Skip to main content

POST Faster fraud

Some good news arrives from our friend at Financial Fraud Action (FFA), the body tasked with reducing financial fraud in the UK.

Remote banking fraud losses totalled £137.1 million, a 19 per cent decrease from £168.6 million in 2015.

From Financial fraud data for 2016 published : Financial Fraud Action UK

Great news. Except… 

"But the report failed to include any reference to one form of crime that is on the rise and blighting victims’ lives: bank transfer fraud."

'I was robbed of £19k, and Barclays just stood by'

Oh dear. Having made it easier to transfer money between bank accounts, criminals have t

"After it was realised this was a scam, your bank contacted the Italian post office where the funds had gone but the money could not be retrieved."

'I was scammed for £1,300 and Amazon told me to buy again'

xxx

 

xxx

"It was only on closer inspection that they saw underneath the displayed name that the email address was not his own."

'I was robbed of £19k, and Barclays just stood by'

I must sound awfully harsh but I do not see what the bank has done wrong here. They were instructed to transfer money and that instruction was properly authenticated. It is not there fault that they were asked to transfer money to a fraudsters account.

The real problem here is using e-mail to instruct bank transfers. That’s negligence, since we all know that e-mail has no security. I would suggest that for accountancy firms and all others, all messages containing financial information be sent by Signal or for that matter WhatsApp (which has our Home Secretary’s enthusiastic endorsement as a platform for secure communications).

There was (yet another) discussion about these frauds on the BBC’s MoneyBox recently and I made a passing comment about how easy it would be to find out who the fraudsters are an arrest them. My point was that instant payments go to a bank account and since we have famously strict and well-observed Know-Your-Customer (KYC) laws maintained at great expense by the British bank industry, so it should be easy to send the police the details of who to arrest.

"TSB said… In this instance the scammer used valid ID"

'I was robbed of £19k, and Barclays just stood by'

Well if it was a valid ID then bob’s your uncle. Should be easy to round up the perps. But not so...

"In some cases the original account is opened by a student or temporary British resident who is later – perhaps when they are leaving the country – persuaded to ‘sell’ the account to a fraudster for cash."

'I was robbed of £19k, and Barclays just stood by'

Interesting. And it’s not, a first glance, obvious what to do about this other than to make it a criminal offence to let someone else log in to your bank account.

Comments

Post a Comment

Popular posts from this blog

We could fix mobile security, you know. We don't, but we could

Earlier in the week I blogged about mobile banking security , and I said that in design terms it is best to assume that the internet is in the hands of your enemies. In case you think I was exaggerating… The thieves also provided “free” wireless connections in public places to secretly mine users’ personal information. From Gone in minutes: Chinese cybertheft gangs mine smartphones for bank card data | South China Morning Post Personally, I always use an SSL VPN when connected by wifi (even at home!) but I doubt that most people would ever go to this trouble or take the time to configure a VPN and such like. Anyway, the point is that the internet isn’t secure. And actually SMS isn’t much better, which is why it shouldn’t really be used for securing anything as important as home banking. The report also described how gangs stole mobile security codes – which banks automatically send to card holders’ registered mobile phones to verify online transactions – by using either a Trojan...
Post a Comment
Read more