7th December 2022 – (Hong Kong) Tap & Go sent a SMS message to a netizen saying that “in view of a recent potential payment cards data leakage in the market, your Tap & Go MasterCard has been temporarily locked for security purpose.” It is unknown how many users of Tap & Go have received the message which was sent this evening.
Tap & Go is Hong Kong’s first mobile wallet which incorporates both Mastercard® and UnionPay card schemes, the Tap & Go wallet can be downloaded and activated on smartphones and is designed to pay online and offline retailers that accept Mastercard or UnionPay. Users can control their spending with the prepaid mode. It is owned by HKT Payment Limited.
Meanwhile, many users of Standard Chartered Bank credit cards reported fraudulent transactions recently. All of them were in Hong Kong but they kept receiving text messages notifying them of unauthorised transactions. Many victims tried to call the credit card centre to report the incident to cancel their credit cards, but the line was always busy and no one answered. One of the victims lamented that 17 unauthorised transactions were carried out on his credit card within a short period of time. Each transaction was around US$9, which is equivalent to around HK$1,191.
In response, Standard Chartered Bank stated that it has recently discovered an upward trend in related fraudulent transactions, and has immediately strengthened relevant monitoring systems and customer protection measures. Standard Chartered reminds that if customers find unauthorised transactions, they can immediately block their credit cards through online banking or SC Mobile and submit a dispute request for credit card transactions within one month. The bank will contact the customer to follow up and proceed according to the mechanism investigation. If it is determined that the transaction is not authorised by the cardholder, the cardholder shall not be liable to pay for the transactions. In addition, Standard Chartered said that customers may have to wait for a long time to call the service hotline, and apologised to the affected customers.
Meanwhile, HKT which owns Tap & Go also sent an email to its customers warning about scammers impersonating The Club via phishing SMS to solicit personal information and credit card details. The Club is HKT’s customer loyalty programme and digital ventures arm.
It seems like the data leakage may be caused by phishing SMS but it has not been verified as of now.