RBS online security

agrinnall

c_smith wrote: »

From what I was told, the fraudster knew the customer number and had the password reset from that. I have no idea how they could have got this information as I have never revealed it to anyone and the only two computers I use are both at home and are both secure.

Until you mentioned it, I hadn't considered the security number part of it and this was never mentioned by the fraud dept. Are you saying the person responsible would have had to have at least know the security number in order to get the password reset?

I'm going to contact them again on Monday now to establish whether this is the case or whether they reset both the security number and password at the same time, as that would indicate an even bigger security failing.

The highlighted part is why they will have suggested to you that a keylogger may be responsible. What have you scanned with to determine that your computers are clean? You'd probably need to employ several methods to be absolutely sure.

stclair

Mandelbrot wrote: »

Is the password resetting operation based in the UK or India?

All customer speaking departments are based in the UK.

c_smith

agrinnall wrote: »

The highlighted part is why they will have suggested to you that a keylogger may be responsible. What have you scanned with to determine that your computers are clean? You'd probably need to employ several methods to be absolutely sure.

The customer number used by the bank incase you don't know, is based on your date of birth. The "random" part of my customer number (that is no more) would have been extremely easy for someone to guess. And then there is also the possibility of some unscrupulous bank employee passing on information.

I have completed a full scan with Avast, a boot scan with Avast, an online scan with Bit Defender, a full Spybot scan, a Malwarebytes scan, and I've also checked that there are no suspicious running processes with Security Task Manager.

Any other suggestions to be sure?

jalexa

c_smith wrote: »

The "random" part of my customer number (that is no more) would have been extremely easy for someone to guess.

Err... why? AFAIAA its 1 in 100 for 2 digits. Are you suggesting its not "random"?

Anyway IMO, and in the absence of the tape it remains a theory, the key to this is not your conduct and practice but the conduct of the "reset". A salient question for RBS to answer would be the Caller ID of the telephone call and specific process to handle non-landline or number withheld calls. And I'm curious about "bank security [later] realised there was an issue" unless that was exceeding the login attempt account (and there was no login).

stclair

The customer number is built up of your DOB and the last 4 digits relate to the amount of customers with the same DOB as you.

Mandelbrot

stclair wrote: »

The customer number is built up of your DOB and the last 4 digits relate to the amount of customers with the same DOB as you.

Any more 'secrets' you wish to share about RBS security?

c_smith

stclair, I see you work for the group, do you know if both the security number and the password can be reset at the same time for immediate use? If so, this would seem to be a huge security issue.

DCFC79

Mandelbrot wrote: »

Any more 'secrets' you wish to share about RBS security?

Hardly a secret, ive also heard in the past about the last four represent how many people have the same DOB as you.

stclair

Mandelbrot wrote: »

Any more 'secrets' you wish to share about RBS security?

It's not a secret it never has been customers always get told that information!

cbrown372

fraud call centre is open 24/7 so you can call them now