More cases of alleged wrong food delivery charges after Gatchalian shares credit card hacking experience

January 6, 2021 - 5:47 PM
Sherwin Gatchalian in Senate
Sen. Sherwin Gatchalian in the Senate on this photo uploaded on his official Facebook page on Jan. 5, 2020. (Photo from Senator Win Gatchalian via Facebook)

Other alleged victims of credit card hacking surfaced online after Sen. Sherwin Gatchalian disclosed that a hacker used his credit card to purchase P1 million worth of items from a food delivery service.

The lawmaker on Tuesday shared a screenshot of his credit card’s transaction history showing the purchases through Foodpanda made in less than an hour.

“My credit card has just been hacked! May nag-order ng P1M worth of food sa Foodpanda in less than an hour. Ano ‘yan, lauriat para sa buong barangay???” Gatchalian tweeted.

In the replies thread of his post, the senator added that that the hacker managed to change the registered mobile number and have access to the one-time pin or OTP.

“He knew what he was doing. I just don’t know how he will eat a million worth of food,” Gatchalian said.

Based on Gatchalian’s screenshot, three of the transactions were worth more than P300,000 while the fourth one was worth over P96,000. It amounted to a total of P1.07 million.

The orders were made from 4:47 p.m. to 5:49 p.m. on Tuesday.

Gatchalian said in another interview that he only noticed the unusual transactions at 6 p.m. on Tuesday and added that his credit card was being hacked “the whole day” that time.

He said that he is used to ordering stuff online especially amid the coronavirus pandemic but added that a P2,000 worth of purchase is already big.

The lawmaker suspected that there is a possibility the hacking could be an “inside job,” among others, but said that he will wait until the investigation is finished.

“I don’t rule that out. In fact, I don’t rule out na mayroong coercion to and I don’t rule out mayroon ‘tong cooperation or insider cooperation. Pwede sa Food Panda, pwede rin sa bangko, pwede rin sa iba pa. We need to investigate this but we cannot rule out anything right now,” Gatchalian said in another report.

He said that he will file a police report at the Valenzuela Police Station on Thursday so that the incident can be probed by cybercrime experts.

Gatchalian likewise urged banks to strengthen their security measures following his hacking experience.

“Itong mga hacker, nage-evolve ‘yan, nagi-inovate din. Tinitingnan nila kung saan sila pwede lumusot. Nakita nila, very loose itong pagpapalit ng number, napalitan nila. Moving forward, dapat palitan na ngayon ng bangko ‘yung kanilang sistema,” he said.

Meanwhile, at least three other Filipinos claimed of being hacked that involved transactions from Foodpanda as well.

“Same thing happened to us for the whole month of November until Dec 15. Dumating first and second bill namin with food na hindi kami ang umorder. Bad news about it is pinapabayaran pa ng bank kahit hindi kami ang umorder and ayaw ibigay ng Foodpanda info ng nag-order from their system,” a Twitter user wrote.

“Every day since Nov. 1 til Dec. 15 nago-order thrice a day sa Foodpanda while we are out of the country. Kawawa lang kasi we never got any help from Foodpanda to trace the person who used our card!” she added.

Another Twitter user shared a transaction list and claimed that P79,000 was charged from his card and was used via the food delivery service as well.

“OMG this happened to me also!! When I woke up, I was about to buy food for brunch tapos pag-check ko ng Foodpanda ko, may nasa cart ng Chowking, set meals worth 2,500, ready for ordering na!! Something’s wrong with your system @foodpandaPH!!” claimed a different Twitter user in response to Gatchalian’s post.

Another social media user said that the food delivery service “should have been suspicious” about the large orders.

“After all, a rider can’t deliver this much food. And consecutive orders of these amounts is a red flag already,” he said in response to Gatchalian’s experience.

Foodpanda has yet to respond to Interaksyon’s request for comment on the hacking allegations.

When crimes go digital 

Last October, children’s clothing brand Gingersnaps received a report involving a fraudulent activity allegedly involving one of its cashiers who copied a customer’s card details.

RELATED: Children’s clothing brand probes reports of ‘card scheme’ in store

Bank or financial card information is considered a person’s personal or private information protected by Philippine laws.

The Credit Card Association of the Philippines advised the public to be vigilant about their financial activities and to regularly check their transactions for any unusual purchase.

Cyber security experts last September warned about the potential surge of computer-enabled crimes in light of the lifestyle changes brought upon by the COVID-19 pandemic, where reliance on digital transactions is high.

Palo Alto Networks country manager Oscar Visaya said that the boom of online businesses gives cybercriminals plenty of opportunities to hack and infiltrate systems.

He added that many companies continue to rely on outdated systems and poorly trained personnel who are outgunned by today’s cybercrime syndicates.

They “are lacking in the necessary systems, technology and processes,” Visaya said of the firms.