TANG Kun keeps a tight hand on her purse when walking on the streets, aware that pickpockets and robbers are rife around the New Year holiday.

Unfortunately, the 33-year-old isn’t as careful about safeguarding her money online. She fell prey to a phone scam that skimmed almost 23,000 yuan (US$3,561.6) from her account at China Merchants Bank.

On November 1, Tang received a phone call from a man in Shenzhen who said she had purchased a large amount of tokens through her mobile banking account and he wanted to confirm the transactions.

She said she felt suspicious about the call at first, but then discovered that 27,200 yuan was gone from her savings account. “The caller promised the money would be returned, and he did transfer back 4,200 yuan,” Tang told Shanghai Daily. “But to transfer the rest, he said he needed my verification code because the amount surpassed 10,000 yuan.”

She never saw the money again.

“So many times I was warned not to give the verification code to strangers, but I felt I had to give it under that situation,” she said.

Tracing her stolen money through the police, she found that it had been laundered through a wealth management account bearing her name — an account she never opened — and then it was transferred to a third-party payment company’s account with the verification code.

“I must bear part of the responsibility,” she said. “But I wondered why no flags went up when my savings were transferred into the wealth management account. I wondered if the bank’s security procedures for mobile banking had loopholes.”

By searching on the social network sites such as Weibo and WeChat, Tang discovered at least another 20 people who had fallen prey to the same scam around the country. From available data and information Tang gathered herself, the swindle may involve at least 2.5 million yuan so far this year.

Late last month, China Merchants Bank updated its mobile banking application to new Android and iOS versions, strengthening its security oversight of client wealth management accounts by requiring more certification procedures. And its message to users was stern and unequivocal: Anyone who asks for your code is a fraudster. Never, ever give the code to anyone!

Online swindles have become very sophisticated as crooks ply the pickings of mobile banking. Some 1,000 savers with the Industrial and Commercial Bank (ICBC) faced a similar fraud this June. Their savings were transferred to precious metals accounts under their names, and then the money disappeared.

China’s biggest bank by assets issued warnings about the fraud and offered compensation for commission fees charged on what were illegal money transfers. But bank’s good graces didn’t extend beyond that. There was no compensation offered for the money lost.

A clerk surnamed Wang in her 20s, who is based in the city of Yantai, Shangdong Province, read about the ICBC fraud case and petitioned her bank, China Merchants, to compensate the losses she incurred in a fraud. The bank told her to sue if she wants to seek compensation.

“The bank has no intention of providing possible solutions or taking responsibility.” Wang said. “I guess I could sue, though it takes time and money.”

Shanghai Daily called the headquarters of China Merchants Bank in Shenzhen seeking comment. No official replies have been received. However, a spokeswoman in the Shanghai branch surnamed Chen said the bank had done what they should, including posting anti-fraud articles on their official Wechat account.

“It’s hard for the bank to give extra compensation on individual cases,” she said. “Clients should keep a clear head and cling to the last line of defense themselves. Once they gave out verification code, whatever efforts we make would be in vain. The only thing we can do is to educate and educate.”

Lu Zhaohua, a specialist at WeSecure, a mobile application established by Shenzhen-based technology giant Tencent, said banks are not wholly to blame for such fraud, but further protections should be taken.

“Money transfers between saving accounts and wealth management accounts are like putting something from the left pocket into the right,” he said. “Most of the banks don’t require double verification on their mobile banking systems. It’s common practice.”

Banks’ obligation

Lu dismissed the possibility of information leaks from banks in such cases. The most likely scenario is that victims used similar passwords on other less secure websites and the information was gleaned by hacking, he said.

“Cheaters are likely to seek loopholes in the payment process,” Lu said. “Such fraud is common, and banks do have the obligation of reminding their users to double check.”

About 82 percent of bankcard holders use mobile banking to make payments, and one-eighth of them encountered Internet-related fraud in 2015, according to the annual security report released by China UnionPay Co last week. The occurrence of the incidents is 6 percentage points higher than last year.

Indeed, mobile payment is a burgeoning industry. In 2014, it rose 134 percent from a year earlier to 22.6 trillion yuan.

Banks have had to rethink their digital strategies to fend off competition from third-party payment services like Alibaba Group Holding Ltd’s Alipay and Tencent Holdings Ltd’s Tenpay.

All the operators are keen to provide convenience to customers, and making security systems too complicated compromises ease of use.

In an earlier case involving ICBC, bank spokesman Wang Zhenning told reporters that the bank’s original strategy was to skip double verification in order to ”provide convenient and fast wealth management services.”

But do customers really buy the banks’ claims?

“My wage and other website accounts are linked to China Merchants Bank’s account, so I have to stick with it for a while,” said Bao Zongheng, a Hangzhou resident who was swindled out of 76,400 yuan. “But this case has totally destroyed my trust in banking.”

Tang agreed.

“The case made me realize how vulnerable we are when dealing with personal privacy and security, and even the banks we once trusted are suspects,” she said. “I paid the price to learn a bitter lesson. So should the bank. I would like to see them stand up, face the facts, stop making excuses and deal with the problems.”