Just wanted to share my experience with credit card fraud and how Taishin Bank handled it.
Yesterday, I was in the middle of teaching a class when I got a phone call I couldn’t answer. After class, I checked my phone and saw two SMS messages, one asking me to confirm NT$20,000 transaction was mine and another saying a NT$17,000 transaction had failed.
I called the number back, and it was Taishin’s fraud unit. They informed me that my card had been compromised and that there were several other transactions, bringing the total much higher. They immediately cancelled my card and said they’d mail me a new one. At the time, they weren’t sure if I’d have to pay for the transactions (as that person wasn’t the decision maker it seemed), but they said it was unlikely.
Today I was just informed that I won’t have to pay any of them. So far I have been impressed with the way Taishin have handled it.
I’m not quite sure how the details were taken. But one thing is for sure… none of them were OTP authorised.
they went immediately into dispute with the network and they will get the refund (or not) from the merchant/acquirer. If they won’t the money, that’s a goodwill gesture not asking you to settle any of those, which is nice.
Just a general word of advice: Never call back a random number without first verifying it actually belongs to the bank!
It’s a common scam that a “bank employee” (hint: it’s a scammer) might call you informing you about potential fraud - and then proceed to verify your data to “stop the fraud” (hint: so far, there hasn’t been any fraud).
While doing so, the actual fraud will take place: The scammer will now know the necessary details to actually defraud you and might even convince you to generate an OTP (“for security reasons”).
Not saying that this is what happened in this case (unfortunately, some banks’ processes are quite similar to what scammers are doing…) - but it’s happening to other people who receive text messages about apparent fraud and then a phone call from a “bank employee”…
Thus: Always call the bank directly using the number on the card / on the website - never call numbers from text messages or missed calls (unless you’re really sure it’s the right number)!
In this case I could actually see the transactions (not including the failed one) in my Taishin app. (It shows pending transactions immediately)
I also didn’t confirm any OTP codes. Just my ID number and they went through other genuine transactions asking if they were mine.
They didn’t ask for anything else other than reading out my address in the system and telling me my card is now cancelled and they’re sending out a new one.
Yeah - the reason those scams work is that real bank calls might happen in a very similar way - so people get less suspicious if they’re being asked to “verify” their card information.
If the caller already knows your address, that can be a sign that they’re a real bank employee - it can also mean that the scammer did their homework…
Yes, but my card was cancelled as she said it and I got an SMS on my phone it was removed from Apple pay and also it isn’t showing on my Apple pay now.
If it is not 3DS authenticated, ie with OTPs, the liability shifts to the merchant, hence you won’t be liable. Mind that some fees might be held though by the issuer, but should be negligible.
pls do note that in some cases transactions can be 3DS authenticated even without OTPs, it’s an advanced standard of 3DS that make transactions frictionless based on a number of parameters.
I did check the number before calling, and it was indeed Taishin’s fraud center. They went through my previous card transactions with me asking each one and, without needing any extra verification, immediately canceled my card and arranged for a replacement to be mailed.
Had I during the call received an OTP message instructing me to enter it to confirm a 200,000 NTD order and had the Taishin rep urged me to provide that code to “stop the fraud” I would have been far more suspicious.
Overall the problem has been sorted and I don’t need to pay anything.
The same thing happened to me many years ago. One of the self-service pumps at my gas station had been compromised (they run Windows), to their credit they replaced the machines two days after I had settled things with the bank.
It has not been unknown for opportunists to go through the recycling trash looking for Credit Card Statements etc - just be very careful of how you dispose of your trash, and shred stuff that has Names, Phone numbers, Addresses, Account numbers.
Some years back I too got a phone call from my Banks Fraud department after some transactions looked out of place and they rang to check. Transactions not made by me, and in fact i had never used the Card in question as it was my ‘Backup card’ in case my normal one could not be used. Could have been a random number job of course, it has not been unheard of for people to be caught with a bag full of blank (ie - white cards without a brand) cards that may not all be valid numbers either.
