So it came to be, after so many years, that a credit card fraud happened to me. The card fraud itself is not much of a story to tell. But there are other things about it that are interesting. Hence, my two cents about it in this post.
First, about the fraudulent charge itself. I was notified via SMS of a credit card transaction. It was from PayPal. The amount wasn’t very large. But of course, it was suspicious, so one shouldn’t ignore it. I didn’t want to quickly jump into conclusion that it was fraudulent, because sometimes, I get the actual credit card charge for something long after I made the transaction. This happened recently, for example, with associated charges for upgrades to a Kickstarter campaign I backed, which finally charged my card many months after the campaign closed. I had completely forgot about the transaction, if not for finding an email confirming that my upgrade items have been successfully paid for.
In this particular instance, however my PayPal account has no record of such a transaction. In fact, the credit card in question was never provided to PayPal. I checked my email, and there was nothing about the said transaction either.
More interestingly, I almost never use this credit card. I got it only because of some associated benefit I wanted out of the card. I didn’t actually have to use the card. So it was very curious that the credit card details could have been gotten and used fraudulently.
I did ever use the credit card only two times. Once, at a very respectable establishment in Singapore. Secondly, online, for an insurance product from the card issuing bank itself, which, in this case, is DBS. My card number has never been provided to anyone else before. I am quite sure, simply because I never really intended to actually use the card. I don’t even carry it with me. It is safely locked up in a secure place.
So this is rather curious, it seems? Was there a leak at that rather respectable establishment in Singapore, or perhaps there was a leak at DBS itself?
The charge coming from PayPal likely meant this was likely some kind of online transaction. There should have been an OTP required for such transactions. There was none. Whether it was via SMS or through DBS’ mobile app, I did not get anything. I don’t know why, without a transaction OTP, DBS would have accepted such a credit card transaction. Was the transaction amount small enough that DBS didn’t care to require OTP verification?
The fortunate thing for me was that DBS did send a SMS notification of the transaction. This is a great reminder of how important it is for banks to always send transaction notifications. They should do it every time. This is so that customers have the earliest opportunity to be made aware of suspicious activities happening to their accounts.
Getting notifications via the banks’ mobile apps would be great. But the situation is that most notifications are still going to come by SMS. So this reinforces another important point for me. When travelling, always make sure you have roaming for your Singapore phone number, so that you continue to receive SMS notifications.
Many of us travel overseas thinking to buy a local SIM at the destination to use. This is fine, per se, but please make sure your Singapore SIM also roams so you still get SMS texts. Either have a dual-SIM phone, or have a second phone, for your Singapore number. Otherwise you may be in for a rude shock upon your return to Singapore to learn of all the SMS texts that you’ve missed.
Still, also, make sure that the phone with your banks’ mobile apps have data, so that any app notification will also get through. The whole point is that you want to be alerted early enough to any suspicious activities. You can help stop the fraud right away if you watch all transactions.
Thankfully, with banks now mostly having a dedicated fraud reporting hotline, I had little difficulty reporting this incident to DBS. Considering that my card was only used twice ever, I am seriously very curious about how the leak happened. Unfortunately, I don’t think the bank will care much to investigate.