SINGAPORE — Singaporean doctor was surprised to discover that her credit card details were still being used to make payments to AirAsia, even after she had attempted to block and replace her card two more times in an effort to stop these transactions.
The case contributes to the increasing number of reports by credit and debit cardholders in Singapore and internationally regarding fraudulent use of their card details to purchase services from legitimate companies such as OpenAI and Apple, while similar scams targeting Android users have also prompted a warning from the Singapore Police Force.
According to The Straits Times, the incident involved Dr. Zena Lim, an ophthalmologist who replaced her card after noticing that AirAsia had charged her UOB credit card for two transactions totaling over $1,060, which she did not authorize.
In total, over $3,600 in Malaysian ringgit and US dollars were taken from her bank account through six unauthorized payments, with four of them made to AirAsia.
While UOB has reversed the unauthorized payments from Dr. Lim’s account, the mystery remains unresolved. She has reported the matter to the Monetary Authority of Singapore (MAS) and the police.
Expressing her frustration, Dr. Lim questioned how it was possible for the same merchant to charge three different card numbers over a span of nearly two months without requiring authentication.
Merchants have the option to activate 3D Secure authentication, an additional safety feature that prompts customers to enter a password or code sent to their phone by their bank before a payment can be made.
She remains frustrated by the lack of answers regarding how this could have happened.
It should be noted that the only instance when Dr. Lim purchased an AirAsia ticket was when she bought her helper’s air ticket through eNets debit on her computer, using her DBS bank account.
A spokesperson from UOB (United Overseas Bank) mentioned that the bank has provided assistance to Dr. Lim and will support the investigation as needed.
The bank also emphasizes the importance of customers being vigilant about the security of their physical and digital cards, advising against sharing card and banking details with anyone, including family or household members.
The UOB spokesman said the bank has lowered the default threshold limit for all its card notification alerts to $500 as a preventive measure to help fight against card fraud.
As a preventive measure against card fraud, UOB has lowered the default threshold limit for all its card notification alerts to $500.
Additionally, customers have the option to adjust their threshold limit to nominal amounts through UOB Personal Internet Banking. This enables them to receive notifications for any transaction made on their accounts.
Regarding AirAsia, the airline’s support page stated that redit card fraud is a global issue affecting various industries, including airlines.
The statement emphasizes the importance of immediately contacting the bank to block the card if fraud is suspected, and also urges individuals to reach out to AirAsia through their guest support channels for a prompt internal investigation into the matter.
Increasing number of similar fraud
In 29 May, content creator Daisy Anne Mitchell posted on TikTok that she lost $205 over eight days through 28 small transactions, including charges of $1 and $3, made from her POSB account to Apple.
Recently a preschool teacher also shared to TOC that she fell victim to a sophisticated malware scam, resulting in an unauthorized transfer of S$4,400 from her POSB Bank account to an unknown UOB account via the PayNow platform, possibly originating from a suspicious app she had downloaded two months prior.
The Singapore Police have issued a warning to Android users after at least two individuals lost an aggregate sum of S$99,800 from their Central Provident Fund (CPF) savings due to a new kind of malware scam in June.
In Singapore, banks are not required to compensate victims of online bank fraud. In January last year, OCBC reimbursed S$8.5 million (US$6.3 million) to 469 customers who fell for an SMS phishing scam in December 2011 out of goodwill.
In the United Kingdom, banks are required by legislation to compensate victims’ losses for transfers made due to APP scams (Authorized Push Payments). This applies in cases where users at a business send money to a bank account controlled by fraudsters.
According to a spokesperson from the Monetary Authority of Singapore (MAS) in June, customers cannot be held accountable for unauthorized transactions if merchants have not implemented one-time password authorization for online card transactions.
However, it is the responsibility of merchants to enable 3D Secure (3DS) authentication, an extra measure that mandates customers to input a password linked to their card or a code sent to their phone via the bank’s website before completing a payment.