A pensioner from Aargau was the victim of a phishing scam that enabled criminals to gain control of his credit card and mobile phone, allowing the authorisation of money transfers for more than 10,000 francs to a cryptocurrency platform.
The 73-year-old was tricked into filling out a refund email from Sunrise, the Swiss telecommunications provider, where he was asked to enter his credit card details and mobile phone number. The fraudsters then used the information to penetrate his Sunrise account, transferring the victim’s mobile phone number to a foreign device via a digital SIM card. This allowed them to intercept all SMS codes of the Cornèrcard security system and authorize money transfers on the cryptocurrency exchange Binance.com in Lithuania. These transfers came to a total of 10,263 francs, distributed in 11 different transactions throughout the night.
Cornèrcard, the Cornèr Bank brand in charge of issuing credit cards, is taking no responsibility for the fraud. They have stated that “all transactions were authorised by entering the correct SMS code, therefore, there is no possibility to complain about the amount or to claim a refund". Additionally, they indicated that their terms and conditions clearly state that all card debits made after authorisation are "attributed to the cardholder, making them legally valid and binding" and the company accepts "no responsibility" for any misuse by third parties.
Despite the victim’s acceptance of his mistake and readiness to bear the consequences, he still believes that Cornèrcard is partly to blame as their security systems did not work: if someone has a regular pattern of credit card usage – monthly transactions in the low three-figure range - and then suddenly, in the middle of the night, spends thousands of francs on a cryptocurrency platform in Lithuania, the credit card issuer should be suspicious.
Nicolas Mayencourt, Founder and Global CEO of Dreamlab Technologies, agrees with the views of the victim, that Cornèrcard is partly to blame and should assume a greater share of the loss: "If a pensioner suddenly changes his payment behaviour, such as being active in the middle of the night on a crypto platform, a red light should go on at Cornèrcard. When detecting a high level of transactions within a short time, the credit card issuer should have automatically initiated a credit card block, placed the payments on hold and called the customer for clarification.”
