miniliew

DBS Bank Online Banking Mystery

Date: Jun 19, 2021

I have decided to blog this. Because up until today, it is still a mystery to me. I have no answers for this and it actually happened to me.

What actually happened?

On June 19, 2021, I have received THREE DBS DIGIBANK notifications on my iPhone within 2-3 minutes time frame. In the picture below was my screenshot of the 3rd notification I have received.

It is from DBS DIDIBANK.

It says “You’re accessing a DBS d2pay service. Autenticate using your digital token. 19/06 19:31”

When you CLICK on that particular notification, it launched the DBS DIGIBANK app immediately and brought you to the “Digital Token” page. As seen in the photo below, you will need to APPROVE or REJECT this DBS d2pay service. The date and timestamps are given.

Now, here is the scary part.

  1. I am watching TV with my sons at that particular moment.
  2. I was not doing any banking with DBS DIGIBANK at that particular moment, as a matter of fact, I was not even doing any banking stuff that day.
  3. That means, I was not using the DBS DIGIBANK app at that particular moment as I was watching Star Wars Bad Batch on Disney+.
  4. So, what on earth happened? And why do I received a autentication request from DBS DIGIBANK APP If I did not use that app!!!
  5. What is DBS d2pay service??? I don’t recall or remember I have used this before… means, I am not familiar with this service.
  6. Is there someone accessing my banking account? And if he or she is hacking into my banking account, why I received these three autentication notifications for this so called DBS d2pay service requests??? (three notifications requests)
  7. Now, here is the even scarier part…. how on earth this guy or girl get access to that DBS d2pay service and initiate a request? WITHOUT first getting a OTP token from me????? Because I did not received any OTP token autentication request. Let me explain more clearly on my doubts… when you use the DBS DIGIBANK app, the first step is to login with userID and pin code. Then, if you want to see your account status or initiate any paynow or bank transfer service, they will ask for a OTP verification.

Some thing like this. Only when you press APPROVE then, you get to perform the money transfer or paynow or looking at your account details. So, if I can receive the DBS d2pay service authentication requests (three times)… How on earth that he can access that DBS d2pay service without even passing the logon OTP requests, which I had never received any notification on that.

8. And of course, the only action I did is to press “REJECT”. And after I pressed REJECT, the 2nd notification came almost immediately after may be few seconds delay. Does that mean, the “hacker” is actually online at that time because when he or she saw the request was rejected, he or she immediately sent another and another requests after failed????? Because I received a total of three notifications after that.

What is DBS d2pay Service?

Since I don’t know what is DBS d2pay service, I have google it to try to get an understanding of what it is….

Oh… It is a payment method to make payment.

Hmmm…. I really don’t recall that I ever use DBS d2pay service as a payment mode. Unless is LTA related … like paying the road tax. At that moment, my first thought is could this be a GIRO service where I pay the road tax for my wife’s car? Because I remembered that my wife’s car road tax is about to expired in July and I used to have problems getting the GIRO working… and I remember, they using eNets which using the DBS payment…

But soon, I have ruled out that… Because the GIRO for the road tax will only be deducted on Jun 30, 2021. And the day when this happend is on Jun 19, 2021.

So, I still cannot figure out yet.

As there really isn’t any info on this. When DBS DIGIBANK notification came in, it only tells you that you have initiated a DBS d2pay service, it does not tells you FROM which merchant, i.e. where your money is sent to???? It does not tel you HOW MUCH money is going to be transferred upon your approval (pressing the APPROVE button)…

So, I think this is a bit screw up right? At least once you know who and how much, it is easier for you to decide your course of actions.

OK, this is what I will do… call 1800-111-1111 immediately.

I called Customer Service Immediately

Of course, this is definitely a hacking event that is happening… So, my immediate action is to call DBS Customer Service 1800-111-1111 immediately.

As usual, the waiting time is long, I think 15-20min until I speak to a customer service officer.

I explained to him what had just happened.

He then asked me “Have you used the d2pay service to pay any online purchase?”

I told him “no. I was watching TV when I received all these notifications.”

I then asked him all the question I have in mind… “how they get to the d2pay page?” “why I never received any OTP requests to access my account?” “This guy accessed my d2pay page without OTP and successfully make 3x d2pay requests… luckily they need furthur authentications and I rejected all three of them…”

He then say, “Wait, let me go and check immediately… first what is your full name… blah blah blah…”

A few minutes later… “Sir, I have checked thru all your transactions, there is NO transactions made in that time frame…”

“Of course, I have REJECTED them all!!!”

I said, “Is DBS bank being hacked? I saw some news on paper regarding some lady got scamed 10k because of this OTP thingy???”

“No sir…”

After talking and talking and could not get any answer, I knew it is pointless to talk to the customer service. Then I asked, “what can I do now, and how you ensure It wont happen again?”

“Sir, you need to change your UserID and Pin Code….”

And he taught me how to do jsut that. And that’s it. No answers given. And I don’t believe they will even investigate this as I have not received any followup phone calls from them after this incident.

Conclusions

I always don’t like the govenment website, especially those that wants me to use eNets with your bank to pay payment method. Because I always need to go to the web browser to turn of “block POP-Ups” just to let the eNets small pop up windows to pop up and allow me to make payment to some service. I really only recall that I did it for LTA’s road tax payment service. I believe that is only one time, after that I have done the GIRO payment method.

So, I think I certrainly did not set any future payment method using this eNet’s or d2pay service, etc.

So, why I received these 3x notifications of asking me to approve d2pay service.

Why there is no mentioend which merchant? how much money involve for this Digital Token requests?

The only thing I can conclude is let’s hope that this is just a GLITCH. No one actually hacked into my account and perform those d2pay service. You know sometimes glitches happened due to don’t know what reasons.

So, it remains another mystery.

But, when I see this news on the news paper… I just can’t stop thinking that … ar… never mind.. DBS bank is always secure. It is a national bank mah. So, they have to be secured.

Leave a Reply