SINGAPORE: A woman who held jobs at a supermarket and a halfway house took down credit card information of customers at NTUC FairPrice, created an EZ-Link mobile account with details from a halfway house resident and combined the two to make S$41,330 worth of unauthorised EZ-Link top-ups.
For a list of computer crimes, Kas Qiu Caiying was sentenced on Tuesday (Jul 21) to eight months' jail.
The 30-year-old woman, who was a former prison officer, pleaded guilty to 11 charges under the Computer Misuse Act, with another 24 charges taken into consideration.
The court heard that Qiu worked as a cashier at NTUC FairPrice at Block 570B Woodlands Avenue 1 from January 2018 to August 2018.
In July 2018, she began taking down credit and debit card details of customers who handed her cards for payment.
She wrote down card details such as expiry dates and CVV numbers on an NTUC plastic bag, transferring them to a notebook after work.
While still working as a cashier, Qiu took up another job from April 2018 as an operations executive at Selarang Halfway House, which provides support for ex-convicts.
In August 2018, she retrieved the NRIC number and name of a resident at the halfway house using a computer terminal, and used these details to create an EZ-Link mobile application user account under the halfway house's name.
In the next four months until December 2018, Qiu used the details from 34 credit and debit cards she had copied from her cashiering job to make 1,011 EZ-Link top-up transactions worth S$41,220.
She keyed in the credit and debit card details into the EZ-Link account and made various top-up transactions with amounts ranging from S$10 to S$100 to various EZ-Link cards she had.
In total, she made 1,011 such top-up transactions to more than 500 EZ-Link cards without the authorisation of any of the credit card holders.
She then took the topped-up EZ-Link cards to various MRT stations to get cash refunds. Once she got the cash, she disposed of the EZ-Link cards and deposited the money into her bank account.
OCBC Bank caught wind of the crime after receiving multiple reports from the cardholders on unauthorised transactions made to EZ-Link applications, and filed a police report.
Qiu was arrested and made partial restitution of about S$9,100, and consented for the remaining balance of about S$30,500 in her bank account to be used for restitution.
SIGNIFICANT LEVEL OF PLANNING: PROSECUTOR
Deputy Public Prosecutor Ben Mathias Tan asked for eight months' jail, noting the "significant level of premeditation and planning" in the case.
Qiu "meticulously noted down the credit card details of unsuspecting NTUC customers onto a plastic bag", disposed of the plastic bag when she had transferred the information to a notebook, and obtained the details of the halfway house resident to create the EZ-Link user account.
Lawyers Josephus Tan and Cory Wong of Invictus Law asked instead for not more than five to six months' jail, saying that a large part of the money has been recovered.
Qiu worked as a prison officer for four years, struggling in the job and taking up several others before going to the halfway house as an operations executive.
She envied the "financial freedom" of her colleagues, many of whom were retired prison officers hired for their experience in rehabilitation.
She "felt that it was 'unfair' that she was getting by only with her salary although she did her best", said Mr Tan.
Qiu told a psychiatrist that she expressed "regret over her behaviour" when arrested, and said it was out of character and that she had acted "stupidly".
"She also felt depressed when she thought of the consequences to these alleged offences given that she was previously working as a prisons officer," said the psychiatric report tendered by the defence.
For each count of unauthorised access to computer material, Qiu could have been jailed for up to two years, fined up to S$5,000, or both.
In response to CNA's queries, EZ-Link said it has implemented "robust measures to deter fraudulent activity" of its cards, adding that the company has conducted an internal review and found no breach in the EZ-Link system.
"Nonetheless, we have implemented additional security measures to minimise the risk of misuse with stolen card details.
"We also urge the public to remain vigilant against credit card theft, and will continue to do our utmost to identify and report such incidents to the police," the company said.
NTUC FairPrice said in response to CNA's queries that this was "an isolated incident".
"The person in question has not been in our employment since 2018," said a FairPrice spokesperson. "FairPrice does not condone any acts of dishonesty and staff are expected to uphold high standards of professionalism and integrity."
"NTUC FairPrice adheres to strict PDPA guidelines and assures customers that a stringent set of processes and measures is in place to ensure that all customers’ data are secured and protected," added the spokesperson.