Man in Singapore in row with bank over hacked phone | Inquirer Technology

Man in Singapore in row with bank over hacked phone

/ 11:51 AM January 27, 2016

man hacked phone

Philip Loh had his phone hacked into and credit card details stolen last year, with six flight tickets costing $12,327 being bought in Eastern Europe. He appears to be the victim of a malicious program that the public was warned about last month. The Straits Times/ANN

SINGAPORE—”System update in progress. Please wait,” read the prompt on Philip Loh’s Samsung Galaxy Note 4 smartphone last September. Thinking nothing of it, he went to bed.

Meanwhile, hackers got hold of his credit card details. Six flight tickets were purchased in Eastern Europe—from countries including Russia, Estonia and Latvia. The total price was $12,327.

Article continues after this advertisement

Now the 47-year-old first aid trainer is entangled in a dispute with United Overseas Bank (UOB) as he tries to get the charges waived.

FEATURED STORIES

The bank, which insists its security system was never compromised, is asking him to pay $5,000 of the $12,327, having reduced the amount out of goodwill, or it would take legal action, said Loh.

“How can I pay for something I didn’t purchase? I’ve never even visited those countries before,” he told The Straits Times.

Article continues after this advertisement

When he woke up on Sept 30 last year, his phone was still “updating”. He forcibly rebooted it by removing the battery, only to find SMS alerts from UOB on the purchases, as well as the one-time passwords (OTPs) used to authenticate them.

Article continues after this advertisement

Shocked, he canceled his credit card before going to the police and Consumers Association of Singapore (Case) for help.

Article continues after this advertisement

Loh appears to be one of the victims of a malicious program that the Association of Banks in Singapore (ABS) warned the public about last month. He insists he has entered his credit card details on his phone only twice or thrice in the past year—to buy movie tickets online.

He was told by the bank that one of the reasons the payments could not be waived was that they were made under the “3D secure payment system”—which authenticates online transactions by sending an OTP to the customer’s cellphone. The Straits Times understands that because the hackers obtained the OTPs, the payment system was not compromised.

Article continues after this advertisement

UOB said: “We review each customer dispute case thoroughly and take into account a number of contributing or mitigating factors. These include whether a customer had provided his credit card information on a phishing site or if transactions were authorized with an SMS OTP. In this present case, the bank’s security measures were not compromised.”

An ABS spokesman said that in some reported cases, consumers provided their credit card information on websites without checking if they were legitimate. “These allowed hackers to ‘take control’ of their smartphones to perform fraudulent online transactions.”

Case executive director Seah Seng Choon said banks need to keep in mind shifting security vulnerabilities. “If a third party can hack into the system and perform transactions in this manner, it shows that the system needs to be reviewed to protect consumer interests.”

Information technology lawyers said crooks are starting to get the better of two-factor authentication systems. “The question is: Is it fair for consumers to bear the liability when it is the system that has been compromised by hackers?” said lawyer Bryan Tan.

RELATED STORIES

Rebekah Brooks bailed after phone-hack arrest—spokesman

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

UK spies can hack smartphones—Snowden

TOPICS: bank, device, hacking, Man, phone, Singapore, technology
TAGS: bank, device, hacking, Man, phone, Singapore, technology

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.