Details of 25,000 S'pore credit cards allegedly leaked online, India-based research start-up claims

MAS said it is closely monitoring cyber threats.

Belmont Lay | March 07, 2020, 03:49 AM

Details of more than 25,000 Singapore credit cards have been leaked online, the South China Morning Post reported on March 6.

The supposed leak was uncovered by an India-based cybersecurity start-up Technisanct.

In total, hundreds of thousands of credit card details from at least six Southeast Asian countries have allegedly been leaked.

These details supposedly included "a huge volume" of CVV and PIN, referring to the card verification value and personal identification number.

Technisanct went as far as to say that a series of data breaches involving credit card details issued by top banks in Singapore, Malaysia, the Philippines, Vietnam, Indonesia and Thailand have been found.

The danger of the leak stems from many systems in existence today that do not require a one-time transaction password for the cards to be used.

Financial losses to the owners of the cards occur as anyone with access to those details can carry out unauthorised usage.

The Philippines worst hit

Credit card holders in the Philippine were the worst hit, with 172,828 cards breached.

Malaysia and Singapore had 37,145 and 25,290 cards breached respectively.

In the past week, even more cards available for sale from these six countries have been identified, Technisanct said.

The Computer Emergency Response Team (CERT) in each country that handles cybersecurity incidents, have been informed and advised to take action by Technisanct.

But not all responded.

MAS responds

In response to the story, Monetary Authority of Singapore told SCMP it was constantly monitoring cyber threats.

MAS said cyberattacks are monitored as they may result in payment card fraud.

This is done as part of the surveillance carried out.

"We note that security vendors have reported a rise in incidents of data theft internationally, including loss of card details from compromised e-commerce websites,” a MAS spokesperson told SCMP.

MAS added that it had strict requirements for financial institutions in Singapore to implement information technology controls to protect sensitive information from unauthorised disclosure.

It said: “Card issuers have well established processes to handle credit cards whose details have been leaked. Card issuers have also put in place real time fraud monitoring to detect and block suspicious transactions promptly.”

Top photo via Pixabay