/ Money

How safe is online banking?

online piggy bank

In this world of ever-more sophisticated scams, it’s increasingly hard to know who to trust. How good is your online banking security?

If someone calls saying they’re from the police or the fraud division of your bank, what would they have to do to win your trust? If they knew, for example, the last five transactions on your account, would you believe they were genuine?

For most of us, the answer would be yes. And that’s why, in the ongoing battle against the scammers, it’s vital to keep your sensitive financial information secure so they can’t use it against you.

Online banking security

However, when we tested the online bank accounts of 11 volunteers, we found too many banks prioritising ease of log in over online banking security.

Several of them allowed our volunteers to access a light version of their account using only a few pieces of information that could potentially be guessed by fraudsters.

Once in, those criminals wouldn’t be able to move money directly without scaling another level of security, but they would have access to all sorts of personal information.

Our campaign on scams

Online fraud continues to rise at a staggering rate, as every new set of crime stats attest. In response, this spring Which? launched its Safeguard us from Scams campaign to encourage government and industry to do more to keep us all safe online.

Last month, we also submitted a super-complaint to the financial services regulator, calling for greater protection for consumers against bank transfer fraud.

This type of fraud has seen criminals trick victims into voluntarily transferring large sums, sometimes hundreds of thousands of pounds, with no legal right to reimbursement from their bank.

We think banks should do more to identify these high-risk transfers and protect customers.

We’ll keep fighting your corner, and while we do we’d like to hear from you. Have you ever been approached by would-be scammers armed with privileged information about you? Do you think your own bank is doing enough to keep your money safe?

Comments
Member

Golden rules: never, ever divulge your access ID to anyone, even if they sound incredibly genuine. Always visit the bank itself if there’s any sort of major problem, never use an online banking model that doesn’t provide some sort of isolated security – i.e. a discrete key pad and never, ever, under any circumstance follow a link in an email.

Member

On the transfer scam, by applying the above rules that would fail every time.

There’s a greater dimension to all this: society won’t function if we don’t trust one another, at least to some extent. It’s that inherent desire to trust, however, that offers criminals the easiest target. I don’t want to live in a world where we trust absolutely no one so what needs to change is the Bank systems. A good bank can pick up failed security checks for desirable items in seconds – literally. It happened to me a couple of days ago. The fault was with the Web site I was using (Canon UK) but it appeared as though the system was rejecting me for some reason. If the same system were applied to unexpectedly large transfers of money then this could be nipped in the bud.

Member
Peter Young says:
22 October 2016

I hardly use online banking though I am registered for it. I don’t use apps nor do I have the computer on all the time so it is often quicker and easier to settle a bill by cheque. The kind of security device that you to insert your debit card in I find easy to use. Another bank has given me a little key pad which I have only once managed to use successfully. Probably I forgot due to vey few movements on that account. So now I manage it by putting my card in the in branch machine.

Member

I have little or no trust due to real life experience , as well as day to day emails from tech security companies , information security services , hacking security services and so on . So to me real life is watching your back–always ! The FBI has a long list of methods of hacking online banking accounts but maybe I shouldnt go into details as it might give some ideas , even years ago digital hacking of passwords went at speed of 1 BILLION a SECOND , and the old- I lost my password , which doesnt directly let you in but if the hacker already has your personal details due to trojans then you are “easy meat ” . This is 2016 the hackers are so good that they are now employed by US/UK “government services ” – who advertise for them . People have no conception of the digital ability of many criminals . I dont do online banking , the same as Surgical Ophthalmologists dont use Lasec eye correction but wear glasses. The deviousness has now reached epidemic proportions . I am looking at a US security company giving advice to the US banking system and its “hair raising ” .MY philosophy is- dont keep the public in the dark -state the facts. I have a long list of files on security deception practices . years ago in 2004 2 Million Americans suffered banking fraud at an average of £1400 /fraud . Dont think -oh ! this is 2016- better protection -nope – the hackers are MUCH better too.

Member

On a positive front, I have never had a problem with my online banking, debit or credit cards. They are extremely convenient and the likelihood of reimbursement if i have a problem keeps my confidence. I am particularly careful with online transfers to triple check that I have the correct account details and, where significant funds are involved, transfer £1 as a test before moving the whole amount.

I do hope I don’t live to regret injecting this optimistic post.

One of my daughter’s is the only family member to have had funds withdrawn fraudulently. This was from fraudulent ebay transactions using her debit card details. The bank acted promptly and sympathetically to investigate the losses and made them good very quickly.

Member

I was about to write something along exactly the same lines as your first paragraph, Malcolm. One should not be complacent but over-worrying isn’t much help either. As Duncan perceives, it is probably best not to reveal the methods used by criminals outside the security protection business which seems to be abreast of it if not quite on top of it.

Member

I have absolutely no doubt that a hacker could get inside my computer at any time he/she wished and while they could do some damage financially, I wouldn’t be “cleaned out.” I have a fool-proof system in place: If it’s not there it can’t be hacked.

Member

That last sentence Vynor , thats exactly what many US security services recommend .

Member
Vynor Hill says:
20 October 2016

Ps. When installing my security software on my new computer there was perhaps half a minute when it was not working. In that time I received a pop up to tell me that my credit card details were out of date and I should click and renew them. Not only did this provoke a full computer scan but it also elicited a few expletives.

Member

So where’s my logo gone, has it been hacked?

Member

I have not knowingly suffered from losses but I am not complacent and the amount of fraud indicates a need for action. I was an early user of home computers but late in the game with online banking. What made me start was fairer terms and conditions and a friend with the same bank as me received a prompt refund when money was taken from his account. I put security ahead of convenience and have no intention of using mobile apps for banking in the near future.

I have seen too many examples of elderly people being cheated by rogues. I try to avoid watching people at ATMs and supermarket tills but I have seen people produce bits of paper with four digit PINs or look up their PIN in a diary. I would not be surprised if some people have notes showing their login details for online banking, though it’s not something I have looked for.

Member

Apropos bank security I just had the early email advertising the front page article in this month’s mag on Bank security offering a free peek (see it now).

There’s only one problem. Clicking on the article evokes a splash screen which offers the options “I’d like to subscribe”, Update”, and “Log out”. Now, you’d think that if the screen offers the option to “Log out” then it stands to reason that it must think you’re already logged in. Oh, no. Instead, clicking on the article icon takes you back to this splash screen . Now, I don’t want to subscribe. I am a subscriber and have been one for more years than I wish to remember . If I click on ‘Update’ it takes me to a screen inviting me to complete an online subscription trial. Why? I’m already a subscriber, which you’d think it would know, having offered me the option to log out.

This isn’t the first time this has happened, either. Combined with the irritating rigmarole required to get into the Members’ forum it does seem to me that the web designers need to get on top of things. Needless to say I’ll,await the magazine to see the article for which I was offered a ‘free peek’. But I doubt this plays well with the prospective subscriber.
.

Member

Ian many websites take you details as soon as you visit them and know who you are without logging in , various methods are used to detect you and now not all are cookies but even more sophisticated methods . Before I got 6 or so security plug- ins websites were even emailing me with advertising junk just by arriving at their websites , many hacking websites use the same methods and send down a virus -click on this for more info , there are even good cloned websites.

Member

Of course, and increasingly drive-by payloads being dropped. But this is about Which’s site and its inability to operate properly. There’s quite a few legacy pages on the Which. co uk site which I suspect have never been properly dealt with.

Member

I thought it was about banking security Ian , I know all about Which and WordPress of whom I have high regard because it allows a lot of radical-freethinking websites to flourish worldwide . I have even disabled a tracker blocking device for WordPress and Which .

Member

It’s allied to web site security in general, Duncan. Here we have the CA leading the charge for better security and yet their own site design is clearly flawed. This has nothing to do with Conversations: it’s to do with whichever segment of Which? the email was linking.

Member

I noticed this e-mail from Which? offered a “sneak peek”! Surely something so well-organised and sent to subscribers directly can hardly be described as a “sneak peek”. A “sneak” peek or preview relates to something that the owners didn’t intend you to see and try to keep concealed but you have discovered behind the security screen or by looking under the blanket. At least Which? get the spelling right unlike some media [yes, BBC – I mean you] and some even manage to offer a “sneek peak”.

Member
Withay says:
20 October 2016

Why was the Clydesdale Bank / Yorkshire not included?

Member

This is a good article
motherboard.vice.com/read/fake-gmail-alerts-phishing

As to banking on-line I think it is highly dangerous and people , like great schools of fish, are surviving as they have not yet been hacked. And some people will always make better targets as they provide through social media huge amounts of detail.

My wife has an on-line account and we have an off-line account which pleases her and accommodates my views on computer [in]security. If people were made more aware of the continuous stream of hacks going on every minute and the new infiltrators of Android phones they would perhaps realise that it is essentially an insecure environment.

I noticed in recent postings that people seem unacquainted with the Bank Draft which my Bank , Clydesdale, issue free to me up to £100,000 per draft. This is what used to be used for completions and has the enormous virtue that the name of the payee is written on them and has to banked in an account of that name.

Not as convenient as electronic funds transfer {EFT} but much safer. Why has not Which? mentioned them?

P.S. log in should surely be log-in as the ” – ” is the accepted way to indicate where “in” relates to ” log”. However if Which? has a policy of dispensing with “-” and using portmanteau word like ” online” then ” login” would be logical. As would email , though I must admit I always thought epistle was so more apt.

I have no problem with the dropping of “-” for words relating to computing.

Member

I cannot write words like “on-line” and “log-in” without their hyphens, but then I have always liked hyphens and use them where other people don’t. American usage includes many more hyphens than we are used to in the UK. I like “e-pistle” instead of “e-mail” and wish that had had become the standard term. It has a certain je ne sais quoi about it.

Member

I used to write ‘e-mail’ but when compiling documents with a colleague, he suggested that we should move with the times and use ’email’. Online too. Essentially they are acceptable alternatives. What is inexcusable is to use more than one in any document.

Member

Like John I like hyphens , to me they give more emphasis to a sentence , maybe not all the time grammatically correct but its probably just habit.

Member

The Money Advice Service says:

“Using banker’s drafts and cheques safely

Be careful when accepting a banker’s draft. Especially for larger sums, due to the number of instances of fake drafts being presented. For example, for the payment of cars.
Banker’s drafts aren’t guaranteed against fraud. If you lose one or it’s stolen, someone else could use it fraudulently. Take extra care”

Bankers drafts are prepaid.
Buying a car privately is a typical case of how best to protect buyer and seller. The seller wants guaranteed funds before handing over the keys. The buyer wants to know they’ll get the vehicle as soon as money is exchanged. Because of fraud some buyers won’t accept bankers drafts. One way is cash, but travelling around with thousands of pounds in your pocket is nerve wracking, and many want to deposit it in a bank to ensure it is real money. When son no. 1 went on the train to collect a car, we transferred money into an account I happened to have with the same bank that the vendor used. The money was transferred to the vendor’s bank account whilst my son was with him, and the funds were seen to arrive online. Not perfect but somewhere trust is involved.

Member

Common accepted usage seems to be “online” without the hyphen, and “login” for a noun or adjective but the action is to “log in”.

I do like to see us stand up for the English language that with all its quirks has stood over many years and developed with the times. I see it has been suggested (by Johnny foreigner) that the EU Brexit negotiations should take place in French. Sacre bleu! I do hope we Brits all stay on-message and on-side.

Member

First Direct issue customers with a fiddly little keypad for online banking that doesn’t like finger nails and times out far too quickly. It is much quicker to pick up the phone and talk to someone. At least it has been, they have now introduced a voice recognition system that I have yet to take part in.

Member

From your description, it sounds to me as though the Barclays bank “pin sentry” is a superior device then. They cetainly don’t time out too quicky and they cope well enough with my ham-fisted fingers.

Member
Zarina says:
19 November 2016

TSB Bank is rubbish when dealing with issues of fraud. I placed an order for some items online but my card didn’t go through and they cancelled the order. I re-ordered and paid with a different card. Sounds great problem solved, well no! The company delivered the order I paid for and also sent me the cancelled order too, they took payment for this from the TSB Card. I contacted the retailer and asked them to organise and pay for the return of these items, but they ignored my request. I ended up with an extra set of items I didn’t need or want. I cancelled my card and requested that the bank step in. Firstly the bank was very slow in refunding the money. This retailer then sent me more items and took money again from my card despite it being cancelled, the bank made the payment. As the retailer was non EU I only had my bank to help me but despite me showing proof to the bank that I was not at fault, they sided with the retailer and made full payment to them. I’ve always stated that the company can have their items back but they must either pay or organise the return . TSB lost my trust and treated me like a criminal, shame on you!

Member

Very interesting from my perspective Zarina and a reason I dont do Internet banking nor Internet monetary transactions . It brings up a point that is relevant to situations like this that in my dealing with a UK company yesterday I had to return the goods as they were the wrong items supplied , I asked -will I be refunded -answer yes -when we receive the returned goods-okay so far- I said – I will need the right order delivered – okay Mr .Lucas we will need payment for that –I said –but you have my money – they said- you will have to pay AGAIN – I said –*&%”%+ -translation- not in this time/space/world/universe -they said – then you will have to RE-order – I said fine – moral- use the telephone to buy goods that are sold in the UK . I have now found another company that offers better terms in this country ( Home Counties ) including not using Hermes , I will phone them on Monday. I now expect criticism from “Globalists “

Member

This might appear at odds with my previous mutterings about Which?’s odd site behaviours, but it might provide some food for thought .

The internet has acquired something of a bad press overall, given its ubiquity means it’s become the easiest conduit for the ne’er do well. I suspect it achieves at least as much good as it does bad.

The cloud’s also interesting. It’s become slightly mytholigised in an almost magical way, and I suspect it may be very much the same way that the first banks were regarded by those who traditionally secreted their wealth beneath the medieval equivalent of the mattress. Is it 100% secure? Of course not, but it’s at least as secure as snail mail and possibly more so.

The internet and computing represent fundamental cultural and societal shifts on an unprecedented scale (although the Black Death was possibly almost as significant). But there’s no doubt that they’ve changed the world beyond what any time traveller from, say – the late 19th C would recognise. And whenever a shift even approaching that magnitude has occurred throughout human history those would take advantage of their fellows have appeared and manipulated those changes to their own benefit.

So I suspect we may be inclined to take a disproportionately wary view of the entire thing. One irony of the entire change has been that we hear far more rapidly and effectively about those who have become victims to the unscrupulous, so that in a sense the internet has become the very embodiment of the fears many harbour when, in fact, it’s possibly no more dangerous than crossing the road. And quite possibly less so.

In specific regard to iCloud, Apple routinely employs end-to-end encryption on the entire system (I have no idea what others do) and the most important passwords and user names I don’t commit to the cloud, preferring instead to keep them on individual computers in an encrypted form. So I suspect iCloud is as secure as we need it to be for the less vital stuff and Apple’s own disc image encryption system has weathered governmental attempts to decrypt it, so I’m happy with that.

So yes; a healthy suspicion about internet and cloud associated functions is probably a good idea – at least as good as the normal caution you employ when entering your pin in a public space or withdrawing cash from an ATM. But overall I suspect we’re safer these days than at most times in human history.

Member

Ian-If your saying its as safe as letter delivery I dont agree .To intercept a letter requires (or did ) a court order and you could usually tell if somebody steamed open your letter . I was totally ignored when I mentioned “Safe Harbour ” where ALL your data goes to US servers where they are open to US Law instead of EU law . This makes it easy to trace every EU citizen in every Internet action they do as well as the fact that (m much as some may dislike me saying this ) we are Foreigners as regards US Law which gives us much lesser rights than US citizens. Now it will get even worse there is a EU proposal-aka- US proposal (BB) who run the US under Article 13 of the directive requires a platform for user-generated content to DIVERT some of their revenue to copyright holders .I wont go into the long legal document but it boils down to -ALL your uploaded data will be scanned and blocked if they want to this isnt just music+video as under this article there is NO limit as to what is scanned -the Internet will turn into a permissions platform and make it even easier for the NSA /FBI etc to check out each EU citizens data as well as BB doing the same , and we all know what BB will do with your data .This will in a way rescind Article 14 which should protect us. If you think BB is right ,well thats up to you but this Internet is not getting safer quite the opposite and to lull people into a false sense of security just because thats what the business community want is not my idea of protecting the public . Every one of you that look at, post on Which see for themselves the incessant , never ending scams going on , I have tried to warn you over a long time but I am only one person but what I definitely am ,is on the side of the “little man ” – the general public who post here on Which and I would be failing in my duty if I did not warn the public . The Web is no “rosy ” place , its a den of thieves ,either trying to steal your data or money one way ior another or hitting you with constant advertising till it drives you mad , through yours letter box , by email , etc which many of you complain about . Okay then why doesnt Which do an OPEN survey and ask the question -do you think the Internet is safe ? no propaganda from either side just a straight forward survey and I will listen to the result.

Member

It’s a lot safer than the postman; most of the time the mail gets delivered to the right address. Not so with the post. But I didn’t say the internet was getting safer. It’s simply society working electronically, and in society you have both bad and good and a lot in between. I was arguing that we become too hysterical over the bad bits. I’d be more impressed if people were as exercised over road traffic deaths and injuries. Sadly, they’re accepted as part of modern living.

Member

I think Ian in his well-rounded post has put a valid case for the scaring side of the Web . I am a great fan of the likes of Wikipedia and all the sites that bring good things, and even reputable sites that report on the bad side.

However he has made a distinction that ” But overall I suspect we’re safer these days than at most times in human history.” I think he is too sanguine as what is under-estimated is the multiplying effects that technology supplies the villains with. Of course if you are banking or carrying out electronic transactions you are moving into the arena where these multiplier effects are evident.

Same number of villains give them the means to trawl for 1000 times more victims per day ……

Despite any assurances to the contrary if you understand that the security services and some black hats can crack any computer remotely you are far far nearer the truth than believing you are safe from any hacking.
As I have said with so many millions of targets going for the big fish is currently the most lucrative method of operation – and long may it be so for our sakes.

I dislike being a wet blanket in the wonderful world of technology but Banks are not going for electronic cards etc etc other than for reasons of profit. Worrying over security always comes after the product has been released – and in the intervening time they will hopefully, for them, closed more branches, and destroyed the cheque system so we will have minimal alternatives to their re-fashioned cheaper operation.

And as of yesterday:
zdnet.com/article/this-ransomware-is-now-one-of-the-three-most-common-malware-threats/
zdnet.com/article/india-experiences-catastrophic-cyberattack-with-theft-of-3-2-million-debit-cards-account-details/

Member

The reason I said I believe we’re safer now is simply because we are. When was the last time you were robbed on the highway? Got an infection that killed you (probably never, true…)? Were thrown out of your home by the Laird? Were tortured for your beliefs? Were examined as a witch? Were sent to a workhouse?

Yes, there are issues on the internet and the combination of its ubiquity and people who somehow believe everything they read on the internet has proved troublesome. But I seriously doubt many have died through it; normally, it’s only financial deprivation that occurs and, providing you haven’t been unbelievably daft, the banks will normally reimburse you.

Member

Using the internet requires a mix of common sense, knowledge, learning just as with other things in life. On the whole I also believe it is relatively safe – but that is only from my own experience where I have never had a problem.

Perhaps we should be taught how to use the Internet safely while at school – it is one of the life skills need, like basic arithmetic.

Member

Teaching school kids about internet safety is useful but in the same way that mobile phones are forever changing, so do the security risks. You have to keep ahead of the game. Like you, I have not knowingly had a problem, but past performance is not an indicator of future performance.

I believe that the any financial organisation that is still sending out emails with links and phone numbers is compromising the safety of its customers or potential customers. The problem has been known for years and the solution is simple. The customer should instead follow common advice look up the phone number or email address (taking care to avoid rogue websites) and contact their bank etc. It really is that simple, and that precaution will not go out of date.

Member

I’ve been rung a couple of times by my bank and made them jump thru hoops each time and I was so of expecting a call too. I did get a call from a cc company, but I refused to talk to them, so I rang them back, and yes my cc had been used for fraud. Turns out the local petrol station was at fault.

On the whole internet banking should be safe unless you insist on having it on your phone, tablet etc which are easily misplaced. Or you have it on a non secure PC which you use for everything and his dog. So I use a 2nd PC for online banking/shopping and nothing else.

Member
Susan Batey says:
21 October 2016

The bank I use (an online bank that has received a lot of awards over the years) has recently upgraded it’s system and while it was frustrating initially to deal with the extra security details required and also being entered, I am pleased to say there is no stinting; if the slightest entry isn’t done clearly, which means more slowly so as not to slur keys, you cannot get entry. I am pleased to say that this makes me feel more secure, so well done ‘my’ bank.

Member

Lots of discussion about web safety, common sense usage and bank security measures here. All well and good, but going back to basics, the internet has spawned a new generation of crooks who can operate without getting caught. They may be state sponsored, criminal organisations or just individual chancers, but until I read about the successful prosecution of some of these people I know who is actually winning out there. I suppose we just have to get on with our on-line business and dodge these fraudsters as best we can.

Member

Well said Vynor !

Member
Norman Heslip says:
22 October 2016

The amount of interest the banks and credit-Card companies are charging, is very exorbitant, I would like it if you can force the banks and Credit-Card companies to reduce their interest rates down to a mere 2% instead of charging customer’s 39.9% each and every month thank you.

Member

Norman, best way to use a credit card is to pay it off in full each month; you then pay no interest. Otherwise, if you need to borrow money, a personal loan from the bank will be a lot cheaper. The problem is if a system deals with people who are not credit-worthy – likely to default – a higher interest rate reflects the risk. Lower risk people pay significantly less than 39.9% – typically 18.9% – but still a silly price to pay when my bank offers a personal loan for 4.9%

Member
Patrick J. Ellis says:
22 October 2016

There is no need for any of this palaver… Just change to First Direct Bank who are open 24hrs a day 7 days a week. Including Christmas! You get through to a REAL person IMMEDIATELY , who will ask you for your Post Code followed by some prearranged personal information etc.
I am 86 years old, and I have been delighted with the way in which they have dealt with any problems which have arisen ….

Member
Patrick Ellis says:
22 October 2016

already posted.. See ABOVE !!!

Member

I totally agree with your comments on First Direct Patrick. They have to be one of the best call centres I have ever dealt with. I joined them in October 1989, the month they started, and they are still as professional, helpful and available when you want them as they ever were.

Have you taken part in their voice recognition security yet?

Member

I am a great admirer of First Direct myself. Worth bearing in mind the monthly income to be a member.

As to voice recognition systems – surely the architecture they use to be able to match a voice is something that can be reversed engineered so recordings of speech can be cut and changed? I am not suggesting it is easy by any means just that within its smartness there is the glimmer of an attack vector.

There is, if you like, the interesting spectre that having given voice prints, thumb prints, photos, financial information, etcetc one has to trust that one’s government is always benign. Perhaps accidentally people might be exiled into limbo when their online ID is accidentally or maliciously hacked or even lost.

Member

Patrick T, I’m not sure exactly without looking it up, but if you have other First Direct products like their credit card, or could be a savings account or ISA (it might have to be 2 products) the minimum monthly income is waived.

Member

“Top techies at British banks are being encouraged to share information about cyberattacks following revelations that the financial sector is under-reporting breaches to regulators. According to the UK’s Financial Conduct Authority, only five attacks were reported in 2014, a figure that has soared to 75 so far this year. But …”

theregister.co.uk/2016/10/18/uk_banks_under_reporting_breaches/

Am I surprised that UK banks are not fully reporting breaches? The article published on the 18th October. Worth reading the comments.

Member

The banks should be placed under a legal obligation to report all forms of external interference with their systems.

Member

I agree. Like other commercial organisations they are exempted from Freedom of Information requests. At the very least, companies should be required to provide prompt information to appropriate authorities. Likewise Whirlpool and the VW Group should provide all relevant information needed for a full investigation.

Member
Mr Peter Daykin says:
29 October 2016

Hello my friend my HSBC got me in deep derbt because I have keep taking money out when I had no money so I had big problems paying my house bills and I suffer with learning disabilities got not helpful so bully me more my friend so wants to a new bank and they a more helpful and more careing from my 20 year + and that angry me more they now I him very disabled man my God bless

Member

Peter, it sounds as though you need help , are you getting it ? Nowadays,s its like -dog eat dog there is little sympathy left in this world . Have you contacted Social Services for help ? Have a look at – citizensadvice.org.uk/benefits/help-if-on-a-low-income-the-social-fund-and-other–welfare-schemes/–and God bless YOU !

Member

I have thought for 40 years now that bankers are inherently dishonest people, they must be regulated more vigorously.

Member
joyce says:
29 October 2016

I like my bank

Member
Rather not say as this is personal says:
29 October 2016

I have a reasonably positive experience of banking – but my daughter – who has mental health difficulties which affected her ability to deal with money was put into spiralling debt due to a) a lack of duty of care b) unfair bank charges. She still has these debts.

Member
Paul B says:
29 October 2016

The one-time passcode does not work for everyone.
My bank has tried sending me texts for this, but mobile reception is so poor where I live that either the text takes so long to arrive that the connection to the bank is timed out or I have to move so far away from the house that by the time I return the connection has timed out again!

Member
Mike Wild says:
30 October 2016

My local branch of Lloyds has just closed. I didn’t need to use it much but whenever I did it was always busy with localtraders.

Member
Raymond says:
30 October 2016

I bank with the Nat West and find the front line staff really helpful and customer care focused. It is the higher management of the bank I feel are not competitive enough with their core products. Although banks like Nat West and the other main institutions are predominant, I always feel they are complacent. They do not appear to be concerend about creating innovative and effectively competitive products and you are obliged to look elsewhere. I think they rely on customers staying loyal and not wanting to be bothered with changing banks.

Member

I had a Barclaycard Visa credit card payment declined today.

I made an online purchase with it this morning, then later completing a purchase by phone, payment was declined twice. I managed to complete the purchase with another very lightly used Barclaycard Visa credit card.

Puzzled, I logged onto Barclaycard worried that my card had been used without my knowledge, but it looked fine, the balance was low with thousands of credit left.

So I phone Barclaycard and spoke to their call centre in India. I had been selected for a fraud check for my convenience. WT*?!?!? I was told there was nothing to worry about and my card would be working again soon. They even gave me a phone number to get straight through to their fraud department in India if it happened again.

Sorry Barclaycard, but it was very inconvenient and embarrassing to have a payment declined. They had sent 2 texts to my mobile, but I hadn’t noticed them.

The first one said ‘This is Barclaycard, we’re doing a Fraud check on your card. Further texts from us will be from 07537….. DECLD after a transaction means it was declined.

The second said ‘Reply ‘Y’ if ALL are yours or N if ANY are not. Then it gave 3 transactions.

I had to stop the call centre from paying my declined payments. They had a bit of trouble understanding I had already paid it with another card and it didn’t need paying twice more.

Member

Something similar happened to me when I was in Iceland without our eldest and my wife was at home with the youngest. The bank stopped the card without wanting. When I returned home, they explained that they noticed the card ‘ being used abroad’ and had no response to their texts, so stopped it. I had to point out that not only had I told them in advance of the planned trip and made special mention of the fact that the shared card would be used both abroad and at home during that period, but I didn’t have a molbile, so the texts were never seen.

Needess to say, they compensated me but that should never have happened.

Member

I don’t like the way the world now assumes that we are constantly on our phones checking for messages. I don’t give my mobile number to any commercial organisation unless there is an exceptional need for it. If a company does send a text warning of an intentional service withdrawal they should at least not execute it until confirmation has been received. Who came up with the notion that the default mode is “Go ahead regardless”? If I were in your shoes Alfa, I would put Barclaycard in the bin.

Member
Peter Young says:
1 November 2016

It happened to me yesterday too. Except my lightly used card was declined as well. I am deeply suspicious of their logic. Apparently there is a lot of fraud involving gift cards – I was trying to purchase one.

We are constantly reminded to reject emails, calls and texts from fraudsters pretending to be banks. Yet one of the banks was phoning me all day. Had I the inclination and the technology, I could easily have recorded their messages and set up a series of fake phone calls to unwitting victims. A simple text or recorded message to visit my local branch or check their website for a number and call from another phone would however make sense.

Banks need to operate a big sense check on their actions and change their processes.

Member

Its the IoT -the new “American vision ” of all things interconnected on the web , as always its a money saving exercise for BB. It isnt going to go away but will get it rammed down your throat as the “way to go ” for the modern citizen, not part of it –outcast ! Just the same as -no mobile -outcast !

Member

The only time I’ve had my card transaction queried by my credit card company was by a phone call to my mobile, which is much more likely to get my attention than a message. I appreciated the interest.

Many seem to assume that our only form of communication is by mobile, and that we all have smart phones implanted on our ear. Several companies contact you when they are firming up a time for a delivery, service or something. Despite giving them a landline number they seem only capable of leaving messages on my mobile, which I regret is not always about my person. My landline is capable of taking text messages – converted into robospeak.

Member

The Internet of Things has been publicised in the UK – Voltimum for example – for several years now. Because many like novelty, and have to keep up with the “latest technology”, it is inevitably going to be part of our lives. Apparently passwords are factory set on such devices and difficult to change, but it is possible and users are advised to do so. Who will? My guess is a very very small minority. But should I worry if there is a cyber attack on my fridge? More worrying is how industry and government will deal with it. We are now spending money – a couple of billion – on cyber defence and offence. I hope this goes to our universities where decent brains reside and not to multinational consultancies who seem to exist only to borrow your watch and then charge you when you want to know the time – and probably get it wrong.

Member

While I agree generally with you malcolm its the use hackers put them too , as DDoS attacks and ,in the US and now here ( I posted a website showing Miria attacks ) there have been 1000,s of pictures of homes with internal safety cameras/external + baby watchers posted on the web and criminals watching families depart and then braking into houses and if the electrical use falls during a working day that tells them the house is empty . This is big in the US , many prosecutions , but here our “services ” are only concerned with Russia/China/ Iran , consumers are not even on the horizon, could they do it like the US ? of coarse they could but they have “bigger fish to fry ” . That last sentence is brilliant , spot on with the situation.

Member

Thanks duncan. One of the products cited where user password protection should be used to overwrite the factory one was internet-connected cameras. I agree this type of device is vulnerable.

Member

In the past, we have had credit cards stopped when abroad because of unusual activity. So we started informing them before travelling only to be told there was no need to. We can’t win !!!

I also don’t like the assumption we are always on our mobile phones. Scammers use mobile phones too.

Recently on TV (might have been Rip-Off Britain) showed how scammers got information from you bit by bit to build up enough information to log onto your account and change all your details including your phone number. So had the text gone to a scammer, I would have been none the wiser.

The phone call to the Indian call centre was slightly bizarre, and had I not been the one to instigate it, getting the number from Barclaycard’s website when I was logged in, it occurred to me they sounded more like scammers than a professional financial outfit.

Member

According to the sentiments in a parallel Conversation, banks are not Big Business – they are tinpot pipsqueak outfits run by crooks and dimwits with about as much savvy as a brainwashed sloth. Maybe it’s about time we stopped regarding them as clever, capable organisations deserving of the accolade ‘Big Business’. Time for them to grow up, act their age, and behave Big [as in ‘generous’].

Member

John, my bank, as far as my dealings with them, has behaved as I would expect of it. I have no complaints. The danger is we take the actions of some miscreants and then use that condemn the whole banking system. I am rather on my own, it seems, in expecting customers also to behave responsibly. But that is life; we all have different approaches.

I hope the CMA will put some less attractive banking practices out to grass and get them to introduce better, clearer and justifiable ways of dealing with customers.

Member

I am also extremely satisfied with the conduct of the Nationwide Building Society that operates my current account and other facilities. In my tirade above I should have distinguished mutual organisations, who respect their members and usually give a little extra, from purely commercial companies, which are solely driven by profit and cost reduction [notice the distinct use of ‘who’ for the former and ‘which’ for the latter!]. It is possible that the mutuals also attract a more responsible customer as they have a direct personal stake in the society. Demutualised building societies like Santander [ex Abbey National] and the Halifax [now under Bank of Scotland] seem to be trying to offer the best of both worlds but at the end of the day they are both banks and act accordingly when it suits.

Member

Sorry for the duplication 🙂 Sorry, it is now triplication 🙁 My first effort seemed not to go through, then got an “unexpected token Y” message. I wonder what that means? I have had “unexpected token D” when I’ve accidentally sent the same comment twice. Hope this is not the beginnings of a cyber attack.

Member

I’ve just had a message held in the queue for moderation. Nothing unusual there – but it did not contain a link. 🙂

Member

wavechange, the first of my triplicated comments above also was sent to the moderators, for no reason.

Member

malcolm-“Y”-javascript parsing error , do you have Meteor open source -platform for apps , or it could be a Windows firewall error .JSON parsing -D – is along the same lines -quotations/apostrophe /angle bracket/Ampersand. Which also has quite a few “additions ” now that I dont block whether they interact with the server I have not checked out.

Member

It looks like some changes are being made to the server ? I could be wrong on this , of course.

Member

Are they being done by the N. Koreans, GCHQ or the CIA?

Member

Not a clue duncan. I did have a problem opening “View account” in my online Which? account and I got a message I did not understand. However that has now put itself right. So i expect someone is tinkering with Which?’s equipment.

I have just gone through several fraught hours of reinstalling Bullguard, when my ISP told me to, after a problem opening it. It turned out, when I contacted Bullguard directly, that there was a problem being resolved between their servers and my ISP. I’m not a computer whizz so these episodes do tax me. I did complain and I’ve been given a month’s fee-free broadband. 🙂

Member

No just big time Western concerns malcolm that I havent named but think VERY big and Internet.

Member

Bullguard and servers would do it malcolm that lets Which off the hook .

Member
Karen says:
2 November 2016

Do not understand why my overdraft cannot be increased if my account is in debit – that’s when I need it so listen to my needs not your procedures!

Member

Karen, banks will let you apply to increase your arranged overdraft limit, often online, if you find it insufficient for your needs. They will, no doubt, assess whether you can deal with a larger debt.