SINGAPORE (The Nation/Asia News Network): When Mahesh Pulandaran visited Bali in May, he did what any tourist would do – make payments with his credit card.

But as the Singaporean financial consultant reviewed his transactions, he became alarmed to see more than S$7,000 paid to a local telecommunications store almost 80km away from where he stayed.

His DBS credit card was in his possession during the six days he spent on the Indonesian island, and he suspected it had been cloned. However, he has no inkling how it might have happened.

“I arrived in Bali on May 4 and spent my whole time in Seminyak, which is in the south of the island. But somehow my credit card had been used to make a purchase at a store all the way up north the next day,” the 50-year-old told The Straits Times.

He noticed the suspicious payment only on May 8 while attempting to transfer money to a friend in Singapore through PayNow. His immediate instinct was to alert that friend, who then called DBS Bank on his behalf. The bank subsequently contacted Mahesh and froze the card later in the day.

Mahesh added: “I also filed a report with the local police there that very day. They told me that part of Bali wasn’t exactly a tourist spot.”

The payment had been made to a store named Ei-Go Cell, located in the Karangasem region of Bali. It does not have a website, and its Facebook page has very few likes.

After he returned to Singapore on May 9, he disputed the charge and filed a police report here.

A representative from the bank then contacted him on May 21 via e-mail, notifying him that he would be reimbursed the $7,126.52 in temporary credit.

“No further action” was required on his part, said the bank. However, if he received a refund from the store, or if the transaction was found to be legitimate, then the credit would be reversed.

But as weeks passed, he still did not receive anything.

In an e-mail dated June 16 and seen by ST, a DBS Bank representative told him the disputed charge was a card present transaction, or one made in person, and thus the bank had no recourse.

He said: “Why on earth would anyone go all the way to the north of Bali to buy $7,000 worth of telco products? The Balinese police themselves checked and said it didn’t sound logical to them.

“I was in Seminyak the whole time, but somehow it’s on me to prove that I didn’t make the purchase, just to get my money back.”

There are generally two ways criminals can clone a credit card.

According to Unit21, a start-up that helps businesses monitor fraudulent activities, cards can be cloned through skimmers, which can be attached to hardware including automated teller machines (ATMs) and point of sale terminals.

Criminals tend to attach skimmers on the card reader of an ATM, looking very similar to the original. However, they can come loose, and it is recommended to shake on them prior to inserting a card.

Meanwhile, those attached to terminals can steal a card’s details as soon as the card is swiped through it. These can be harder to detect.

ST has contacted DBS Bank for more information.