Wed, Nov 07, 2018 - Page 12 News List

FSC fines Citibank for vulnerability

‘ISOLATED INCIDENT’:A cardholder exploited an error in the lender’s information system, allowing them to make 600 purchases totaling more than NT$63 million

By Kao Shih-ching  /  Staff reporter

The Financial Supervisory Commission (FSC) yesterday fined Citibank Taiwan Ltd (台灣花旗) NT$2.5 million (US$81,216) over a vulnerability in its credit card information system.

One of the bank’s credit card holders had exploited an error and accumulated more than NT$63 million in authorized charges between May and June, and later stopped paying the balance, the commission said.

Most credit card issuers in Taiwan offer a prepayment service that allows customers to temporarily raise their credit limits by making cash deposits at automated teller machines or via their online banking portals, it said.

For instance, if a cardholder’s credit limit is NT$100,000, their limit would be temporarily raised to NT$150,000 after depositing NT$50,000, but after purchases exceed the new limit, it would be reduced to NT$100,000 the following month, Banking Bureau Deputy Director Wang Li-chun (王立群) told a news conference in New Taipei City.

The Citibank cardholder originally had a NT$600,000 credit limit, but deposited cash in the middle of May before making 600 purchases totaling more than NT$63 million by the end of June, Wang said.

The bank did not detect the questionable transactions until the end of the period, he said.

Citibank’s information system had a logic error that approved multiple transactions exceeding the customer’s credit limit, even though the cardholder had only deposited cash once, he said.

The cardholder spent an average of NT$105,000 per transaction on luxury items such as jewelry, commission officials said.

“This is the first instance of a new type of credit card fraud,” Wang said.

The commission said it levied the fine on Citibank for its lax internal control measures and failure to detect the error, which contravened the Banking Act (銀行法).

The commission had also instructed the nation’s other credit card issuers to discern if their systems had the same error, which they did not, Wang said.

Citibank was in February also fined NT$8.5 million by the commission for misconduct by one of its employees and irregularities in its credit card billing system.

The bank yesterday said that it had voluntarily reported the fraud to the commission and law enforcement agencies, emphasizing that it was an isolated incident.

“No other customers were affected,” the commission said, adding that it could not provide further comment, as a judicial investigation is under way.

This story has been viewed 2489 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top