SINGAPORE — In what is believed to be a case of data theft, online shopping and shipping portal comGateway has made a police report after it was identified as the “common point of purchase” for credit cards here that were recently hit by a wave of unauthorised charges.
comGateway Chief Executive Officer Danny Lim said the company was on Feb 11 notified by banks of the issue and it made its police report the next day.
Last week, customers of at least four banks — Citi, DBS, UOB and OCBC — had come forward to say they had been hit by unauthorised credit card charges from a Taiwanese merchant, though they had no dealings with that firm.
TODAY understands as many as 90,000 credit card details may have been compromised, of which close to one-third are believed to be from Singapore.
comGateway, which launched in 2005, reportedly has about half a million registered customers in Asia. Responding to media queries, Mr Lim said the company had notified affected parties and taken all necessary measures to address the matter.
“In compliance with Payment Card Industry (PCI) standards, we immediately engaged an approved forensics consultant to review and scan our systems to ensure optimum security levels were in place,” he said.
The Monetary Authority of Singapore (MAS) yesterday said comprehensive security measures for payment cards in Singapore were in place, but payment transactions also involve parties other than regulated financial institutions — such as merchants — and data theft can occur at these entities.
“Preliminary investigations indicate that this was the case in the recent incident of unauthorised online purchases charged to Singapore payment cards,” it said, adding that there has been a rise in incidents of data theft and fraud involving payment cards in many jurisdictions around the world.
The authority also said there had been no evidence to date of a breach of payment security among banks in Singapore. The measures rolled out to improve credit card security include the introduction of EMV chip cards in place of magnetic stripe cards and the implementation of the One-Time Password system to authenticate customers before online transactions with participating merchants are approved.
Contacted about the developments yesterday, a DBS spokesperson said customers who have previously made transactions with comGateway could contact the bank for a replacement card “for a peace of mind”.
Citi Singapore’s Head of Corporate Affairs Adam Rahman said: “Arising from last week’s incident, the card associations have provided us with a list of all credit cards that are likely to be compromised. We are reaching out to our customers via SMS and have started replacing the affected cards. We further seek to assure our customers that our systems are safe and all customer data is secure.”