Share This

Showing posts with label bank. Show all posts
Showing posts with label bank. Show all posts

Saturday, June 22, 2024

Millions stolen from bank with insider help; Theft prompts security review

KUALA LUMPUR: The suspects linked to the siphoning of millions from a bank targeted their victims based on insider information, says Bukit Aman.

Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf (pic)said the group stole the money in stages after they had identified high-value account holders.

“The money was taken out via the bank counter and the first one was conducted around April. Several more were done in May and June.

“With inside help, the money was taken out according to bank procedures. The case only came to light after an account holder went to the bank to update details,” he said at a press conference yesterday. 

He said it was possible that syndicate members who were working in the bank also directly facilitated the transactions.

Among those caught included a bank manager.

Investigations showed that the mastermind had expertise in forgery and the syndicate members would use forged identifications to take money out of targeted accounts. 

“The details would be the same but the photo and thumbprints would be changed,” he said, adding that forged documents were then used to facilitate the money transfers.

Meanwhile, another case has been detected, with losses involving RM551,000.

“This was done at another bank earlier in the year and we are also investigating that case,” he said.

When contacted, Comm Ramli said 13 people, including four bank employees, were detained recently in connection with millions of ringgit that vanished.

Arrests were mostly made in Kota Kinabalu with one suspect caught in Padang Besar, Perlis.

The case is currently being investigated under Section 420 of the Penal Code for cheating.

“The involvement of bank personnel in commercial crime is a very serious matter.

“In the past, we have encountered cases where bank personnel were complicit in crimes such as criminal breach of trust or embezzlement.

“There are also those who were in cahoots with theft or scam syndicates,” he said.

Comm Ramli urged financial institutions to improve their security such as tightening procedures or imposing stricter measures in regard to withdrawal from accounts.

“Such measures are necessary to prevent theft or missing funds from customers’ bank accounts.

“We feel that improvements are needed for the sake of the account holders,” he said.

From 2022 to June 15 this year, a total of 485 cases of missing funds from bank accounts have been recorded involving RM35.01mil in losses.

“From the overall statistics, this year alone we recorded RM25.76mil in losses and 65 cases.

“The highest number was 225 cases last year, but it involved only RM4.82mil, followed by 195 cases in 2022 involving RM4.42mil,” he said.

Besides the involvement of “inside men” in financial institutions, Comm Ramli said another factor that could have contributed to the missing funds was disclosure of banking details to a third party.

“Our investigations revealed that some victims might have intentionally or unintentionally revealed details of their online banking username and password,” he said.

Comm Ramli said scammers are known for using the phishing technique to dupe victims via email or text messages.

He advised the public to stay vigilant and be wary of tactics used by scammers.

Sorce link

Related stories:

Theft prompts security review

RM24mil bank fraud: Inside men picked high-value accounts to hit, says CCID director

Theft prompts security review


d9c10f09-7654-496c-af1e-0af847d1b361

PETALING JAYA: A recent embezzlement case involving bank staff in Kota Kinabalu has sparked calls for tighter security measures in financial institutions.

Universiti Sains Malaysia criminologist Datuk Dr P. Sundramoorthy (pix) said the recent case that saw over a dozen arrested was both concerning and a wake-up call.

“Although the number of wrongdoings and criminal acts by bank employees may be very minimal, it cannot be ignored.

ALSO READ: RM24.2mil fraud: BNM requests prompt refunds to all affected account holders 

“The rakyat, investors and the business community depend on the banks to safeguard their money.

“We don’t have a choice in this matter.

“Banks must aggressively play a role in eliminating undesirable employees,” he said, adding that banks need to invest in internal security and loss prevention departments, even if it incurs costs.

“These departments should have the expertise to detect embezzlement, fraud and misconduct by employees,” he said.

“Security investments are assets, not liabilities.”

ALSO READ: Millions stolen from bank with insider help

Drawing comparison with law enforcement bodies, he added that employees at highly sensitive areas should be rotated to avoid any potential for leakages within the bank, even if they are competent in their jobs.

“This is especially important for positions with access to customer accounts,” he said.

Pre-employment screening must also be done for all employees with regular assessments for those in service, he added.

Duties must also be “robustly” segregated, with dual authorisation practices implemented as well.

“That was a substantial amount of money (lost) and I hope measures will be taken.

“Since it was an inside job, the bank must be responsible for covering every single ringgit and sen that was misappropriated.

“Banks must be proactive and they should work together with the victims and law enforcement to ensure such incidents are reported.

“Employee pilferage is not new but it is also not frequent. We must not tolerate it,” he said, adding that harsh penalties and criminal charges must be meted out on those involved.

Such cases, he said, also affects the credibility of the bank involved as customer confidence will drop.

Previously, Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf said that four police reports were lodged since early June regarding suspicious transactions, with losses estimated to be around RM24.2mil.

As of June 18, the police have arrested 13 suspects aged between 22 and 52 years old.

Four suspects were found to be employees of the bank. 

https://www.thestar.com.my/news/nation/2024/06/22/theft-prompts-security-review

Related stories:

RM24.2mil fraud: BNM requests prompt refunds to all affected account holders


Related posts:


BLACK SHEEP IN BANKS, Employees you cannot bank on, Calls for banks to bolster cyberdefences


Thursday, May 30, 2024

BLACK SHEEP IN BANKS, Employees you cannot bank on, Calls for banks to bolster cyberdefences

Cops believe black-sheep bank workers may be in cahoots with scammers

PETALING JAYA: Scammers posing as bank officials seem to have access to sensitive information, which raises the question: are they in cahoots with black sheep within financial institutions?

These scammers seemed to be aware of the personal and financial information of people they target, using it to convince victims into buying into the ruse and parting with their funds.

Victims in several reported cases said the scammers appeared to be aware of details of their account balance and other data that was only known by their financial institutions.

Bukit Aman Commercial Crimes Investigations Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf said while scammers usually “fish” for information and adopt various deceptive tactics to hoodwink their victims into sharing information about themselves, police do not rule out the possibility of bank employees colluding with syndicates and feeding them such confidential data. 

“We do not discount the possibility and probabilities of such complicity occurring. It can happen in any organisation, even in the police force or other enforcement or government agencies.

“There is probably no organisation that is pristine. There are bound to be bad apples among employees. However, we need solid evidence to prove this,” he told The Star.

ALSO READ : Calls for banks to bolster cyberdefences

Comm Ramli advised the public to regularly keep tabs on their accounts and promptly raise the alarm with the relevant authorities if they discover any discrepancies.

The same scrutiny should be applied by those who own assets such as land or other immovable property, he added.

In November last year, retiree SA Nathan received a call from a scammer who posed as a bank officer, just an hour after he called his bank to enquire about his credit card statement.

Thinking it was a genuine call from the bank, the 95-year-old divulged some banking information and ended up losing RM18,000 that was siphoned off from his credit card.

ALSO READ : Banking industry working with regulators, agencies to enhance customer security

Confused by the whole episode and in an attempt to seek clarification, the nonagenarian referred the scammer to his daughter, Getrude Nathan, 56.

The housewife received a call from the same scammer and was coaxed into revealing sensitive data. She lost RM20,000 that was charged to her credit card.

Depressed and overcome by their losses, Nathan who was in ill health at the time, passed away weeks later when his condition deteriorated.

In February, a 51-year-old man was puzzled as to how scammers found out about cash deposited into his bank account just days after he made a withdrawal from his Employees Provident Fund (EPF) account.

Fortunately, the man was suspicious and hung up.

ALSO READ : Bank Islam stops 1,632 fraudulent transactions, nearly RM11.7mil saved in four months

In March, two bank officers were arrested by Selangor police for allegedly aiding a scam syndicate in an online fraud. The duo allegedly supplied the scammers with dozens of mule bank accounts meant for moving funds from victims.

In 2014, a bank officer and her husband, both aged 34 at the time, were arrested and charged with fraudulently withdrawing almost RM78,000 from bank accounts belonging to three passengers and a crewmember of the ill-fated MH370 Beijing-bound flight that went missing on March 8 the same year.

Nur Shila Kanan, who was an employee of a bank at Lebuh Ampang, Kuala Lumpur, had transferred the funds to several other accounts before making withdrawals.

She was sentenced to six years’ jail while her mechanic husband Basheer Ahmad Maula Sahul Hameed received a four-year jail term and ordered to be whipped.

ALSO READ : What is vishing? New scam is making the rounds and you’re likely a target

The Association of Banks in Malaysia (ABM) said banks implement regular audits to examine transaction records and internal activity by employees while ensuring compliance with regulatory requirements.

ABM said these audits do not only identify potential security vulnerabilities but also ensure that bank staff observe statutory protocols.

It said upon employment, bank staff are bound by Section 133 of the Financial Services Act 2013 and Bank Negara Malaysia’s Management of Customer Information and Permitted Disclosures Policy Document. They are trained to uphold banking secrecy and possess knowledge on information security risk.

ABM also said access to personal customer information is strictly controlled and only limited to employees who require it in the course of performing their official duties.

It added that access is granted on a “need to know” and “need to use” basis to authorised personnel, who are subjected to strict authentication processes.

“Employees are granted access only to the specific systems and data needed to perform their job duties.

“Among the authentication procedures are the use of unique usernames and passwords to verify the identity of staff members.

“Comprehensive logging and monitoring systems can track and oversee when and who accessed sensitive or a specific data.

“These permissions are regularly reviewed and updated.

“Banks continuously monitor user activity within their systems, including tracking login attempts, accessed data and account modifications.

“All actions involving customer data are meticulously logged and recorded in audit trails, ensuring accountability. Such access to data is revoked when the bank staff is reassigned to other sections or leaves the organisation,” an ABM spokesman said.

It said banks also had whistleblower programmes where employees are encouraged and can anonymously report any suspicious activities or potential collusion with shady parties.

The spokesman said such reports are treated seriously and thoroughly investigated.

Source link 


Calls for banks to bolster cyberdefences

PETALING JAYA: With rising cases of online fraud and unauthorised access of personal data, financial institutions should upgrade their security systems and engage cybersecurity experts to address such threats, said criminologist Datuk Dr P. Sundramoorthy.

He said apart from rogue bank officials complicit with scam syndicates, the other threat to sensitive data leakage are online hackers.

“Crime prevention initiatives and strategies do come with a cost. However, the mid-term and long-term benefits will eventually outweigh this cost.

“Banks must prioritise security and protect its customers by all means before more fall victim,” said Sundramoorthy, who is with Universiti Sains Malaysia’s Centre for Policy Research. 

He said securing confidential information by having a comprehensive and multi-layered approach to cybersecurity and data protection is a primary security step banks should adopt.

He said there are several ways banks can help protect the personal financial data of their customers such as strong encryption, secure servers, firewalls and keeping software up to date to prevent data breaches.

Sundramoorthy told The Star that strict policies and regulations restricting access to customer data should be a bank’s priority.

He said banks should also limit which employees can access sensitive customer information and have strict data access policies in place.

“They must have a system using multi-factor authentication. There should be multiple steps to verify a user’s identity, such as a password plus a one-time code, making it harder for unauthorised access. There must also be frequent and consistent monitoring of transactions and accounts, alerting customers promptly if any suspicious activity is detected,” he stressed.

Sundramoorthy said banks should also constantly educate its clients on online security, to identify scams and other measures to protect their data and not solely rely on law enforcement to keep the public in the know.

Certified fraud examiner Raymon Ram, who specialises in financial forensics and fraud risk management, said the recent arrest of two bank officers who allegedly aided a scam syndicate underscores the importance of cybersecurity protocols.

The bank officers were nabbed in March for aiding a scam syndicate in online fraud.

Selangor police believe they supplied scammers with dozens of mule bank accounts meant for moving funds from victims.

Raymon said while banks in Malaysia had stringent security protocols to protect customer’s data, the case proved there were vulnerabilities that can be exploited through insider threats, corruption or online hacking.

“The risk of corruption and hackers exists and cannot be entirely discounted. Continuous improvements in cybersecurity protocols, adherence to standard operating procedures and rigorous enforcement of the Financial Services Act (FSA) 2013 are essential to mitigate these risks and maintain public trust in the financial system,” Raymon said.

He said the Personal Data Protection Act (PDPA) 2010, guidelines from Bank Negara and the FSA collectively provide a robust legal framework to safeguard customer data. He said the FSA mandates strict regulatory compliance, internal controls and oversight mechanisms to prevent misuse of information and ensure accountability within financial institutions.

Related stories:

Banking industry working with regulators, agencies to enhance customer security

Bank Islam stops 1,632 fraudulent transactions, nearly RM11.7mil saved in four months

What is vishing? New scam is making the rounds and you’re likely a target

Own a SME? Here’s 4 things you need to know about cybersecurity

‘Cyber security’ announcements to support AI framework

Cybersecurity reality check: How prepared are M’sian companies at warding off attacks?

Wednesday, May 3, 2023

Fighting chance to beat scammers

CLICK TO ENLARGE 

 CLICK TO ENLARGE


KUALA LUMPUR: The idea of adopting a 48-hour “cooling period” when money above a threshold is transferred to new bank accounts might give scam victims enough time to pull their money back from the brink before it reaches the greasy hands of scammers.

Cybersecurity law expert and lawyer Derek John Fernandez said that is one of the ways authorities and financial institutions can stop a financial scam.

He said that as victims usually realise they are scammed after 24 hours, there is another 24-hour window for banks to stop the transaction.

ALSO READ : Cutting off the SMS channel scam route

Fernandez said this is among the immediate measures he has proposed in a 75-page paper to the government on what the authorities can do to protect consumers from financial scams.

The good-funds model, which has a cooling-off period for first-time transactions between individual accounts, is practised in some countries such as Australia to ensure that there is no fraudulent activity before funds are transferred for the first time.

“Such a period will enable a person to inform the bank of a scam transaction to a mule account and stop the payment,” said Fernandez.

“At the moment, in Malaysia, a cooling-off period is only observed for the first-time enrolment of online banking services or secure devices. During this time, no online banking activity is allowed to be conducted,” he added.

Fernandez pointed out that the average consumer is ill-equipped to combat cybersecurity threats and cybercrime by themselves.

He said the country had embraced digitalisation without proper consideration of cybersecurity.

ALSO READ : Large amounts cleared out in minutes

“The true cost of digitalisation has been totally understated because the cost of cybersecurity had not been factored in properly. We have emboldened criminals and given them great opportunities to commit crimes in the safety of being outside our country.

“Now cybercrime is the third biggest criminal activity in the world and is growing,” said Fernandez.

“Those who profit the most from digitalisation should be made to bear the true cost of cybersecurity and the losses that occur due to weaknesses in the technology they used to create those profits.

“The government itself is unable to pay totally for the cost of cybersecurity and those companies who have profited the most from digitalisation must bear a proportionate and fair cost of cybersecurity. They must be made to protect their customers with sufficient resources,” said Fernandez.

A concerted effort by law enforcement agencies, financial institutions and telco service providers to coordinate a rapid response for online financial scams is also the key to enabling vulnerable victims of scammers to at least get some of their money back, said National Anti-Financial Crime Centre (NFCC) director-general Datuk Seri Mustafar Ali.

He said that while educating the public on scam awareness is an important step in mitigating the risk of scams, there are several other robust measures that can be put in place to help prevent scams from occurring.

Mustafar listed the factors as improved legislation, enhanced consumer protection, increased enforcement, stronger cybersecurity and better collaboration between government agencies, businesses and consumers that can help identify new types of scams and develop more effective strategies for preventing them.

“Governments can put in place laws and regulations that make it easier to prosecute scammers and discourage fraudulent activities,” he said.

Mustafar, who also heads the National Scam Response Centre (NSRC), which was set up late last year, added that a proposal is in the pipeline to amend the laws and regulatory mechanisms relating to scam victim restitution, mule accounts and the power of the investigating officer.

“Law enforcement agencies can work more closely with financial institutions and businesses to track down and prosecute scammers,” said Mustafar.

He sees NSRC as the command centre – focusing on online financial scams – to coordinate efforts among law enforcement agencies (NFCC, police, Bank Negara and the Malaysian Communication and Multimedia Commission) together with financial institutions and telco service providers to coordinate rapid response for online financial scams.

“However, there is still much work to be done to combat scams and fraud, shift public attitudes towards greater awareness and caution, improve the efficiency and transparency of the financial system, and take effective enforcement actions against criminals,” said Mustafar. 

 Source link