Around 2:46am to 2:52am received sms messages.

The card was just replaced earlier this month because the CVC and expiry date scrapped off.

Most of the purchases were for groceries (tap and pay machine). Towards the third/fourth week only, there were some purchases made on Lazada/Shopee. The Lazada/Shoppee APP and transactions were made on X phone.

OTP is sent to Y phone, registered with the bank.

Its really annoying and I am wandering whether the compromise is X phone, Y phone, Lazada/Shoppee App?

Is there any malware app or app to lock certain apps (like messaging, SMS OTP is sent)?

P/S: called the bank about the unauthorised transaction. card has been blocked and replacement on the way.

This post has been edited by aurora97: Sep 3 2025, 09:39 AM

First, you have to call bank to report unauthorized transaction and terminate your CC then only find the root cause.

This post has been edited by nebula87: Sep 3 2025, 09:29 AM

I also kena one Microsoft purchase for USD 9

Yup, call already. Replacement card on the way.

U will never find out who's fault is this. Bank will issue you new card and reimburse u within 30 working days after u submit dispute

I kena RM 9k before haha
Bugger purchase Walmart

Pakai ABMB Virtual Card aje... minimize exposure of main card.

What's your X and Y phones? for reference purposes.

This post has been edited by svchia78: Sep 3 2025, 10:01 AM

Credit card is safer, the bank will definitely fight back for the disputed transaction

Touch wood, have't kena such a high amount before but its really annoying. Just wandering whether phone is compromised.


X phone = wife phone actually, she use her lazada/shoppee app to buy stuff using my card.
Y phone = this phone, the number registered with the bank but no banking apps. The banking apps all in Z phone.
Z phone = all banking apps are here but OTP send to Y phone.

kena few times by Stan Chart

all the times, card cancelled and replaced.....

Sometimes even a card that never been used before also will kena fraud transaction. Go figure.

Must be leak by internal ghost!

kena once buying things at samsung.com

then
1. fb ads
2. icloud subscription
3. canada online shop

You did the right thing. The bank is also good on sms all trsc triggered to you. Probably 3rd party info compromise happen along the way. Not sure where it happened.

This post has been edited by max_cavalera: Sep 3 2025, 10:20 AM

Just wondering if the card can recreate a new virtual card manually?
As in changing a new card number for security purposes.

Also, does ABMB credit card app allow NFC / wave pay from phone?

Smart move on calling the bank to block the transaction, this happens probably someone stolen your CC info from website or the place where you swiped the card steal your CC info.

A friend just kena few days ago. Same card. $0.50 unauthorized transaction.

inb4 uob has fallen

The main purpose is to create virtual cards to separate them from your main card number. Both are virtual (main and additional cards of different numbers). No physical card at all.

Main card - number is permanent - can wave only for Samsung Pay and Google Pay - some say Apple Pay support "coming soon".

Virtual cards - can create for single-transaction use OR can create for multiple-use with set transaction amount per useand set validity period (as long as within main card's validity). Virtual card cannot be used for wave with Samsung/Google Pay.

E.g. have set up a virtual card for my Hotlink Postpaid for RM100 per transaction and valid same period as my main card.

Another virtual card set up for insurance payment.

check for malware in phone

do any transactions on pc?

last time i bought something on overseas website, then already got 1 unauthorised transaction, funnily enough its an uber.

transaction mainly on mobile. Sreened for malware, nothing.

I suspect is online transactions are the most prone to unauthorised transactions i guess...

Is there any App that can download or buy that can help block or shield certain transaction/messages from being read by third party?

If not PayPal...it's steam purchase

................

Shield certain transaction message.......
No1 should ever read any of my messages.

But I tell you honestly, average people use high tech device, always come with tons of risk. There is no cure.


When we in Nokia era, we are safer. Why??
Phone 2g, can't run apps, no banking apps at all, and phone no internet too. 200x safer than now.


Problem is always average people don't understand tech.
And tech goes too fast



I m a soft dev I know, if we develop a function allow user to read message
The user always know how to share his private access to 3rd party

The only safe tech is no tech at all

U didn't did the most crucial move

It written frm PayPal

Your answer is there and PayPal quite efficient on resolve scam.


What average people always fail is when breach happen
The bombard everything (terminate account)

Which is pure stupidity.


U need to study how the breach happen
Is 1 of your email account compro? Device??
Did u made a trans on a suspicious website??
( Note for average with low IQ, suspicious website never looked suspicious, as least for average person)

You can just blocked the card but not terminate it..
You need to find root cause... While keeping the account in service


Average ppl common procedure
Terminate card, then socmed cry father mother said Bank security like shit....

Then in next few years shit keep repeating

Using some ewallet app? Any banking apps?

I don't have paypal account.

There are 3 phones involved. Phone X did the transaction. Phone Y had the OTP. Phone Z had the Banking Apps. The phone number registered with the bank is Phone Y but the emails are in Phone Z.

The transactions are made on Phone X, mainly on Lazada/Shoppee App.

This is same credit card. Earlier this month, requested for replacement because CVC and expiry date rubbed off. Bank replaced credit card with same credit card number but different CVC and expiry date. Some purchase was made with Lazada/Shopee App during PayDay sale. One week later unauthorised transactions appeared.

Called bank, block card and replacement sent. When they send replacement, the old credit card numbers are discontinued, and I get new card with new numbers. Essentially, is terminated.

Nope. No eWallet and banking app for both phone X and Y.

HSBC is now recommending NOT to save your CC info on any website. For many people that is inconvenient, but it protects you from any data leaks if that website was compromised or hacked.

Did you happen to save your cc details at the Shopee app? If yes, that might be the reason.

Once i get my replacement card i stop saving my cc details in Shopee, 0 incidents.

Normally, there is no option. You have to save first and then remove CC details later.


Ya, i reckon that was the problem but we removed it later on. I suspect so much it might be Shoppee.

are you using android?

any apps that are installed using apk? any apps that are installed outside of the google play store?

screen your apps again, and check the permissions given to apps.

recommend to delete any weird apps, like calculator with extra functions, 3rd party notepad apps, etc.

Switch to iOS
end of discussion.

I saved my credit card info at a lot platform Lazada, Chrome, Facebook, youtube, Apple, Shopee, Google, TnGo etc but never get such case.
I think nothing related to them as they has heavily regulated payment gateway.

Know your stuff. Did you downloaded any sideloading apps?
.apk? VPN shit? remote app? visit public WIFI constantly?

Nope, my phone do not have much apps nor do i key in/save my cc info elsewhere. Only Shopee. Coincidently once i stop saving my cc details in my Shopee acc all this stop. Not just me, my wife also same. Once she listen to me and nvr save cc info in Shopee, no more unauthorized transaction.

I always tell my mom becareful of the scam technics out there when you using phone
beware of the stranger msgs, the link they sent etc

last week she asked me why her phone storage become so low
and she did install the CLEANERAPP for her iPhone to clean up all the space!


dam.....i delete asap at the spot and tell her it's only ad at facebook that lure you to download the app
it's not really low storage with your phone

sigh, no matter how we educate
sure got accident one

I don't understand why banks don't require OTP or secure authorization for every transaction?

is there any option to enable this?

I also kena 1 month ago

In Malaysia, 2FA Secure transaction is mandatory, not at other country.
That's why you see the transaction are outside Malaysia.

yup, some platform does not have the opt out option to save your credit card details.

and they make it very hard , hidden behind layers of clicks for to unlink the credit card details.

My HSBC card also just kena recently, a purchase at wallmart.com but for USD0.00. Before I call HSBC to report and terminate my card, the customer service called me first and verify with me whether I did the transaction or not. In which they terminate my card and send me a replacement few days later.

This early morning I tried to purchase tickets from China airline, my CC (Hong Leong) terus blocked the transaction and deactivated my card. Since it was past mid night, takda orang could reactivate my CC, so had to use wise debit card to purchase the tickets.

Last month I could purchase tickets from Shenzhen airline no problem (same price) using the same CC, also past mid night. Don't know why China airline triggered the bank.

on the other hand I read banks have insurance against these frauds. and they can refuse to pay the platform , so the refund is easier for credit card.

Debit card is hard, because the money has been transferred to the platform.

Never save cc details in any online platforms? Did you?
Jgn malas, key in new as and when in use.

previously kena suddently got call from SC said ada purchase onlyfan ke amount 400+ usd..gile betul lucky SC call dlu b4 release

This one satisfied already, then tell bank is unauthorised.

my phone felt a bit buggy for couple of days. and microsoft defended told me got some shit virus detected and removed. after that, I got scared and went to sign up malwarebyte for 2 years... and than the next day kena microsoft charge usd9... trus... call Maybank to repot fraud.


I am suspecting some of those file shared by those massive whatsapp group is very questionable. even though I never open those shared "apk" or other application for sideloading to the car's infotainment system.

Other than that is some pdf or other documents constantly being shared. While I strictly warn my Boss, pls do not ask your other Boss to send me questionable NSFW type material to my phone, since I use it for work, banking and personal... so sus....

my wife uob CC just got hacked, 9 transactions, online book and gaming purchase all in usd .Luckily not much . it was like 0.99, 1.00, 19.99 usds.
happened early morning like 4.30am to 5.30am. direct call bank to block the card.

i no longer using credit card only debit card

and nowadays, those digital bank got saving pot , so if got extra money, put in saving pot and earn interest daily and dont have to worry about unauthorise card transaction

mine also kena for replacement card harimau amex

macam insider job... why replacement only kena?

Ya, using android, older version Note 8. Need to throw already, buttons keep coming out and no longer have any software update. My previous phone (before kong) acting weird like kena hack (a lot of spam calls and OTP messages saying that i subscribed for ....).

I think android phone r really prone to malware.


me poorfag, milo tin available.

Never download .apk files, mainly on Pdf.



Hong Leong's AI is a bit retarded.

Anyway, so far not encountered any problems, I transferred RM 50k for bill payment using credit card via jompay, system just jalan like usual but UOB immediately block, have to get pre-authorization each time.

I downloaded Malware detection apps also, after screen, found nothing. Delete and then install another app to scan but still nothing.

Hardly download any files from whatapp unless i trust the person.

Anyway, transaction done on phone X with my credit card, how did he know to get the OTP from phone Y? Unless, manage to hack both phones?!?

1st replacement - the CVC and expiry date not visible anymore. The bank says, "Okay, replace with same 16 digit credit card number but different CVC and expiry date only."

The only different shopping pattern is that we started to buy stuff from Shoppee in conjuction with PayDay Sale.

I don't think is an inside job by the bank side but more only third party platform or my phone compromised.

may be worth it to do a full factory reset. on both devices.

back up everything, deregister your device from all banking apps.

then do a reset.

what malware detection app are you using?

android more prone to malware because of sideloading, a double edged sword.

need to be vigilant especially this day and age, phishing becoming more and more advanced.

Malware detection app - Avast and spyware detector.

Banking app all in phone Z, not an issue. The only issue is that the contact number with bank is registered to my phone Y.

Even split 3 phones still get unauthorised transactions.

Good to know that virtual card can be configured with additional features, this way will be safer.

With Samsung Pay / Google Pay, majority of phones are supported.

Thanks for sharing.

No need to use a virtual CC with Google/Samsung/apple pay. They will use a generated virtual CC on the fly. If buy stuff online and they support Google pay, I will choose this option since they won't know my main card number.

>recently kena for OCBC
topkek
Nearlee

how PRO trace transaction.

1. identify the Payment Processor.

2. on bill, read who "Request the Transaction", in your case PayPal.

3. You mention you dont have paypal account. Nothing wrong, i dont have a Maybank account, can a Maybank terminal process my hongleong card? Yes.

4. Block the CARD = this CARD is SAFE. IF you dont find the root cause, this will still haunted you in near future.

5. Go to paypal, raise a ticket, inform un-auth transaction with XXXX card. request investigation.

6. Paypal will told you, "Who, sent your card info, to request the payment"

7. from there you can block the Source, and maybe with enough complain, this "scammer" may be terminated from Paypal.




For me, blocking is not TOP priority. Finding ROOT Cause = TOP MOST important.
this is how you can Completely solve the problem.

WHO, WHEN, HOW, they get your CARD info to request payment.

DOnt blame BANK...
you pass your card to your wife to shop online oversea.... in somecase, small amount, can just auth success with correct card credential.

I got 2 CCs, 1 i got save in TnG, Shopee, TIME, Maxis, Digi, etc.

Another one is in my wallet only as a backup.

The backup wan kena

Its likely your X Phone

Y Phone only receive OTP, so no info to get there to compromise.

OTP is also not a surefire way to validate transactions. Whether 2FA is shown or not, is actually a flag on payment networks, not all payment endpoints need it.


Android gives you that level of granular control of what apps can access.

However, the best bet is still your own discipline and awareness. Sometimes its not even your fault. My card got terminated once without me knowing. The bank called me in the morning to let me know because their fraud detection found it was part of a leak, so they pre-emptively terminated it and re-issue.

If your bank is good, by default it will block on suspicious activity, then you call them to unblock after you verify that the transaction was valid. I used to kena a lot for FB ads charges last time.

However if your card is compromised already, its SOP from the bank to terminate it la. A lot of times, scammers already tokenize the card. Even if you resolve the leak on your end, the card can still be charged. Safest bet is to just get a new card number, which is normally done within a week.

Never thought can do this, thanks for this. I will try this out with paypal.

Adui.. I can only deduce, must be the one se-pillow hack your wallet in your sleep 😳😳😳














Pulling your legs je 🙏🏻

This post has been edited by jojolicia: Sep 3 2025, 04:18 PM

I've experienced similar situation like you.

I just received the renewal card of my Ambank debit card. Just activated for 1 day. And next day my card get unauthorised transaction.

I've been using this card since 2019 and never get any unauthorised transaction. So weird.

Hi curious. Credit card number 9th to 16th. How many 0s?
Example xx00 x0x0 like this.

Demm, same with me. Always kena my standard chartered card. 3 times card replacement in 5 years lol.

Now no more autopay enrollment and online purchases using SC. Only use with samsung pay.

This post has been edited by saiga: Sep 3 2025, 09:34 PM