Not only in the US; Uber faces attacks for Fraudulent Credit Card Use in Singapore


(Brandon Bhangoo) #1

Uber's problems don't go away, they just mount up, creating layers and layers of issues to deal with constantly. Now, Uber faces problems in Singapore, where their customers are complaining that Uber drivers and now UberEats couriers are making fraudulent charges on their credit cards.

As of now, Uber has not yet discovered the source of the fraudulent use of the cards and the reasons could be from hacking, software glitches or bad server security. Uber also suggested to all their customers to set SMS notification for their credit cards, that way, all uses of the card will generate a notification alerting the customer to all and any use of their credit cards. This will enable them to react quickly.

So far, quite a few Uber customers in Singapore have filed complaints about fraudulent, unauthorized use of their credit cards for rides they never requested. Sherwin Loh, an Uber customer in Singapore, stated that he discovered two UberEats charges made to his credit card, one for $40 and the other $120 which he never made. In fact, he wasn't even in Singapore at the time. Loh was visiting the US, and the two receipts were sent to his e-mail within ten minutes of each other. The weird thing was that they were charged from UberEats in Russia. Loh immediately notified his Credit Card company which succeeded in blocking a third request that was in the system. Loh notified Uber of the issue but also erased the app and no longer uses it.

Another Uber customer, Caitriona Evans, an Irish national that works in Singapore said that she first learned about her problems with Uber from a DBS notification stating that they saw signs of unusual activity on her card. The day after she received the notice she found out that her card was charged over $4,500 for Uber trips since Nov.14th, just one ride was $500. She was so shocked that she was physically shaken and overwhelmed by the number of transactions made to her card in just one day. In fact, she was even more shaken by the fact that she never used Uber outside of Singapore. A DBS spokesperson explained that any customer contesting an illegal and unauthorized transaction would be provided with a temporary refund until DBS completes its investigation. They also stated that their systems integrate leading security technology and protocols to assure customers of a safe service.

These new claims come in just a few days after Uber released a notification to the public of a major hack that they had undergone in 2016, where they paid the Hackers $100,000 to delete all personal data that was stolen. According to their report, during October 2016, hackers stole 50 million Uber rider's personal information that included their names, addresses, e-mail address and phone numbers. They also took 7 million drivers information including around 600,000 US driving license numbers. Uber stated that no credit card, trip details or SS numbers were stolen. The hack attack was perpetrated by two hackers that gained access to a private GitHub coding site used by software engineers that worked for Uber. The hackers managed to gain the engineer's login credentials and access data that was stored in one of Amazon Web Services servers. With this login information, the hackers were able to access the rider and driver data and using ransomware, demanded money from Uber via e-mail.

Is Uber's security Lax?

McAfee's Chief Consumer Security Evangelist, Gary Davis stated that the cyber attack, as well as recent incidents, goes to show how rapid growth start-ups are prime targets for hackers since most companies do not integrate proper security measures in their software. They prefer to rely on the credit clearance company security without realizing that there is any number of ways to access the information which is dependent on how the customer inputs the information, which is from the Uber app or online website.

This statement was supported by security intelligence firm, LogRhythm executive Bill Taylor-Mountford, who commented on Uber specifically, stating that they have poor protective controls in general and weak protection of sensitive data as well as a total lack of monitoring, detection and response capabilities. This is easily traced to bad IT security and poor understanding of IT security.

Check Point Software Technologies Head of Marketing (Asia Pacific & Japan). Eying Wee said that Uber's software or servers could either have a glitch or have been compromised leading to the recent attack of Singapore based customers. Companies that store credit card data usually have in place stringent and constantly updated security protocols built into their IT software, and some even go as far as adding hardware to all I/O ports. Checkpoint is an Israeli based security giant known for securing thousands of fintech companies around the world.

One highly secure finance company, PayPal, is known for a very secure platform and reported that it had a 0.3% fraud rate for payment transactions that reached $350 billion last year. This is a very low figure when compared to a 1.32% fraud rate for most other merchants with good security precautions and protocols in place.

Rahul Shinghal, general manager (South East Asia PayPal) stated that their systems incorporated advanced risk models and algorithms combined with focused fraud management technologies. This combination of software and hardware is supported by a team of professionals that oversee the system and monitor all and every transaction, noticing any irregularities and dealing with them as and when they arise. PayPal employs a team of identity fraud specialists that constantly update and upgrade all systems.

Grab, an Asian based large ridesharing company stated that they have invested heavily in a strong anti-fraud security system and assures their customers of a bulletproof system.