Transnational scam syndicates are sending foreigners to Singapore to commit credit card fraud using a new method that bypasses typical anti-fraud measures:

How the Scam Works

• Syndicates steal credit card details through online phishing scams
• They load these details onto mobile apps that can be controlled remotely
• They recruit foreigners in their home countries via social messaging platforms
• These recruits enter Singapore to buy expensive items (iPhones, gold bars, etc.) using contactless payments
• The purchased items are then sold for cash

Recent Cases

• Since November 4, at least 10 victims have reported unauthorized transactions totaling over $100,000
• Police have made multiple arrests:
  • Three Chinese nationals (Zhang Tianyu, Xu Zhaochen, and Li Xueqi) were arrested on Nov 6-7
  • Police seized $20,000 in cash, four gold bars, and 27 iPhones in this case
  • A Malaysian couple (Quek Jian Qing and Yong Huo Ying) was arrested in a separate but similar case

Police Advisory to Retailers

Retailers should watch for suspicious customers who:

• Make contactless payments without presenting physical cards
• Attempt multiple transactions with some failing
• Try different phones or cards for payment
• Don’t request tax refunds when buying high-value goods
• Conceal their appearance with caps and masks
• Have accents that don’t match their claimed nationality

If suspicious activity is detected, retailers are advised to discreetly halt transactions and contact the police.

The article notes this is part of a troubling trend, with scam numbers hitting record highs in the first half of 2024 ($385.6 million lost in 26,587 reported cases). Those convicted of cheating can be jailed for up to 10 years and fined.

Analysis of the Contactless Payment Scam in Singapore

Detailed Scam Mechanism

This scam represents a sophisticated evolution of credit card fraud, specifically designed to bypass traditional security measures:

1. Initial Data Theft:
   • Syndicates obtain credit card details through phishing operations targeting Singaporeans
   • These operations likely use fake e-commerce websites or fraudulent communications
2. Technical Implementation:
   • Stolen credit card information is loaded onto specialized mobile apps
   • These apps can likely emulate legitimate mobile wallets (Apple Pay, Google Pay, etc.)
   • The apps appear to have remote control capabilities, allowing syndicate operators to manage transactions from afar
3. Human Operations Layer:
   • Foreign nationals are recruited via social messaging platforms
   • These individuals serve as “runners” who physically enter Singapore
   • They likely believe they’re doing legitimate work for fast cash
   • The runners don’t directly handle stolen funds, avoiding technical classification as money mules
4. Transaction Process:
   • Runners attempt to make contactless payments at high-end retailers
   • They purchase high-value, easily liquidated items (iPhones, gold bars)
   • Multiple payment attempts are often made if transactions fail
   • Multiple mobile devices may be used for different transactions
5. Monetization:
   • Purchased items are quickly sold for cash
   • Runners receive a portion of the proceeds
   • Main profits are channeled back to the syndicate

Singapore’s Anti-Scam Measures

Singapore has implemented a comprehensive approach to combat scams, though this new method specifically challenges some existing protections:

Current Protections

1. Legal Framework:
   • Severe penalties (up to 10 years imprisonment for cheating)
   • Recent money mule laws that this scheme specifically circumvents
   • Rapid investigation and prosecution (arrests made within hours in some cases)
2. Police Operations:
   • Quick response to reports from retailers
   • Cross-border cooperation to tackle transnational syndicates
   • Targeted investigation teams focusing on specific scam typologies
3. Retailer Advisories:
   • Police have issued specific guidance to high-value retailers
   • Warning signs have been communicated (multiple payment attempts, contactless-only payments)
   • Recommendations for verification procedures, like requesting physical cards
4. Banking Protections:
   • Transaction monitoring systems (although these appear to have been bypassed)
   • Fraud detection algorithms
   • Card verification procedures

Gaps This Scam Exploits

1. Contactless Payment Vulnerabilities:
   • Less stringent authentication requirements for contactless payments
   • No physical card verification is required
   • Transaction limits that allow significant purchases
2. Retail Staff Training Gaps:
   • Staff may not recognize suspicious purchase patterns
   • High-value sales incentives may discourage scrutiny
   • Lack of standardized verification protocols
3. Jurisdictional Challenges:
   • The transnational nature complicates investigations.
   • Different legal frameworks between countries
   • Challenges in prosecuting syndicate leaders operating abroad

Recommended Additional Measures

Based on this analysis, Singapore could strengthen its defenses by:

1. Enhanced Payment Verification:
   • Requiring additional authentication for high-value contactless payments
   • Implementing biometric verification at point-of-sale for large transactions
   • Developing systems to verify the authenticity of mobile wallet implementations
2. Improved Retailer Protocols:
   • Mandatory ID verification for high-value purchases
   • Training staff to recognize scam indicators
   • Installing advanced fraud detection systems at point-of-sale
3. Consumer Education:
   • Increasing awareness about protecting credit card information
   • Teaching recognition of phishing attempts
   • Promoting regular monitoring of account activities
4. Cross-Border Cooperation:
   • Strengthening intelligence sharing with regional partners
   • Coordinating law enforcement operations across borders
   • Developing common legal frameworks to prosecute transnational fraud

This scam represents a concerning evolution that specifically targets gaps between anti-fraud systems, exploiting both technological vulnerabilities and human factors in retail environments.

Payment Fraud Landscape in Singapore:

• 49% of respondents have experienced payment fraud
• 33% of consumers feel less safe shopping compared to ten years ago
• 52% of businesses reported an increase in fraud attempts in the past year

Top Types of Payment Fraud in 2025:

1. Phishing

• Social engineering attacks to steal personal information
• Increasingly sophisticated, using synthetic identities
• In 2024, victims lost S$59.4 million to phishing scams

2. Refund Fraud / Policy Abuse

• Exploiting business return, refund, and promotion policies
• It can be conducted by professional fraudsters and every day consumers
• Experienced by nearly half of online merchants worldwide

3. Card Testing

• Test stolen cards to verify their active status
• Active cards can be sold at higher prices on the dark web

4. Friendly Fraud / First-Party Fraud

• Consumers making purchases and then requesting chargebacks
• Accounts for up to 70% of credit card fraud
• Costs the industry over US$132 billion annually

Business Response to Fraud:

• 66% considering partnerships with providers offering chargeback liability guarantees
• 62% using AI to prevent fraudulent transactions
• 60% recognize fraud increases during peak shopping periods

Additional Payment Trends:

• 31% of Singaporeans don’t carry wallets
• 48% used mobile wallets in the past year
• QR code payments grew 31% year-on-year
• 51% shopped via social media platforms

The report highlights the growing sophistication of payment fraud and the need for robust security measures in Singapore’s digital payment ecosystem.

Payment Fraud Versions and Prevention Strategies:

1. Phishing Characteristics:

• Sophisticated social engineering attacks
• Aim to steal Personal Identifiable Information (PII)
• Advanced tactics include creating synthetic identities
• In 2024, caused S$59.4 million in losses in Singapore

Prevention Methods:

• Implement robust second-factor authentication (2FA)
• Educate consumers about identifying suspicious communications
• Use AI-powered fraud detection systems
• Develop advanced identity verification technologies
• Regularly update security protocols to counter emerging tactics

2. Refund Fraud / Policy Abuse Characteristics:

• Exploiting business return and refund policies
• Conducted by both professional fraudsters and opportunistic consumers
• Difficult to detect
• Affects nearly 50% of online merchants globally

Prevention Methods:

• Develop clear and strict refund policies.
• Implement sophisticated tracking systems for returns
• Use AI to identify suspicious return patterns
• Set reasonable time limits for returns
• Create detailed documentation requirements for refunds
• Monitor customer behaviour and flag unusual return activities

3. Card Testing Characteristics:

• Fraudsters test stolen credit card details
• Aim to verify card validity
• Successful cards sold at higher prices on the dark web

Prevention Methods:

• Use advanced payment gateway fraud detection
• Implement real-time transaction monitoring
• Utilize machine learning algorithms to detect unusual transaction patterns
• Set up velocity checks to limit multiple quick transactions
• Use device fingerprinting technology
• Implement CAPTCHA and additional verification for suspicious transactions

4. Friendly Fraud / First-Party Fraud Characteristics:

• Consumers make legitimate purchases, then request chargebacks
• Accounts for 70% of credit card fraud
• Costs the industry over US$132 billion annually

Prevention Methods:

• Maintained detailed transaction and delivery records
• Implement clear communication channels with customers
• Use chargeback management software
• Provide excellent customer service to resolve issues proactively
• Develop comprehensive documentation for each transaction
• Create transparent return and refund policies

Advanced Prevention Strategies:

1. Technology Integration

• 62% of businesses now use AI for fraud prevention
• Leverage machine learning and predictive analytics
• Implement real-time fraud detection systems
• Use blockchain for secure, transparent transactions

2. Authentication Techniques

• Encourage second-factor authentication (2FA)
• Biometric verification
• Tokenization of payment information
• Continuous authentication during transactions

3. Consumer Education

• Raise awareness about fraud tactics
• Provide guidelines for safe online shopping
• Encourage vigilance and reporting of suspicious activities

4. Collaborative Approaches

• 66% of businesses considering partnerships with secure payment providers
• Share fraud intelligence across industries
• Develop cross-platform fraud detection networks

The evolving landscape of payment fraud requires a multi-layered, adaptive approach. Businesses must continuously update their prevention strategies, leverage advanced technologies, and maintain a proactive stance against emerging fraud tactics.

Maxthon

Maxthon has set out on an ambitious journey aimed at significantly bolstering the security of web applications, fueled by a resolute commitment to safeguarding users and their confidential data. At the heart of this initiative lies a collection of sophisticated encryption protocols, which act as a robust barrier for the information exchanged between individuals and various online services. Every interaction—be it the sharing of passwords or personal information—is protected within these encrypted channels, effectively preventing unauthorised access attempts from intruders.

Maxthon private browser for online privacyThis meticulous emphasis on encryption marks merely the initial phase of Maxthon’s extensive security framework. Acknowledging that cyber threats are constantly evolving, Maxthon adopts a forward-thinking approach to user protection. The browser is engineered to adapt to emerging challenges, incorporating regular updates that promptly address any vulnerabilities that may surface. Users are strongly encouraged to activate automatic updates as part of their cybersecurity regimen, ensuring they can seamlessly take advantage of the latest fixes without any hassle.

In today’s rapidly changing digital environment, Maxthon’s unwavering commitment to ongoing security enhancement signifies not only its responsibility toward users but also its firm dedication to nurturing trust in online engagements. With each new update rolled out, users can navigate the web with peace of mind, assured that their information is continuously safeguarded against ever-emerging threats lurking in cyberspace.