Having cloudynights? Take a sip of coffee and let's chat about other things around us. From food to games, this is for all the off-topic chat.
Post Reply
User avatar
Posts: 1170
Joined: Mon Jul 12, 2010 6:08 pm
Favourite scope: 94.5", f/24 Ritchey-Chretien Reflector
Location: Restaurant At the End of the Universe


Post by cloud_cover »

I think quite a few of us here ship via comgateway.
Be warned that their servers were breached:
DBS called me to tell me there were fradulent transactions on my credit card linked from comgateway. Thankfully that was stopped before any damage was done
My other back credit card which was used on comgateway received quite a large bill in repeated transactions - this one the bill is in dispute so the bank will not waive my liability.
So do be warned if you transact with comgateway: Watch your credit cards!

User avatar
Posts: 3790
Joined: Tue Sep 30, 2003 7:06 am
Location: Toa Payoh


Post by Gary »

Source: http://www.todayonline.com/singapore/un ... ocal-point

Unauthorised credit card charges: comGateway emerges as focal point

SINGAPORE — In what is believed to be a case of data theft, online shopping and shipping portal comGateway has made a police report after it was identified as the “common point of purchase” for credit cards here that were recently hit by a wave of unauthorised charges.

comGateway Chief Executive Officer Danny Lim said the company was on Feb 11 notified by banks of the issue and it made its police report the next day.

Last week, customers of at least four banks — Citi, DBS, UOB and OCBC — had come forward to say they had been hit by unauthorised credit card charges from a Taiwanese merchant, though they had no dealings with that firm.

TODAY understands as many as 90,000 credit card details may have been compromised, of which close to one-third are believed to be from Singapore.

comGateway, which launched in 2005, reportedly has about half a million registered customers in Asia. Responding to media queries, Mr Lim said the company had notified affected parties and taken all necessary measures to address the matter.

“In compliance with Payment Card Industry (PCI) standards, we immediately engaged an approved forensics consultant to review and scan our systems to ensure optimum security levels were in place,” he said.

The Monetary Authority of Singapore (MAS) yesterday said comprehensive security measures for payment cards in Singapore were in place, but payment transactions also involve parties other than regulated financial institutions — such as merchants — and data theft can occur at these entities.

“Preliminary investigations indicate that this was the case in the recent incident of unauthorised online purchases charged to Singapore payment cards,” it said, adding that there has been a rise in incidents of data theft and fraud involving payment cards in many jurisdictions around the world.

The authority also said there had been no evidence to date of a breach of payment security among banks in Singapore. The measures rolled out to improve credit card security include the introduction of EMV chip cards in place of magnetic stripe cards and the implementation of the One-Time Password system to authenticate customers before online transactions with participating merchants are approved.

Contacted about the developments yesterday, a DBS spokesperson said customers who have previously made transactions with comGateway could contact the bank for a replacement card “for a peace of mind”.

Citi Singapore’s Head of Corporate Affairs Adam Rahman said: “Arising from last week’s incident, the card associations have provided us with a list of all credit cards that are likely to be compromised. We are reaching out to our customers via SMS and have started replacing the affected cards. We further seek to assure our customers that our systems are safe and all customer data is secure.”
email: gary[at]astro.sg
twitter: @astrosg

"The importance of a telescope is not how big it is, how well made it is.
It is how many people, less fortunate than you, got to look through it."
-- John Dobson.

User avatar
Posts: 1038
Joined: Tue May 25, 2004 11:15 pm
Location: River Valley / Tanglin Road


Post by starfinder »

Cloud Cover, Gary: thanks for the warnings. Good on you!

Lucky I don't have an account with them, but i suppose in theory this could happen to any gateway or merchant. Imagine if there was an 'insider' or Snowden type leaker at Paypal or Amazon: that would be the mother-of-all credit card data thefts!

Post Reply