Friday, January 06, 2012

Asia's safest bank DBS got hacked, now no longer the safest


So Asia's safest bank and the pride of Singapore, DBS just got hacked. As of 8pm Thursday, about 200 customers have informed the bank of unauthorized withdrawals made in Malaysia through their DBS/POSB ATM and debit cards. This is the largest case of bank fraud in Singapore with about $200,000 of unauthorised withdrawals made. It's still early days but I suspect many more people in Singapore are affected.

Official statement from DBS: "Any customer who believes their ATM/Debit card(s) may have been compromised, should contact the bank immediately on 1800-220 1111 or visit any DBS/POSB branch. We are treating the matter with utmost priority and would like to assure customers that they will be fully compensated, for any fraudulent transactions, within 24 hours of notifying the bank.

Investigations are currently underway and we have started to proactively contact all customers whose account transaction history indicates that there has been an ATM transaction made in Malaysia, over the past few days, to double check and confirm that indeed such an ATM transaction was made."

It is not known how the people behind these unauthorised withdrawals carried out their actions. How do you withdraw money using the ATM when you don't have the person's ATM card and PIN number? Strange but very worrying.


It's funny that DBS prides itself with being the safest bank in Asia. Oh btw, they were named Safest Bank in Asia by Global Finance three years running in 2009, 2010 and 2011. I guess they can forget about calling themselves the safest bank in Asia after today when all the aunties and uncles storm into the DBS and POSB branches to withdraw all their savings from their accounts and keep their money under their pillows instead. Asia's Safest Bank? Not anymore.

Update: Here's a video of the Ch 5 news report. (Thanks Mr Big)

Update: This is how the unauthorised withdrawals looks like on your bank records. (Thanks Andrew Y)


The $5 is the transaction fee because the money is withdrawn in Malaysia.

Update: DBS says "Hi" to me on Twitter after I tweeted that someone from DBS was reading this blog post. (Thanks Pricias)


They want me to follow them on Twitter but I don't like to follow someone who will only be on Twitter on Mon-Fri, 9am-6pm. Heh. Maybe they don't pay the poor chap overtime.

Update: POSB and DBS Bank customers rushed to check their bank accounts this morning. One lady even de-activated her ATM cards linked to bank accounts with larger amounts. (Thanks Shy)

Update: Another example of bank transaction record showing unauthorised withdrawal. (Thanks Rickie)

In this record, you can see that cash was withdrawn from a place called City Bazaar which I checked is the largest bazaar in Malaysia. It is located in Kuala Lumpur.

Update: Affected DBS and POSB cardholders are advised to lodge a police report via the Electronic Police Centre or at any neighbourhood police centre. Include the date, amount, location and transaction description for each unauthorised withdrawal. (Thanks Ang)

UpdateLong queues at POSB and DBS branches islandwide on Friday morning.

Update:  An overseas banking security expert tells me unauthorised DBS and POSB withdrawals could be due to mass ATM skimming or even something more serious like an insider job but Agagooga says on Twitter that we have anti ATM skimming devices installed on ATMs in Singapore. On its website, DBS says they have installed card security devices throughout its ATM network.

No comments: