HN Distilled

Essential insights from Hacker News discussions

Bank of Thailand freezes 3M accounts, sets daily transfer limits to curb fraud

Original Article

Hacker News Discussion

Here's a summary of the themes discussed in the Hacker News thread:

Widespread Financial Scams and Their Impact on Banking Practices

The discussion highlights the pervasive nature of financial scams, particularly in certain regions like Brazil and Mexico, leading to stringent banking practices. This has prompted banks to implement measures that, while aimed at combating fraud, can inconvenience legitimate users.

  • mlinhares noted the amazement of a US-based individual when learning about banks in Mexico and Brazil rejecting transactions at higher rates after 10 PM, a measure taken due to increased likelihood of fraud. They lamented, "It's sad that these scams are so widespread today that a heavy handed approach like this is necessary. Unfortunately doing these attacks is incredibly cheap :(".
  • dlisboa pointed out that the number of financial scams is highest in Brazil and Mexico, and that even US and EU banks might not have the capacity to handle the sheer volume, stating, "You canā€™t flag everything as fraud." They also detailed how organized crime in Brazil is shifting focus to financial scams, investing heavily and setting up legitimate-looking companies.
  • kattagarian brought up PIX, Brazil's money transfer method, and its criticism for being too easy, citing early instances where kidnappers forced victims to transfer money with no limits.

The "Too Easy" Nature of Digital Transactions Enabling Fraud

A recurring theme is the argument that the ease and accessibility of modern digital financial systems, while beneficial for convenience, also create vulnerabilities that criminals exploit.

  • kattagarian elaborated on PIX, stating, "Early on, kidnappers started taking people off the streets and forcing them to transfer all their money, because victims had no choice but to give their password, and there was no limit on the transfer amount."
  • catlikesshrimp recalled historical scam methods like "Paseos Millonarios," where criminals would force ATM users to withdraw non-suspicious amounts at night without needing the PIN, demonstrating that even older systems had exploitable design flaws.
  • kijin mentioned a similar fraud issue in South Korea, where criminals impersonate officials and use AI-generated voices for ransom demands, and noted that relaxed KYC since COVID-19 allows for account creation with just an ID image.

Measures Taken by Authorities to Combat Fraud and Victim Protection

The thread discusses the actions taken by financial authorities, such as freezing accounts and implementing new customer classifications, to curb fraud. There's a debate on the effectiveness and fairness of these measures, with concerns about collateral damage to innocent users.

  • "High value transfers should be subject to additional scrutiny to confirm itā€™s legitimate," suggested hnlmorg, showing sympathy for the proposed solutions. However, they added, "The hard part is making sure you balance that well enough so that youā€™re protecting against malaise without the bank then becoming a consumer problem themselves."
  • Stevvo highlighted a new classification of "high-risk" customers in Thailand, subject to a 50,000 baht daily limit, noting its potential inconvenience for legitimate needs like medical bills.
  • hnlmorg later clarified that larger transfers can be applied for and approved within hours, implying a balance between security and usability: "That means unusual payments like home purchases can be approved. But fraud is significantly harderā€¦at least in theory."
  • Assistant Bank of Thailand Governor, as quoted by walterbell, "acknowledged that current procedures for identifying and freezing suspected ā€œmule accountsā€ need refinement to prevent harming innocent customers."
  • fryry, residing in Thailand, stated, "many expat accounts have been closed down, making it very hard to pay bills etc. in the country. That will form part of the 3 million. Huge overreaction that will dent the economy and will no doubt be flip-flopped on in a few months time."

Technical Implementation and User Experience Challenges (e.g., Website Blocking)

A side discussion emerged regarding the technical implementation of websites, specifically the use of JavaScript to block text selection, right-clicking, and developer tools, which some users found "obnoxious."

  • ameliaquining described the website as using "some extremely obnoxious JavaScript that blocks text selection, right-clicking, and the view-source and developer tools keyboard shortcuts." They further criticized the utility of blocking developer tools, stating, "since anyone who knows about those features also knows that they can be accessed via the browser menu, which JavaScript can't block."
  • mystraline expressed frustration with browsers acting as "User agent[s]" but instituting "anti-agent choices against my will," questioning why these features couldn't be disabled.

Ambiguity and Misinterpretation of "3M" and Financial Abbreviations

A significant portion of the conversation revolved around the ambiguity of the "3M" in the article's title and discussions about financial abbreviations like "M" and "MM" for millions.

  • donatj humorously recounted, "I clicked the link wondering what Minnesota Mining and Manufacturing was doing in Thailand."
  • walterbell explained that HN auto-abbreviates titles, and provided context from an article stating, "To represent one million in finance, the abbreviation ā€œMMā€ is widely used. This notation originates from ā€œmille mille,ā€ meaning ā€œthousand thousandsā€ in Latin, equating to one million."
  • IndrekR questioned the use, stating, "The funny thing is, that MM in roman numerals means 2000. ... Is that the explanation? It is to avoid confusing with "M", mÄ«lle -- Latin for "thousand". Quite common in financial world still."
  • conductr shared their experience from finance, saying, "Iā€™m in finance and exclusively use the M and K to reference millions and thousands. Everyone says the MM is more accurate and I get that from a Roman numeral perspective it may be (if you ignore that it actually means 2000), yet Iā€™ve never once encountered anyone using M as a thousand in the writing or reading of financial figures."

Identity Verification (KYC) and Mule Accounts

The discussion touched upon the laxity of Know Your Customer (KYC) procedures as a contributing factor to the creation of "mule accounts" used in scams.

  • latchkey questioned, "How is it that people were able to create so many mule accounts in the first place? What sort of KYC was going on?"
  • sirn explained that individuals are paid a small fee to let criminals use their bank accounts, and that "grandfathered" accounts may not require current KYC, but banks are starting to enforce this.
  • bjcy noted that "many of the expat accounts have been closed down due to the laxity of individual bank branches in enforcing their own policies, which were taken advantage of by nefarious actors. Many expats attempt to open bank accounts on tourist visas... without proper identification."

Criminal Exploitation of Online Systems and Geopolitical Factors

The thread also explored the broader context of criminal syndicates operating globally, the potential for geopolitical motivations behind financial crackdowns, and the role of organized crime in international illicit activities.

  • A friend of a Thai user shared an update: "Not in trouble, it's the Chinese and Russians money laundering. Every Russian has had their accounts suspended, this was about half a year ago, now they are slowly doing the Chinese and Brits too."
  • walterbell linked to a report about "Myanmar, Cambodia and Laos have in recent years become havens for transnational crime syndicates running scam centres... which use enslaved workers to run complex online fraud and scamming schemes that generate huge profits."
  • hyghjiyhu mused, "Maybe I'm too suspicious but Thailandb is not a democratic country, was recently in an armed conflict. Could there be something more to this?"

Future of Digital Transactions and Fraud Prevention

The conversation extended to envisioning how future digital currencies and transaction systems might handle fraud, with a proposal for delayed transactions and stricter verification for large sums.

  • rr808 wondered, "I wonder in the crypto based future if there will be any safeguards to avoid scams and fraud. Instant settlement is not a good thing for me, Ideally any transaction over $1000 should take a week and can be cancelled. Transactions over $100k I'd like to go to a physical location and prove my identity."
  • FabHK cautioned against sender-controlled cancellation, stating, "if the sender can cancel transactions at their discretion, that enables another class of frauds. The solution has to lie in some trusted centralized party outside the payment system."