Promptness matters in case of a bank fraud

With the unfortunate news of customer data as well as patient information leaks plus massive ransomware attacks against companies here, 2021 is indeed a challenging year for Thailand in terms of cybersecurity. Money withdrawn without knowledge is the most recent incident.


While government agencies and the banking sector are currently investigating the method done by cybercriminals to make this malicious activity possible, we at Kaspersky would like to share some quick steps for consumers who may be affected by an incident like this.


1. Promptness is what matters

It applies to any bank in the world: the faster you react and prove that there was a hack, the better the chance that you will have to get your money back. In order to succeed, you need to be notified of unsolicited transactions ASAP, ideally via SMS notifications. Daily e-mails on an account status are also OK. Scrupulous tracking of monthly bank reports is a last-resort measure if you’ve got no better options.


2. All types of insurance will do

Each extra level of protection makes it harder for scammers to reach their goal, and ultimately minimizes your losses. For this reason, you should enable 3D-Secure (MasterCard SecureCode, Verified by Visa) for all online payments and two-step authentication in your online banking tool, choose terminals with chip and PIN support and say no to those requiring only a swipe and signature.


Do online payments only on secure Wi-Fi networks and install a robust antivirus solution on your PC. Additionally, insurance would also help: such products can be activated together with any banking card.


3. Precaution is not a cure-all

Unfortunately, scammers’ wellbeing directly correlates to their ability to bypass all security measures that may be in place. That’s why all of the measures described above cannot fully protect you. The most effective way to say goodbye to your hard-earned money is by withdrawing cash in ATMs with scamming software installed by culprits, or by executing online payments on a compromised machine. In the first case, the criminals would duplicate your card credentials to withdraw cash. In the second case they will spend your funds online.


As we have learned this year, paying with your credit card at large retailers can be potentially dangerous, if a special Trojan has infected their systems. This specifically applies to many retailers because often they use outdated POS terminals.


There is one more option that cannot be ignored — a leak of payment data from one of the online merchants. Even with 3D-Secure card enabled, but a criminal could have somehow managed to track down the shop, which used an outdated processing system with no support of 3D-Secure, and therefore charged the victim’s card.


To minimize risks, it is also best to not store your financial credentials with merchants.


4. Block the compromised card as soon as possible

As soon as you have confirmed that your card details have been compromised and malicious transactions have been done on your behalf without your knowledge, quickly report to your bank and have your card blocked. This is because someone who stole your card credentials can also resell it to various people (presumably in the form of a database with thousands of other card credentials), particularly in the dark web.


5. Always have a plan B

And plans C, D and E also would be useful. Many victims have lost a good deal of money. Some of them have even faced this situation while on vacations, and then simply had nothing left to cover any immediate expenses like food or fares.


In order to avoid such situations, you’d better have a minimum of two or, even better, three or four cards. Use different payment systems, have cards issued by different banks, and distribute your budget evenly. One dedicated card should be used only for online payments and you should avoid storing large sums on it. One convenient option is virtual cards issued by many banks specifically for online payments.