Customers report unauthorised charges on iTunes
Screen grab of Apple's iTunes website.
SINGAPORE: Credit card customers in Singapore have reported suspicious transactions charged to them through iTunes, an online Apple application store.
Their fear is that someone had hacked into their iTunes account, or that their credit card information had been compromised.
Some of these transactions can be traced to places such as China and Luxembourg.
At least six customers told Channel NewsAsia that they've been affected.
One reported unauthorised transactions of up to S$7,000.
Customers of several banks, including DBS, UOB, Standard Chartered and Citibank, reported similar experiences.
One of those affected is Ms Ong, who said she had not used her iTunes account for two years. Her credit card bill dated February showed that she had spent S$266 for two transactions.
"When I called the credit card company and asked whether there are similar case ongoing, they couldn't quite give me an answer. They actually mentioned that they can terminate my card and issue me a new card. At the same time, they can conduct an investigation but it will take 60 days. So, in the meantime I don't really need to make payment for these two unauthorised transactions, but I have to wait till 60 days later for the report to be out," said Ms Ong, a customer of Standard Chartered Bank.
Ms Ong added: "If they found out it's an unauthorised transaction, then of course they will waive the charges. But let's say, if Apple is unwilling to acknowledge this and insists on billing the customers, then the credit card company will have no choice but to bill me the sum, which I'm quite concerned with because according (on) a lot of online forums, I read that according to the US and UK customers, they're actually charged for the amount because Apple company just refused to acknowledge this unauthorised transaction."
One security expert explains how one's iTunes account may have been hacked.
Ngair Teow Hin, chairman, Security & Governance Chapter, Singapore Infocomm Technology Federation, said: "If I want to steal some goods and things with value, I would go for iTunes. If I want to use someone's credit card numbers or someone's account to purchase something so that I can use them, so I can benefit from them.
"If I go to Amazon and buy a book or buy a music CD, I need an address. The goods has to be delivered to me and it makes it a lot easier for the Police, the investigator to find out who I am, where I am and catch me.
"If I want to avoid detection, I will use iTunes to purchase things like music, applications and so on. I only need Internet access, I can be anywhere.
"For people who have their iTunes account being hacked, the usual case is you receive an email that seems like it's coming from Apple.com. You click on a web link and they ask you for your Apple ID and you happily type in your Apple ID and the Apple ID (goes) to the hackers and now they can use your Apple ID to log into your account and purchase anything they want."
One of the affected banks, UOB, has investigated the unauthorised transactions and has reimbursed the full amount to its customers.
Others like DBS Bank and Standard Chartered Bank, advised customers to opt for SMS alerts for all their credit card transactions as an additional defence against fraud.
UOB has urged customers to check their credit card statements for any unauthorised charges.
For safer shopping online, it urged consumers to transact with merchants who have robust security measures in place.
DBS Bank said it has adopted a multi—layered approach to safeguard cardholders from potential credit card fraud.
It sends SMS alerts for credit card transactions above certain pre—set threshold amounts, as well as for first time card usage.
Other than monitoring credit card transactions in real time for unusual or suspicious transactions, DBS sends a one—time password to the mobile phone of the customer who makes online purchases at merchant sites that adopt the 3—Domain Secure protocols by Amex, VISA and MasterCard to authenticate online card transactions.
DBS said cardholders should remain vigilant against card fraud, especially as more turn to shopping online.
Customers should ensure that they're making the purchases from a reputable online store with secured transaction capabilities.
Standard Chartered Bank said it has a security system for Internet transactions called 3D Secure. It also has a dedicated team that monitors and identifies any suspicious transactions on a 24/7 basis for credit card transactions.
— CNA/ck