PayNow case: UOB says 'Not our fault'
My friend Julie is totally pissed off. After more than three months of waiting for something to be done about her daughter Natalie's suspected PayNow fraud case (see story below), it appears that they are back at square one.
United Overseas Bank, which Natalie has an account and had $1,000 deducted mysteriously, has finally responded in a letter dated November 8, basically saying that it was not at fault.
It says in the letter: "According to our system, a PayNow transaction of S$1,000 was deducted from your UOB One Account on 24 August 2021 through UOB Personal Internet Banking (PIB). Please note that for such a transaction to be processed, it requires the customer to log in to the UOB PIB service with a valid username and password followed by 2-Factor Authentication SMS one-time password (OTP) which is sent to the customer's phone number registered with the bank.
"Our records show that the SMS OTP was sent to your registered mobile number ending with 2226 at 2.37pm on 24 August 2021 and this SMS OTP was verified at 2.40 pm on the same day. This indicates the successful login to PIB.
"We have checked the SMS messages that were sent to your registered mobile number."
What's interesting is that the bank, in the next paragraph, says "PayNow transactions can be done without the need for additional authorisation with a hard/digital token for transaction amounts less than or equal to S$1,000."
This begs the question: So why did the bank say it sent Natalie the OTP message when the amount deducted was $1,000? Natalie says the OTP did not appear on her phone.
Another obvious question is, what about the Elephant in the Room? i.e. the recipient of the $1,000. No one seems to be interested in finding out who this person is?
Surely he/she could be traced as the name/ID was given in the SMS message to Natalie. Julie says the bank has refused to disclose whether this person has an account with the bank, citing client confidentiality.
Meanwhile, Julie has turned to her MP for help as the newspapers have declined to publish her story and there has been no progress report from the police.
Which, understandably, has led Julie to this conclusion: "I am small fry and small cracker who cannot command the loud noise that the big shots can. That's why I am so pissed with the bank. If Nat is a wealthy or well-known client, would they treat her like a criminal who robs her own account?"
She says her main objective is to apprehend the perpetrator as the bank says its system is not at fault.
"But I think the onus is on the bank to help its 'valued' account holder and make things right instead of passing the buck to the client and the police. It is utterly wrong and irresponsible.
"Besides, its response is offensive, insulting and arrogant."
The bigger question, however, is still "IS OUR PAYNOW SYSTEM SAFE?"
Until UOB, the police and MAS succeed in cracking this mystery, the doubt will always remain,