Why I wont do Internet banking?

[mercalia]

A shocking story

A profoundly deaf woman who lost £8,371 when fraudsters took over her mobile phone and used it to empty her bank account, says her faith in the banking system – and Metro Bank in particular – has been left in tatters.

https://www.theguardian.com/money/2018/sep/15/fraud-victim-deaf-metro-bank?utm_source=esp&utm_medium=Email&utm_campaign=Guardian+Today+-+Collection&utm_term=285646&subid=7646217&CMP=GT_collection

[Cunobelin]

not sure that it is an internet banking problem, it is simply another case of frail elderly people being fleeced by a particularly low and devious portion of society.

Two incidents that happened to me and my wife.:

Following a fire at her house, my MiL had a age cheque paid into her account to cover expenses. As we had already paid some, she wanted to transfer some of the money to my wife. Almost immediately my MiL was taken aside into an office and asked if everyjthing was alright, and who the woman with her was, was she under any duress.... basically frail old lady transferring a sum of money to someone who was "helping her" to do so had rung an alarm bell, so they were checking. My MiL found it funny and as she left the office, said to my wife in teh middle of the banking hall.... "She thinks you are trying to rob me"!!!!

Good to see that there was a safeguard in place.

T'other was in my local branch and an elderly lady came up and asked me whether if she told me her PIN I could enter it and get some money for her... apparently her daughter had set up the cashpoint, but she couldn't manage the keyboards. I politely declined and took her to one of the tills explaining the position, Staff were again brilliant, they set up a system where she now goes to a till (like she used to) for her money.

The banks do what they can, but quite often it is the fact that the frail and elderly are preyed upon in a way hat circumvents safety checks

[ambodach]

This week we have had a spate of phone calls on landlines from “Clydesdale Bank Security “ warning of suspicious activity on our accounts. Talking to people it appears to have been the elderly who were targeted. I got such a call but recognised the scam immediately. Having electronic access to my account I was able to check that there was no such activity but it appears that quite a few people were taken in by this scam. A friend of mine informed the caller that he was just going down to the bank but could he get a contact number anyway. Certainly came the reply 080030foff.

[kwackers]

The problem there isn't the bank, it's the mobile phone company. You really shouldn't be able to get someones phone number transferred to another mobile so easily.

IMO its never been harder to extract money from a bank account that it is now - even if it's your money!

[PH]

not sure that it is an internet banking problem, it is simply another case of frail elderly people being fleeced by a particularly low and devious portion of society.

That's somewhat ageist, there's nothing in this story that relates to the victim's age. Seems it could just as easily have happened to someone in their twenties, the fraudsters conned the phone supplier into handing over access to confidential information, if there's any liability for the loss I'd have thought it was theirs. The statement from the ombudsman that a blameless victim shouldn't lose out is good, but that doesn't absolve anyone from the responsibility of taking care of their own data, in this case it was a third party that was careless with it.

[[XAP]Bob]

When will banks learn that an SMS is not a ‘second factor’ and my mother’s maiden name isn’t a secret.

(Yes, I know that I don’t need to tell them my actual mothers mainden name - but they don’t alwaysbask in the context of a security question...

[al_yrpal]

Been using Internet Banking since it started in my business and personally and never experienced any problems. Scammers have approached me and my businesses dozens of times, they always fail. Its trusting gullible folk that the scammers focus on. Perhaps the banks should run free anti fraud courses?

Al

[661-Pete]

I use it as a last resort, for recipients who can't or won't take a credit or debit card payment. But only from my desktop computer with its wired internet connection - and using my card reader. Not 100% safe but better than a mobile phone! And of course I'm careful with passwords, PINs etc. More careful than when logging in to this forum, at any rate!

A few weeks ago I had to pay some money to a French business, and this was the easiest option for me (only alternative was a euro cheque in the post - and I had insufficient funds in my euro account). At least the transfer went smoothly - with no side-effects (or so I hope!).

But I'd advise against it if there is an alternative means of payment. Where the option exists, I use Paypal. Cue any number of horror stories about Paypal experiences! I haven't had them - yet!

[Psamathe]

I've recently had to (or really needed to) get another card (pre-paid multi-currency card) which has to be linked to a current account through a debit card and is then operated through a smartphone app - everything I've always refused to do!

But the card was important so I ended-up opening a 2nd bank account in parallel to my existing current account getting a 2nd debit card and linking to new pre-paid card to the new account which is virtually empty. So is fraudsters do get hold of my card & phone & passwords they will get complete access to an account with virtually nothing in it! To top-up the card I first have to call the bank and identify the 1st account (which does not even know the internet exists), they'll verify which country I'm in (and should be in), do the digits <x>, and <y> and <z> from your passcode, etc. and then transfer money to the new account so it can top-up the card.

Only way I could think of to get the new card and protect my main current account.

Ian

[mumbojumbo]

That's somewhat ageist, there's nothing in this story that relates to the victim's age. Seems it could just as easily have happened to someone in their twenties, the fraudsters conned the phone supplier into handing over access to confidential information, if there's any liability for the loss I'd have thought it was theirs. The statement from the ombudsman that a blameless victim shouldn't lose out is good, but that doesn't absolve anyone from the responsibility of taking care of their own data, in this case it was a third party that was careless with it.

I think old people are more vulnerable.Many are unfamiliar with mobile phones.These phones are actually handheld computers.I feel the banks etc.are
quite prepared to accept fraud as a consequence of a more convenient system of bank transfers,in the same way many criminals accept the risk of imprisonment ie an occupational hazard.I also feel the Ombudsman is also compromised-few rulings offer real redress to the consumer.Their bark is stark,their bite us slight.

[kwackers]

I think old people are more vulnerable.Many are unfamiliar with mobile phones.These phones are actually handheld computers.I feel the banks etc.

You'd need an unrealistic world view to think elderly people are at one with technology in the same way someone in their 20's is.
I know some fairly tech savvy pensioners but they're still miles behind a tech savvy yoof.
To make it worse just as they get their head around something new, it's moved on and usually by a lot.

It's a sad fact that as we age it gets harder and harder to override more and more years of ingrained experience.

[PH]

That's somewhat ageist, there's nothing in this story that relates to the victim's age.

I think old people are more vulnerable.Many are unfamiliar with mobile phones.

Think what you like - This case has nothing to do with age, it's there in the story.
BTW - I don't know your age, but maybe you'd savvy up and get the quotes thing right to show who it is you're quoting

[[XAP]Bob]

That's somewhat ageist, there's nothing in this story that relates to the victim's age. Seems it could just as easily have happened to someone in their twenties, the fraudsters conned the phone supplier into handing over access to confidential information, if there's any liability for the loss I'd have thought it was theirs. The statement from the ombudsman that a blameless victim shouldn't lose out is good, but that doesn't absolve anyone from the responsibility of taking care of their own data, in this case it was a third party that was careless with it.

I think old people are more vulnerable.Many are unfamiliar with mobile phones.These phones are actually handheld computers.I feel the banks etc.are
quite prepared to accept fraud as a consequence of a more convenient system of bank transfers,in the same way many criminals accept the risk of imprisonment ie an occupational hazard.I also feel the Ombudsman is also compromised-few rulings offer real redress to the consumer.Their bark is stark,their bite us slight.

This has nothing to do with smartphones.

This is a bank using SMS as a 'wish it was two factor' authentication - despite this exact attack happening to any number of people (including tech savvy people).

This is a mobile phone shop/operator not taking sufficient care of their customer's details and contracts.

Someone walked into a branch of a phone shop and convinced them to issue a new SIM against someone else's account... The phone shop/operator should be paying the appropriate level of compensation (both to the victim personally and to the bank for their time).


My online banking uses a 'real' 2FA token.
- I used to have one that I tapped various numbers into (both a PIN and details of the transaction I was authorising)
- I have one for one bank that uses my debit card as part of the process

The first of those has now been replaced by a digital version on my phone - but that relies on the iPhone Secure Enclave, and can only be associated with one phone at a time, so the attack in the article isn't possible. it's marginal whether it is more or less secure than the physical token, but it is an awful lot easier to find - and people are quite good at looking after physical objects.

[flat tyre]

I don't think that "old fashioned" paper based banking is secure at all. When I lived in USA it was before Internet banking had become the norm so I was using paper cheques to pay bills etc. One Sunday evening I went to the ATM to withdraw spending cash for the week and noticed my account was £2000 less than I thought it should be. Turned out that someone had obtained my account details (probably from one of my cheques), gone into a bank branch with fake ID and persuaded them to cash a cheque drawn on my account.

[mercalia]

I don't think that "old fashioned" paper based banking is secure at all. When I lived in USA it was before Internet banking had become the norm so I was using paper cheques to pay bills etc. One Sunday evening I went to the ATM to withdraw spending cash for the week and noticed my account was £2000 less than I thought it should be. Turned out that someone had obtained my account details (probably from one of my cheques), gone into a bank branch with fake ID and persuaded them to cash a cheque drawn on my account.

of course but its harder. They cant do it at a distance with no risk to them selves? Most banks have cctv so presumably the culprit would be caught on tape commiting the fraud/theft? I wonder if that can happen in the UK? Most people have a bank card with a pin and the cheque would have to be first paid into the account and the card and its pin used to withdraw & not until the cheque had cleared? The USA have been very backward in banking only getting eg chip & pin on credit cards recently? There is some thing very strange about the situation you describe - why wouldnt the person trying to take out the money just use the bank card and pin? Not to do so would raise suspicions, certainly for such an amount? if they had lost the card there are then account details that the person at the counter could ask to confirm identity ( had happened to me ) so the thief would have to have more than just fake id?

on the issue it is oldies who are vulnerable. I think also the youngsters who are naive to the point of stupidity so used to trusting their mobiles and its apps in an unthinking way as second nature, learnt in their teens?