Bank to check suspicious card transactions

The Hong Kong Monetary Authority said Standard Chartered is required to conduct a thorough investigation following dozens of complaints from the bank's credit card holders that their data had been stolen for unauthorized transactions.

The theft came after cardholders received phone messages of unauthorized transactions, each amounting to a few US dollars.

The bank said late Wednesday there was no evidence of data leakages and that it would arrange for refunds to be made for all confirmed unauthorized transactions.

It advised customers that "it is not necessary to contact our call center or visit SC Mobile in a rush."

The financial watchdog said cardholders are not liable if they have not committed any fraudulent or grossly negligent acts.

It has asked the bank to take measures to protect the interests of customers, strengthen communication and thoroughly investigate the matter.

The authority has received 348 complaints about unauthorized credit card transactions this year, more than last year's 329.

The Consumer Council also received four complaints on Tuesday and Wednesday and is liaising with the bank.

Data scientist Wong Ho-wa said the cause might be due to data leakages or hacking, and the bank needs to investigate further even if there was no evidence of leakages.

He believes the incident may have affected at least 10,000 customers.

Apart from locking an account due to suspicious activities, Wong suggested customers monitor credit card transactions involving small amounts.

Former deputy Democratic Alliance for the Betterment and Progress of Hong Kong spokesman on financial affairs Danny Chan Chung-cheung said the transactions involve a process revolving around three credit card details: a 16-digit card number, an expiration date and a three-digit security code.

Chan said: "Hackers use a program to match the three sets of data, and confirm the success of their attempts through small amounts in online transactions."

After confirming the three sets of data match up, Chan said, hackers may make transactions involving larger sums, usually to buy bitcoins.

However, he added that since large transactions generally require a real-time password sent to the cardholder's phone, it is unlikely that there will be larger losses.