I’m in Bangkok now. This morning, I put my card into an ATM to take out money. The ATM showed “insufficient funds”. I thought the machine was broken or something. But I got the same message from two other ATMs. I panicked, checked my bank account with my phone, and I realized I have “$0.00” in my Citibank account.
That means nothing?
Someone withdrew about $250. But when I looked it was $250. But when I looked, $250 was withdrawn more than ten times in just 6 minutes:
$4,000 USD was emptied out of one of my bank accounts.
It was the money left from my crowdfunding campaign that I needed those funds to finish filming the rest of my documentary.
Why it happened
Card skimming happens often in Bali (just today I met several people who told me they got skimmed in Bali at the #nomad chat. Check this article out: Bulgarian woman busted for sophisticated and lucrative Bali ATM scam).
Skimming works by putting a small device on top of the ATM card reader. The device copies your credit card numbers and a hidden camera records your pin-code. They could even use a fake pin-code pad to take your pin.
I was totally panicking. I’ve heard about it, yet never thought it would happen to me. I made a call to the Korean Citibank immediately. They had me on hold for what felt like a year. Finally, they came on and I tried to explain my situation.
To my surprise, it seemed like this kind of thing happens quite often based on the reaction of the customer support agent. I asked them how this is possible and if there was any way I could get my money back. The only answer I got was “the department in charge of this issue will contact you in 3 business days. And it will take up to 60 days for investigation.”
I hung up the phone utterly devastated. People around me were wondering why I was so sad as they believed that my bank would cover my loss as it was obviously theft. The thing is, what we are talking about is not an American or European bank… it’s a “Korean” bank. And they do things differently, I soon learned…
What the !%(*# is up with Korean banks?
I know many stories such as this one Korean traveler girl saying in her book, who had a similar experience while she traveled in Africa. After several months of investigation, her Korean bank refused to give her money back, and the bank claimed that “this is completely the customer’s fault; she should have taken more care of her own pin code”. I don’t know how she should have taken more care of her pin code, when the skimming machines just steal it. It’s an insane reply.
I also know of another story of someone who got back only 80% of the stolen funds after a huge struggle with the bank for a long time. In this case, the bank claimed that this was also the customer’s fault as they classified it as “carelessness”.
The reason why I don’t think getting my money back would be easy is:
- Korean banks always avoid taking responsibility in these theft cases.
- Korean regulations are very much pro-bankers and not pro-consumers.
- So, it’s very likely easy for banks to deny their responsibility or even dismiss this whole thing as a self-fabricated scenario.
Some of my Korean friends said that based on their own experience, it would be easier to get a refund from the bank if I hadn’t been in Bali. Because now they can suspect I took the money myself. So now I’m in the position that I have to prove that I am not a part of this fraud.
Why are Korean banks on the thieves’ side and not on their customers’ side? If they don’t trust their customers, then why should customers trust them and put their money in their hands?
It’s the symptom of a deeper problem
Actually, this is also very much related to the many issues with online banking in Korea. For example the one-click payment system that Amazon has is impossible to adopt in South Korea, even though it has an extraordinary IT infrastructure. It takes 10 seconds to make a payment on Amazon, while it takes 10 minutes on a Korean online shopping site.
Because if you want to buy stuff online in Korea or access your Korean bank account on your computer, you should get through this challenging install process with ActiveX. If your computer is Mac, don’t even think about it.
Banks and financial authorities in Korea avoid adopting a new system in order to not take any responsibility on any issues that might be caused by the changes. They’d rather keep the old payment system and let customers suffer and burden themselves by the pro-bank law.
It’s a country stuck in the past:
By law, anyone using online banking in South Korea must use a “digital certificate” issued by a bank. This process requires an ActiveX plug-in, an outdated technology developed by Microsoft that is broadly ignored by web developers outside South Korea and is incompatible with internet browsers except Microsoft’s unfashionable Internet Explorer.
“Because of ActiveX, Korea has become a number one place for hackers,” says Lee Min-wha, a professor at the Korea Advanced Institute of Science and Technology. “South Korean internet users are trained to click ‘yes’ to everything.” – South Korea suffers poor cyber security controls
Why do banks get away with not being responsible?
- People who retired from Korean financial authorities often get a job offer from banks or private companies who make and provide these ridiculous security solutions. So they’re connected.
- Using these processes and current regulations, banks can get out of taking responsibility for any kind of online financial incident. They can claim “The customer agreed to assume responsibility”, instead of improving their system and taking a responsibility for unavoidable accidents.
There have been many discussions on Korean banks’ ridiculous exemption clause, collusion between private companies and financial authorities, and insecure online security. I was aware of these problems, but now I’m a victim of it.
Wish me luck.