….following fraudulent activities regarding customers’ accounts
REPUBLIC Bank Limited (Guyana) in a statement has confirmed that customers having difficulty in processing online transaction and being required to call customer care is as a result of additional security measures that the bank has implemented in collaboration with VISA due to a “brute-force” attack, which resulted in the fraudulent activity that the bank has been experiencing.
In May, Republic Bank issued a statement confirming that some customers were affected by “fraudulent activity” via their international Visa One ATM cards. Subsequently customers have found that they are not able to do online payments with the Visa service, and are required to call customer care to “activate” online payment. RBL says the bank is working on putting a toll free number in place.
“Customers who experience difficulty in attempting online transactions using their VISA OneCard are therefore asked to contact Customer Support using the following numbers: 1-800-271-4725 or 1-868-625-1200. Efforts are being made to obtain a toll free number in the shortest possible time frame,” the bank explained in a recent statement. The measure is said to have been implemented since June 8, according to a source.
The activation process sees persons being required to notify the bank of whatever online transactions they wished to engage in and provide details of the website where these transactions were being made. After doing so, customers would have to wait for one hour for the local main office to give an ‘all-clear’ before proceeding with the transactions. The activation lasts for 24 hours, and customers are required to call to re-activate the service every day.
“It could be challenging for persons who have certain businesses that need to do things over a longer period of time, it can be stressful to have to call in to them daily to get this thing removed from the card. That’s a challenge, that’s all I can say about my experience,” noted one affected customer who recently had need to activate her card to do an online transaction. “What you find is that the number aren’t toll free, and especially during certain hours like during the middle of the day or during the afternoon time you waiting there for like 10 – 15 minutes and you can’t get somebody on the other side to pick up. When they pick up they only clear you for online transaction for just 24 hours.”
RBL says the measure is temporary.
“The Bank sincerely apologises for this temporary inconvenience and seeks your continued understanding as we work towards a permanent solution with the safety and security of our valued customers being foremost in those considerations,” the bank’s statement read. “As earlier advised, this unusual activity was detected by the Bank’s monitoring systems, and in order to reduce the opportunity for fraudsters to continue the attack, the Bank in collaboration with VISA implemented additional authorising measures. These temporary measures have resulted in some legitimate online transactions being blocked.”
Some customers questioned why the bank never notified customers of the situation, with customers not becoming aware until they are unable to make their payments. “[Friday] morning I put money on the card and tried buying some stuff and the card kept getting declined so I went into the bank. I just asked what’s going on and they said they have put a hold on the card, I said so why wasn’t I notified that y’all put a hold on the card, because they call me when they have to get stuff or when I have to pick up stuff so it’s not like they don’t have my information or haven’t contacted me before. They didn’t answer my question. The guy just write down a number and told me call it and he said it would only be open for 24 hours,” commented another customer.
RBL is Guyana’s largest bank. The Trinidad-headquartered bank is scheduled to own approximately 51 per cent of both assets and deposits of Guyana’s banking systems following the announcement last year November that the bank was buying over the operations of Scotiabank in Guyana, and nine other countries. That sale is still to be finalised, as it is being investigated by the central bank. The bank is said to have already begun repaying customers who had money deducted from their account for unauthorized online shopping a payments caused by the “brute-force” attack. The bank reported that over $5 million has already been dispersed.
“Brute-forcing” is considered a common security risk that most institutions that offer international debit and credit cards can usually protect against, however it is possible for cases to slip through the cracks.
Brute-forcing is a trial and error method where by continually using changing sequence of numbers hackers can try to guess your bank card information – such as your account number, card expiration date, and the CVV number – all the information necessary to make an online payment, and with enough tries they can eventually correctly guess anyone’s bank card information leaving just about anyone exposed to fraud.
By developing means of making hundreds of guesses simultaneously, hackers can have all of someone’s bank card information within seconds. Republic Bank Limited (Guyana) says this was the case in its most recent situation. “Republic Bank (Guyana) Limited recognizes that over time, customers have come to depend on and trust the convenience of its international VISA OneCard in meeting their online and other banking needs. Recently however, there was what is described by VISA as a Brute-Force attack. Once that information is obtained, the fraudsters attempt numerous transactions at online merchants globally. While many of these attempts failed, some were also authorized resulting in those customers’ accounts being debited,” a statement from the bank explained,” the bank said.