phone which I use only for internet surfing, then I know it’s 101% a fake call. Usually, when I get calls from telemarketers, I would just say “not interested” and they will hang up. But once in a while I do get the pesky types who will irritate me by asking why I am not interested and I will then reply ” tak kerja lagi, takda duit” and that should normally do it.

It would be best if you don’t get any fake calls; but if you do, I hope by me writing this article and you reading it, it can prevent you from being conned by malicious blood sucking yet talented con artist out there.

SMS ALERT

In accordance to BNM rulings – effective from 1 January 2012, card issuers are to send out an sms alert whenever we do a transaction.

However, most of the banks do not necessarily sent out SMS Alert when we use our credit cards. Most of them have a default value, i.e. your transaction amount must be more than the default value.

What a joke, if BNM is serious in combating fraud charges and the banks are not greedy in making more money, the SMS Alert should be sent out for ALL types of transactions and NO DEFAULT VALUE SHOULD APPLY.

Why do I say it is a joke? Well, the person who stole or picked up your card(s) can go swipe as many times as he wishes (each transaction below the default value) and could total up to a few thousand Ringgit and you won’t get a single SMS Notification!

I really don’t understand why the card issuers won’t sent out SMS for any transaction? It will enable the cardholder to report to the bank/card issuer when their card account is being used by unauthorized people and thus prevent losses to the banks.

We keep getting useless SMS from banks on personal loans, balance transfer and all kinds of promotions without stating the terms and conditions. BUT they can’t send us an SMS Alert to reconfirm that our card account is being used (when it is below the default value). The banks should stop sending us those pesky SMS and instead use the money to send us SMS Alert whenever there is a transaction with our card account.

The good news is most banks nowadays allow us to change the default value. The best is Maybank, all you need to do is simply call Customer Service and request that the SMS default value be set to RM1. Other banks require that you fill in a form to change the default value.

My advise to all is that you should set your credit card SMS Alert default value to RM1. If your banks refuse to do so, write/email to Bank Negara Malaysia.

However, there is a set back with SMS Alert. Did you know that in accordance to BNM guidelines, we, credit card users are only liable up to RM250 for fraud related transactions. Some greedy banks are taking opportunity of the SMS Alert to go around this maximum said liability amount. For example, in OCBC Premier Voyage MasterCard Product Disclosure Sheet, the following is stated:

You should enable SMS notifications and make sure that you update OCBC as soon as you change your mobile phone number. If you receive any SMS notification which does not correspond to your usage of OCBC Premier Voyage MasterCard, you must notify OCBC immediately at +60383154288 to block usage of your OCBC Premier Voyage MasterCard. If you fail to do so you will be liable for all losses.

Read the above again, OCBC states you must notify them immediately or else you will and not you may be liable for all losses.

So I guess if you own an OCBC Premier Voyage MasterCard, your mobile phone should be next to you at all times (even while you are shitting) and make sure that your phone SMS tone is loud enough to wake you up from dreamland; so that you can notify OCBC immediately of any fraudulent transactions, hahaha.

Last but not least, I have posted at my Facebook Page back in November 2015 (click here) a Police Warning not to return calls to unknown overseas number. Best you sign up as a Follower of my Facebook Page as I often will post important community service messages for the benefit of all. Actually, 99.9% you are sure to learn a thing or two (or maybe nothing) from all my articles – that’s if you read them carefully and look for the coded messages and can absorb the freaking huge amount of text, hahaha.

RFID Blocking Wallet for Visa PayWave and MasterCard PayPass

Many years ago I warned my readers at my first blog called My Credit Cards about the danger of having a contactless/wireless payment card (i.e. PayWave or PayPass card) where info stored in the card can be easily stolen with a RFID reader.

Go google – RFID Credit Card skimming for more info.

However, years back, only a handful of credit cards come with the Contactless Payment feature. As of date (August 2016), only 2 of my Malaysia issued credit cards have the contactless payment features, i.e. RHB Platinum Visa and UOB PRVIMiles. None of my Premium Cards has it (e.g. Alliance Bank Visa Infinite, CIMB WMC & VI, Maybank 2 Cards Premier and UOB Visa Infinite-P. Click here to see my credit card collection in 2015.

Having said the above, more banks are now issuing Debit Cards and Credit Cards with the Contactless Payment feature (for example, Maybank’s Debit Card) and more merchants are allowing their customers to pay by using it (for example McDonald’s).

In my case, as you all know I am ultra “kiasu”, I have a RFID Blocking Wallet to keep all my Australia Bank issued Debit Cards and Credit Card as all of them come with PayWave or PayPass feature. Click here to see my Australia Credit and Debit Cards in 2014. Since then, I have been issued a new CitiGold Debit Card that comes with PayWave and I have also added a couple more Debit Cards.

The first few RFID Blocking Wallets were made from metal (mostly aluminum) and were bulky. Nowadays, we can get slim leather wallets with RFID Blocking feature. Go google RFID Blocking Wallet Aluminum and then Leather.

RFID Blocking Wallet

GenX 25 A Credit Card Tutorial by GenX

facebook logo.jpg Click here t o GenX GenY GenZ Facebook Page

GenX Credit Card Tutorial

Click here to my  Credit Card Tutorial Page/Menu for your next FREE lesson.