Monday, June 04, 2007

Monitoring the YesPinoy.com Fraud and CyberCrime Case

One of the stories we featured, written by Danny Escasa, in the Philippine Internet Review: Ten Years of Internet History (1994 - 2004) was the credit card online fraud case of Total Solutions Software Inc. (TSSI).
-----------------------------------------------------------------------------

"Total Solutions Software Inc (TSSI) is a subsidiary of YES Limited, a Hong Kong-based IT company founded in 1988. In 2003, TSSI launched YesPinoy.com, a Filipino community Web site whose aim is to bring together Filipinos from all over the world and provide them with a means to contact Filipinos both in the homeland and those working abroad.

The service relevant to our discussion is YESPinoy Send Money, which provides members a way to send money to a SMART Money cardholder in the Philippines using a credit card and an Internet connection. YESPinoy also provides a mechanism for members to order SMART Money Cards for friends and family.

In the middle of October 2003, TSSI noticed irregular activity within their computer system. A number of YESPinoy members were sending money to the same individual, some successfully, but other transactions had not been honored by the credit card issuer. The registration details of members who had allegedly sent money to the same individual had details of persons in the US. Oddly enough, their access point was, according to TSSI's audit trail, a Philippine Internet Service Provider (ISP). TSSI then called some of the US residents who were supposed to have been sending money, and found that the latter had never heard of YESPinoy and had no connections with anyone here.

With the cooperation of SMART Telecommunications, TSSI found that the SMART Money Card that had been sent money was drawing cash from Automated Teller Machines (ATMs) in Quezon City. TSSI, after further investigation, worked with the National Bureau of Investigation (NBI) to conduct a sting operation that effected the arrest of three individuals who were detained at the NBI jail and charged with violations of RA 8484 (Credit Card Fraud), RA 8792 (E-Commerce Act), and falsification of public documents and estafa under the Revised Penal Code.

TSSI said that the design of their software enabled them to detect and trace the fraudulent transactions. The audit trail's revelation that members who were supposed to be in the US were using a Philippine ISP was key to breaking the case. One thing that TSSI officials wanted the public to know was that, when a credit cardholder disputes a charge, the issuing bank will decline the transaction and it's the merchant who's left holding the bag. In this case, TSSI would take the hit. It's important to mention this, because those who might intend to engage in a fraudulent credit card transaction have to realize that it's not the issuing bank (e.g., CitiBank or Standard Chartered) that absorb the loss, it's the merchant. In this case, TSSI had to account for the charges, which meant that they were spending money that wasn't going back to them, in contrast to the salaries they pay their programmers, which get TSSI code in exchange for money. If there are enough declined charges, TSSI could go out of business and their Filipino programmers unemployed."

Around that time, Charles Yeomans, Managing Director of the YES Group, was also interviewed at ANC to have a better understanding of the case in 2003.

Part 1


Part 2


When asked on the amount that was taken during those times, Paul Hubbard (Philippines country manager), said it was P15,000. This is the amount that they were able to spot. He no longer counted those that they disapproved in the process. But the point, according to Paul, was if the suspects were not stopped, the damage could have been worse.

What dragged the case were the technicalities, such as the motion to quash, stating that YesPinoy.com is not the rightful party to file the case against the suspects, among others.

It was only this year when Paul had been able to present evidence and proceed with the actual prosecution. The suspects plead “not guilty.”

As to how far this case will go remains to be seen. On the positive side, TSSI's aggressiveness in this case boosted its credibility as a serious e-commerce payment service provider in the Philippines.

We all must take proper precaution to fight fraud and identity theft online.

No comments: