‘WIPED CLEAN’

A marketing manager whose National Commercial Bank (NCB) account is linked with her mother’s says over $2 million was swiped by cyber criminals and a further $122,000 bilked from her credit card after she read a text message she said she received from the institution.

The woman, who asked not to be identified, said the theft left her mother hospitalised after she learnt that the money she had saved to cover the cost of a life-altering surgery had been stolen.

NCB, one of the country’s largest commercial banks, in an emailed response to a Gleaner query, said that it would not divulge information about its customers but provided tips on how they could avoid being defrauded.

“We do not provide specific details regarding any customer case in recognition of the importance of confidentiality,” the bank said.

Last week, the woman told The Gleaner that she received the text message with the subject NCB Alerts on November 1. She said the message indicated that a hold had been placed on her account. It further instructed her to quickly review her transactions at ncbtsa.com to restore access to her card.

The woman said that she did not click on the link.

She said on November 6, she accessed the joint accounts to do a business transaction for her mother and was shocked to see that it had been “wiped clean”.

She told The Gleaner that $2,014,000 had been taken from her mother’s account, and $93,000 had been removed from her account.

“Right now they’re putting my name to shame at Credit Bureau when it’s something that happened to me. It has been really horrible. My name bad at Credit Bureau, so if I want a loan in the future, NCB has damaged my credit,” the woman said.

POLICE REPORT

She said NCB told her to report the matter to the police while they investigate.

“It has taken a toll on me. It is frustrating and very draining. It put my mother in the hospital,” the woman said.

She said she contacted her attorney, Matthew Hyatt of Knight, Junor & Samuels, and ceased talks with the bank.

In a letter dated November 20, 2023, and addressed to Dane Nicholson, head of the Fraud Prevention Unit at NCB, Hyatt raised concerns that the bank’s maximum transfer limits were breached without triggering an alarm.

He pointed out that NCB’s real -time transfers to other financial institutions are limited to $500,000 daily and $1,000,000 monthly.

Transfers between own account are limited to $2,000,000 daily and monthly and transfers to third-party NCB accounts $500,000 daily and $1,000,000 monthly.

“In the instant case, well over the daily transaction limit was transferred to third parties unknown and unauthorised to our clients. One would have expected that our clients’ accounts would have been immediately restricted after the transaction limit had been exceeded for the day,” Hyatt asserted in the letter.

Further, he said in the circumstances, as outlined, his clients, who he described as “long-standing customers of NCB”, received no security alerts as to any suspicious activities being conducted on their accounts.

He also noted that the situation had put his elder client “in a health and financial predicament” as the money that she had in her account was earmarked for surgent intestinal surgery within a few weeks.

Hyatt said that his clients did not act negligently with the handling of their accounts and had reported the matter to the fraud squad a day after the money was discovered stolen.

“We now use this opportunity to ask the bank to further investigate the matter at hand and to restore our clients’ money in full in the interest of good customer relations and in good conscience,” the attorney said in the letter.

NCB did not respond.

Yesterday, Hyatt argued that customers are increasingly falling victims to various hacking schemes and insisted that banks have a duty to protect them and to safeguard depositors’ funds.

“In the United Kingdom, the government is developing a new scheme that will oblige banks to compensate scam victims as the losses continue to grow.

“The rule is being enforced by the UK’s Payment Systems Regulator and will see reimbursements costs split equally between the bank that sends the payment and the bank that receives it,” he said.

“If we cannot address this issue in a meaningful way then Jamaica is not ready to go cashless, and more unsuspecting customers will fall prey to scams,” the lawyer told The Gleaner.

He said a review of regulations is overdue to ensure proper governance of how depositors’ funds are secured.

Hyatt said that this would add confidence to the financial system “lest we run the risk of placing funds under our beds once again”.

In September, The Gleaner reported that a teacher was left devastated after phishers emptied her savings of $1.8 million and took out a $1.6-million loan on her NCB account.

But NCB said that the majority of fraud losses occur when victims click on links or share their confidential and private information online or over the telephone.

“To safeguard our customers, NCB has long implemented a strict no-link policy. NCB will never send a customer a link via email or SMS related to their account. Furthermore, we will never call and request confidential information such as your username and password, PIN, bank account or card number, or Token ID,” it said in an emailed response to The Gleaner yesterday.

The bank said that it was the first to adopt this policy within the industry and has actively engaged in consumer education efforts since 2015, in collaboration with the Ministry of Science, Technology, Energy, and Mining as it was known at the time.

“We continue to communicate through all our channels, including our recently launched ‘Fighting Fraud Fridays’ weekly tips,” the bank said.

kimone.francis@gleanerjm.com