Janice found a cleaning services advertisement on Facebook and contacted them via WhatsApp. Following instructions, she downloaded an app and attempted to pay, but it failed despite entering her personal and banking details. Later, Janice discovered five unauthorised transfers totalling RM35,000 in her internet banking account and reported it to the bank. The bank rejected her claim, citing that the fund transfers were executed with a valid username, password, and OTPs.

OUR FINDINGS

The bank’s SMS records showed that OTPs for the disputed transactions were sent to Janice’s registered mobile number, and the transfers were authenticated using these OTPs. Post-transaction notification SMSes were also sent to Janice’s phone after the transactions. However, Janice claimed she did not receive any OTPs. Unfortunately, the bank’s attempts to recover the funds from the beneficiary’s bank were unsuccessful, as the funds were withdrawn before Janice reported the incident.

The malicious app Janice downloaded allowed the scammer to access her phone data, including the bank’s OTP SMSes, enabling the transactions without her knowledge.

OUTCOME

From the facts, the case manager opined that the bank should have detected the unusual pattern of multiple transfers to the same beneficiary within a short time. This warranted suspicion, and the bank should have prompted a verification call.

On the other hand, Janice is responsible for ensuring the safety of applications before downloading them onto her mobile phone. She should stay cautious and exclusively obtain or install applications from approved or secure platforms.

The bank agreed with the case manager’s findings and refunded a portion of the loss. Janice accepted the bank’s offer, and the matter was resolved amicably.