hacked in even with rapportalliance-leicester

joe134

masonic wrote: »

Yes, what he is telling you is wrong, and it is so obviously wrong that anyone who uses online banking an A&L account will easily be able to see that it is wrong. I think you just have to ignore everything this person has told you because quite frankly it is a load of rubbish. The login procedure is, once again...

1) Enter customer ID
- Check to see if computer is 'known' (has A&L cookie).
2) Personal security question (if computer is unknown)
- Personal anti-phishing image and phrase shown
3) 5-digit PIN

Edit: Just to add some corrections to what you have been told, my comments in brackets:-
Take a look at this screenshot where I have found a random customer ID that works. When I click 'Next' this happens. I can assure you, I don't know whose account this is or what their 5-digit PIN is, but if I wanted I could enter their security information wrongly three times and lock them out, just like you were locked out. It is a terrible system.

Hi, Now you see what I am up against.Your example proves the point.I think pulling out of A&L is the next thing, as soon as new pin arrives.I would like to take this matter further, complaint, probably will.Have to find the best way of doing it.I will move my money first.then act.I have never had any trouble with IB only this one bank, and it,s the least used, only had it 8 months.Never again.Cheers Masonic, much appreciated, now I know it,s not me.I doubt very much if a compromise has occurred, their reason for this aggro is unfathomable?

LeifGR

This is fascinating. Even by the very low standards of customer "service" that we have recently become accustomed to with call centres, this stands out as shambolic. The staff member from A&L has been referred to as the "security guy" but he seems to be the opposite!

@joe134: I hope you have the energy to take A&L on and fight them on this one, this seems like a slam-dunk for you and a royal scr*w-up by them. Do keep us posted, even if you leave A&L -- which I would fully understand. I will be asking my wife to find another current account fortwith.

Kudos to masonic for all his research!

joe134

LeifGR wrote: »

This is fascinating. Even by the very low standards of customer "service" that we have recently become accustomed to with call centres, this stands out as shambolic. The staff member from A&L has been referred to as the "security guy" but he seems to be the opposite!

@joe134: I hope you have the energy to take A&L on and fight them on this one, this seems like a slam-dunk for you and a royal scr*w-up by them. Do keep us posted, even if you leave A&L -- which I would fully understand. I will be asking my wife to find another current account fortwith.

Kudos to masonic for all his research!

Hi LeifGR. thanks, I intend to do as you say, if possible. Just, "still" awaiting Pin.Then I can decide on how to take it further. Definitely closing A/c, no wonder compromises take place with the likes of him in charge.Never dealt with a bank as bad as A&L, and I bank with nearly every other one.Watch this space;;) I owe a debt of gratitude to Masonic;

masonic

joe134 wrote: »

I owe a debt of gratitude to Masonic;

I'm glad we were able to get to the bottom of it. It's not nice having your bank cast doubts about the security of your computer. It's even worse when it turns out it's all the result of them not understanding how their own systems work. I feel sorry for the people who go through the same ordeal but automatically assume everything they are being told must be right and that they are doing something wrong, when in fact they're not at fault at all.

joe134

masonic wrote: »

I'm glad we were able to get to the bottom of it. It's not nice having your bank cast doubts about the security of your computer. It's even worse when it turns out it's all the result of them not understanding how their own systems work. I feel sorry for the people who go through the same ordeal but automatically assume everything they are being told must be right and that they are doing something wrong, when in fact they're not at fault at all.

Hi, update;Got new pin, logged in and changed it using ID & Pin only.Deleted history and cookies first as they required, not advised but required.Not challenged at all. Rapport on though.Just had lengthy phone call with security,online fraud guy ,same one, he maintains that A&L system pick up my comp,not by cookie, but didn,t know how;apparently,the compromise was prevented, "his words" because their system picked up that it was not my comp, and challenged by requesting cherished data, which failed, hence block.they still insist I do not use favourites, some waffle, I think by then he confused himself with his own speil.Can A&L recognise a certain pc, not using IP address, or Rapport,or cookie, which he maintains happens.he claimed they got Id&pin correct, but denied access, no attempt to set up moving money, but had money been lost, they guarantee to refund it? Wouldn,t like to hold them to it;If, cookies are a basic form of ID for a comp, by deleting, I am jeapordising my other Banks accounts, Still as confused as ever. Still batting away before account closure.

masonic

joe134 wrote: »

Hi, update;Got new pin, logged in and changed it using ID & Pin only.Deleted history and cookies first as they required, not advised but required.Not challenged at all. Rapport on though.

That's interesting, as it suggests they are 'recognising you' by IP address, or Rapport is sending them information about your computer. For me, when I delete the A&L cookie, I get asked for extra security information. I've tried it with and without Rapport installed. It could be that something has been set up differently in your account now you've been allegedly 'compromised'.

Just had lengthy phone call with security,online fraud guy ,same one, he maintains that A&L system pick up my comp,not by cookie, but didn,t know how;apparently,the compromise was prevented, "his words" because their system picked up that it was not my comp, and challenged by requesting cherished data, which failed, hence block.

I don't think there was ever any confusion about that. What was inconsistent was that they claimed a correct PIN was entered, when under normal circumstances the block would happen before the PIN was requested.

they still insist I do not use favourites, some waffle, I think by then he confused himself with his own speil.

If, cookies are a basic form of ID for a comp, by deleting, I am jeapordising my other Banks accounts, Still as confused as ever. Still batting away before account closure.

The favourites thing is in case someone (or something) messes around with your favourites when you aren't looking. But clearing your cookies every time is totally unnecessary and will cause problems with other websites that you want to remember you. What A&L don't seem to appreciate is that sometimes you might want to visit other websites besides theirs. In fact, I'd be tempted to phone them up and ask them if you are allowed to visit any other websites on the computer you use for internet banking. Actually, on second thought...

Can A&L recognise a certain pc, not using IP address, or Rapport,or cookie, which he maintains happens.he claimed they got Id&pin correct, but denied access, no attempt to set up moving money, but had money been lost, they guarantee to refund it? Wouldn,t like to hold them to it;

The only information A&L can get from your browser when you visit the site is your IP address, your browser, your operating system, and any cookies for the site. If you remove the cookies there is no way to uniquely identify your computer (because IP addresses aren't necessarily fixed or unique). So if they really are able to identify your computer they must be doing it using some other software (e.g. Rapport). The other possibility is they aren't doing it properly.

joe134

masonic wrote: »

That's interesting, as it suggests they are 'recognising you' by IP address, or Rapport is sending them information about your computer. For me, when I delete the A&L cookie, I get asked for extra security information. I've tried it with and without Rapport installed. It could be that something has been set up differently in your account now you've been allegedly 'compromised'.

I don't think there was ever any confusion about that. What was inconsistent was that they claimed a correct PIN was entered, when under normal circumstances the block would happen before the PIN was requested.

The favourites thing is in case someone (or something) messes around with your favourites when you aren't looking. But clearing your cookies every time is totally unnecessary and will cause problems with other websites that you want to remember you. What A&L don't seem to appreciate is that sometimes you might want to visit other websites besides theirs. In fact, I'd be tempted to phone them up and ask them if you are allowed to visit any other websites on the computer you use for internet banking. Actually, on second thought...

The only information A&L can get from your browser when you visit the site is your IP address, your browser, your operating system, and any cookies for the site. If you remove the cookies there is no way to uniquely identify your computer (because IP addresses aren't necessarily fixed or unique). So if they really are able to identify your computer they must be doing it using some other software (e.g. Rapport). The other possibility is they aren't doing it properly.

My thoughts entirely. I was at least 45 mins on the phone to him, mostly listening. He didn,t like being interupted for questions, he was reading from a flow chart I think. He told me to write in to find out how they can id my comp as he didn,t know. As if they are going to reply.or reveal it.However, as I deleted cookies, and wasn,t challenged, they have somehow either id,d my comp, "or" it,s easy to compromise.It,s all hypotheticals now, I did mention other banks advise allowing cookies, so deleting to use A&L, may compromise my others. He was lost.Leeds BS, insist cookies are allowed, I get challenged when deleted.Easier all round to delete A&L.3 weeks to get new pin.He didn,t know Rapport prevented keylogging, he said it was an AV.A&l is about right, first letter in right place, second in the middle.

joe134

joe134 wrote: »

My thoughts entirely. I was at least 45 mins on the phone to him, mostly listening. He didn,t like being interupted for questions, he was reading from a flow chart I think. He told me to write in to find out how they can id my comp as he didn,t know. As if they are going to reply.or reveal it.However, as I deleted cookies, and wasn,t challenged, they have somehow either id,d my comp, "or" it,s easy to compromise.It,s all hypotheticals now, I did mention other banks advise allowing cookies, so deleting to use A&L, may compromise my others. He was lost.Leeds BS, insist cookies are allowed, I get challenged when deleted.Easier all round to delete A&L.3 weeks to get new pin.He didn,t know Rapport prevented keylogging, he said it was an AV.A&l is about right, first letter in right place, second in the middle.

PS. One thing that did happen, I typed in url as he suggested and got taken 3 times to a spoof A&L site, once picked up by Rapport, other 2 by me noticing oddity and checking with site advisor. So I used my favourites, unreccommended by A&L. no problem.So there are spoof sites out there, beware:

oldfella

I typed in url as he suggested and got taken 3 times to a spoof A&L site

have a look at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

it should just have
127.0.0.1 localhost

is there anything else in it ?

alanwsg

oldfella wrote: »

it should just have
127.0.0.1 localhost

Might also have...

::1 localhost

... in it (IPv6 address).