We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Bank don't believe me about fraud!
Comments
-
I have managed to find some info in the FSA handbook
"Where a banking customer denies having authorised a payment, it is for the firm to prove that the payment was authorised.
(2) Where a payment from a banking customer's account was not authorised by the banking customer, a firm must, within a reasonable period, refund the amount of the unauthorised payment to the banking customer and, where applicable, restore the banking customer's account to the state it would have been in had the unauthorised payment not taken place."
But it does go on to say
" firm may, in an agreement for a retail banking service, provide for a banking customer to be liable for an amount up to a maximum of £50 for losses in respect of unauthorised payments arising:
(a) from the use of a lost or stolen payment instrument; or
(b) where the banking customer has failed to keep the personalised security features of the payment instrument safe, from the misappropriation of the payment instrument.
(2) A firm may, in an agreement for a retail banking service, provide for a banking customer to be liable for all losses in respect of unauthorised payments:
(a) where a banking customer has acted fraudulently; or
(b) (subject to (3)) where a banking customer has intentionally, or with gross negligence, failed to comply with his or her obligations under the agreement for the retail banking service in relation to the issue or use of the payment instrument or to take all reasonable steps to keep its personalised security features safe."
I know I haven't acted fraudulently so I am OK on that score. I am worried about the "intentionally, or with gross negligence," bit which I guess means they can say I didn't keep my passwords etc secure.
I have hsbc's latest copy of 'merchant news' which has an article on customer data safety stating "many merchants are not aware that they are storing cardholder data which can date back a number of years" so by their own admission they have merchants not deleting data and they say data can still be present when the main files have been deleted.
hsbc's merchant services handbook states that transaction confirmation must be provided to the cardholder by email or post. This didn't happen. I assume they confirmed to a fake email address but the bank have my real email address.
They also state the basic security things that a merchant must do such as avoiding different delivery addresses (if tickets were sent by post) and for collections (a certainty in the case of the hire car) they must ask for the card and use chip and pin.
British Airways use worldpay which states similar security measures to be used by their merchants and tells them not to accept mobile phone numbers or yahoo/hotmail email addresses and to get the cardholders signature.
Worldpay also states that authorisation is not a guarantee of payment as the card may be stolen but not yet reported.
hsbc recently sent me new T&Cs for my account which states that they may phone me for high value payments and won't make the payment unless they think it is genuine. 3 out of the 4 transaction are high amounts , especially when compared to my usual £15 at amazon, £40 grocery transaction which typify the last 20 years of action on my account. They have no reason to think i would spend £1400 on a last minute eastern european jaunt for other people and a laptop to be delivered 150 miles from where I live so why did they not contact me?
Thanks for the article rb100 -
Pawn, did you read the PM i sent you ?
You're worrying far too much about this, speak to HSBC tomorrow.0 -
New one on me. But a fraudster is unlikely to use his own email address or anybody else's, so he'll generally make up a phoney address and hope that no flags are raised when the mail bounces.
Nonsense. It's impossible to carry out most online transactions without a valid email address, and it's easy to create a throwaway free webmail account with false details - this is what a fraudster would likely do.0 -
Been to the bank. It didn't go well. I was on the phone to at least 7 different fraud/dispute department for over 90 mins. They said the BA flights aren't in my name and 'look like fraud' and I might get the money back after they investigate further. The car hire and national express say the address given by the criminals matches the cardholder address so they dispute that it is fraud and hsbc say they don't have any info for easy jet even though they sent me a copy of what they have. The easy jet and BA flights are for the same passengers. Nobody can explain how nobody checked the physical card at the airports or car hire place or why the car hire people weren't suspicious that the people didn't have the card and the ID of the people collecting the car didn't match the cardholder. All the flight tickets were sent by email, but obviously not to my email address. It seems that the retailers haven't bothered checking and everyone expects me to take the hit for it.0
-
There is clear evidence that someone else benefited from the flights, car hire etc.
HSBC have not proved that you are in control of that e-mail account.
Presumably you have a crime reference number from the police? If not, get one, give them the evidence you have and complain in writing to HSBC that they are not complying with FSA rules, have admitted that the BA flights 'look like fraud' and that you want a refund in full or you will refer your complaint to the financial ombudsman service.
They are obviously trying it on and the fraud team I am sure are incentivised both to be sceptical (in case you are party to the fraud yourself) but also to minimise losses to their employer.
The very fact that the easyjet evidence shows the fraudsters were trying to hide behind misspellings and incorrect address details is very telling in my view.
Don't give up - you will get the money you are rightfully entitled to back!
Good luck
R.Smile
, it makes people wonder what you have been up to.0 -
Initially when I went to the police they said the bank had to report it as they were the victim. I have been today to report it but I haven't got a crime number yet. I have reported it to action fraud.
I will write to hsbc now. On the phone they can just say what they want and pass you from person to person.0 -
Even easier than that. Anonymous disposable email addresses are available such as here:-Degenerate wrote: »Nonsense. It's impossible to carry out most online transactions without a valid email address, and it's easy to create a throwaway free webmail account with false details - this is what a fraudster would likely do.
http://mailinator.com/0 -
Well, I've just had a phone call about the Easyjet one and they are sending me a declaration to sign and return and that won't be re-debited. That is the only one which isn't out of my account yet. Feeling a bit better about it now. He couldn't help with the other 3 as they aren't in his dept but he says it looks like the investigation was shut down too early and is now re-opened, or something like that.0
-
HSBC seem to be doing this quite a bit lately!
I had a couple of transactions (£140) taken from my account, luckily I keep a close eye on it and had seen the ringfenced funds showing before it was even taken. I phoned HSBC and told them that I did not authorise the money, they credited it straight back to me whilst they investigated.
I then had a letter saying that they were satisfied that I had authorised the transactions as they were made on a 'secure' site and had a valid email address and password.
I spent a fair while on the phone and had to raise a complaint in the end - making the point that I had no doubt that the email address was valid - it just wasn't mine! That email address had been used to set up the account so whilst the site may be secure the details were still stolen.
It ended up with them saying that they would give me the money back as a good will gesture, I accepted that but then sent a letter to the CEO suggesting the their card fraud team needed some training on what constituted 'secure' and 'valid'. (Nothing back from that!)
It also happened to a friend of mine and she had to jump through the same hoops - state that it wasn't her transaction, when they wrote (using the same form letter as I'd previously been sent) saying it was done on a secure site she had to call them and say the same thing that I had, then raised a complaint and eventually she was given the money back as a goodwill gesture (they wouldn't admit fault despite missing 21 transactions that were totally out of character on her account!)
I wouldn't worry too much, just follow their procedures and you should get all of your money back.0 -
I'll second what everyone else says, stick to your guns, you will be refunded.
Banks don't have any chargeback rights for fraudulent transactions made using secure sites, so they will try their best to pin the blame on you. There is lots of secure site fraud these days, banks know this. It sounds to me as though HSBC have no evidence whatsoever to implicate you, make a formal complaint.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.3K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards