The Bukit Aman Commercial Crime Investigation Department (CCID) is warning the public to be aware of a new wave of financial scam that sound deceptively simple, but one that has slowly been on the rise. The TAC scam, as it is now popularly called, has fleeced Malaysians of almost RM15 million in 2018 alone - and works by taking advantage of a fellow Malaysian's desire to help others.
What is a TAC scam?
If you’re a frequent user of online transactions, you will know that the Transaction Authorisation Code (TAC) is required to confirm and authorise a transaction. This code typically consists of six numbers, and is sent to your registered mobile phone number - meaning that you receive the code offline. This acts as a second layer of security should your online banking or credit card information get compromised. This form of security is known as "two-factor authentication", as it requires confirmation of an action via two separate mediums.
Now, if an individual manages to obtain your credit card or online banking information, the individual can easily use those to perform fraudulent transactions. But with two-factor authentication (commonly abbreviated as 2FA) enabled, you will need to authorise every transaction by inputting a code sent to your phone. Without this, the transaction cannot be completed.
How do TAC scams work?
The scenario will play out when scammers get a hold of the victim’s credit card details and attempt to perform a transaction using those stolen details. But with 2FA, a TAC will then be sent to the victim’s mobile phone for authorisation. There is only one way to get hold of this code, and that is by having possession of the phone which the code is sent to.
But is that really the only way?
Bukit Aman Commercial Crime Investigation Department (CCID) acting director, Datuk Saiful Azly Kamaruddin mentioned that scammers are daring enough to call the victim, claiming that the code is wrongly sent to them. Most of the time, the scammer may sound either apologetic and polite, or giving excuses like their parents putting the wrong number and needs to make an urgent transaction. In both situations, the scammers take advantage of the basic human nature of helping others in need. Since this scam has been on the rise, you can read more about the scammers' tactics of first "asking politely", before moving on to inducing panic in the victims.
When the scammers obtain the TAC, the transaction is considered "authorised". At this point, victims will need to lodge a report with the credit card issuer and hopefully get the charge reversed. But if it's for a funds transfer, you may be out of luck as recovering the funds will be a time-consuming process.
How to avoid TAC scams?
It may sound ridiculously simple and easy to avoid compared to other financial scams, but as it turns out, TAC scams are becoming prevalent in Malaysia. In 2017, TAC scamming cases started to rise with 202 reported cases amounting to RM11.6mil in losses while in 2018, 392 cases were reported with losses of RM14.9mil. This month alone, 33 cases have already been reported, with a staggering RM441,000 worth of losses.
Preventing TAC scams is easy - if everyone understands the fact that TAC codes cannot be wrongly sent to a different number! A credit card is tied to the cardholder's phone number, which means all SMS notifications are sent to that number and nowhere else.
A scammer may attempt to confuse victims by saying they recently switched numbers or something along those lines. If that is indeed the reason, it is that individual's responsibility to go to the bank to update their info - not by calling the number and asking for the TAC code.
Because it preys on a victim's lack of knowledge on 2FA as well as their willingness to help, TAC scams are more likely to affect the elderly folk and those who aren't tech savvy.
So remember, TAC codes CANNOT be incorrectly sent - no matter what the scammer may say!