Is on-line banking safe?

cepheus

A somewhat belated question considering I have been using on line systems for more than a decade. However I found this article very worrying.

I always assumed that account numbers were sufficiently randomised, long, and cross checked against sort codes and names, so any genuine mistake in typing a digit would be identified and thrown out and was unlikely to be transferred to an invalid account. It seems not according to this.

Is this right. If someone types out a single digit incorrectly they could potentially loose all the money transferred?

Worse still some building societies still ask you to use a common account number something like 000000 and rely on names to indentify the transaction, this defies belief.

The advice necessary to avoid pitfalls undermines the convenience of on-line banking completely.


There are some simple steps you can take to prevent transferring funds into the wrong account.

• When you set up a new payment for the first time, check and check again that the details are correct.These details should be stored by your online bank.
• Then transfer a small sum to the new recipient.
• Call them to see if the money has reached their account.
• If it has, then use the payment details stored on your online account to transfer the remainder of the funds.

But not even this simple suggestion is straightforward, because bank computer systems often register multiple transactions, particularly where one is for a small amount, as fraud. And this will protect you only when the mistake is yours, not if someone has given you incorrect details.
If you are still nervous, use the bank branch.

http://www.thisismoney.co.uk/money/saving/article-2188381/My-7-000-just-vanished-How-slip-finger-cost-life-savings.html

exel1966

This must be right...It's from the Daily Mail :rotfl:

alanq

cepheus wrote: »

Worse still some building societies still ask you to use a common account number something like 000000 and rely on names to indentify the transaction, this defies belief.

I have never come across this. Where a common bank account number is used in my experience it is always the building society account number that is used as a reference.

I agree that the situation defies belief. I believed that account numbers had check digits. Many years ago I had problems with my Northern Rock current account because some organisations would not accept the account number as valid. I assumed that this was because NR were using a different algorithm to the one other banks were using. At least there should be a cross-check between the account number and the payee name.

The Mail article offers good advice. I follow its recommended procedure. The only time that I have had a £1 transaction followed by a large one treated as potential fraud was by NatWest. As Faster Payments were involved I was able to see within seconds that the £1 had arrived successfully and immediately attempted the much larger transaction. It may be a good idea to wait a day or two before the follow up transaction though this may not be possible if time is of the essence.

dr_adidas01

cepheus wrote: »

A somewhat belated question considering I have been using on line systems for more than a decade. However I found this article very worrying.

I always assumed that account numbers were sufficiently randomised, long, and cross checked against sort codes and names, so any genuine mistake in typing a digit would be identified and thrown out and was unlikely to be transferred to an invalid account. It seems not according to this.

Is this right. If someone types out a single digit incorrectly they could potentially loose all the money transferred?

Worse still some building societies still ask you to use a common account number something like 000000 and rely on names to indentify the transaction, this defies belief.

The advice necessary to avoid pitfalls undermines the convenience of on-line banking completely.


There are some simple steps you can take to prevent transferring funds into the wrong account.

• When you set up a new payment for the first time, check and check again that the details are correct.These details should be stored by your online bank.
• Then transfer a small sum to the new recipient.
• Call them to see if the money has reached their account.
• If it has, then use the payment details stored on your online account to transfer the remainder of the funds.

But not even this simple suggestion is straightforward, because bank computer systems often register multiple transactions, particularly where one is for a small amount, as fraud. And this will protect you only when the mistake is yours, not if someone has given you incorrect details.
If you are still nervous, use the bank branch.

http://www.thisismoney.co.uk/money/saving/article-2188381/My-7-000-just-vanished-How-slip-finger-cost-life-savings.html

Yes it must be true if the Daily Hail says so. I've been using internet banking for a decade without problems.

The checking you've set up the correct details for transfers is good advice. I double check I've inputted the correct details before sending any payment.

"Is this right. If someone types out a single digit incorrectly they could potentially loose all the money transferred?" No not loose all the money it can be sent to someones account provided the digit mistyped corresponds to someones account number. If this happens then your bank can legally request the money back from the account to which is was paid, and the person whom was accidentally paid this must legally return the money as it isn't there's to keep.

A cashier at a bank when paying in a cheque to an account can easily input an account number wrong too, sending it someone else and not the intended person. So the risk of this happening has always been there even before the days of internet banking.


"Worse still some building societies still ask you to use a common account number something like 000000 and rely on names to identify the transaction, this defies belief."

This one I've never experience so can't say for sure if its correct, I know that a few years back when ever I sent a payment from co-operative bank to another account it used to put four 0's at the end, so maybe this is what you are talking about. The money still used to arrive in the right account regardless of the four 0's.

I think the Daily Hail is again just scaremongering for the sake of it, lets face it there's risk walking out of your front door every day, you could get run over by a bus or car or a piano might fall on your head.

If you worried about this then you just wouldn't leave the house!!!

InsideInsurance

Evidently if you type the account number in wrong it'll go to the wrong account, just as if you go in branch and write it wrong or if you do it over the telephone and miss read the number.

I have to say the Daily Mail have sunk to a new low on this piece of expert advice. If anything the web is safer because it forces you to check and it enables you to reuse saved account numbers where as in branch you have to write down the details each time increasing the risk of mistakes.

cepheus

I've never had a problem personally, although I wouldn't be so arrogant as to pretend that I couldn't make a mistake in typing out a single digit, I do it all the time filling out forms.

I have been given money in my account which isn't mine before though.

Considering the profits the banks make, you would imagine they would be able to hire quality staff with enough sense to design a system with some sort of cross check. This would save the banks a lot of time and money as well as anguish for the customer!

CLAPTON

a single digit wrongly input means the money goes to the wrong a/c

there are no check digits on sort codes or account numbers

reclaiming money sent to the wrong a/c by accident can be an absolute nightmare and is not a simple process at all.

callum9999

exel1966 wrote: »

This must be right...It's from the Daily Mail :rotfl:

It is right... But then it's also common sense. Enter the wrong account number and the payment will go to the wrong account - who knew...

Scarpacci

It's not really a safety or security issue though, is it? It's an issue that online banking systems, like all computers, will do exactly what you tell them to do - they can't read your mind and guess your true intent. It's true that they're not "smart" enough to tell you "I say old chap, why are you sending £10,000 to 404040 12345678, the account of a pensioner in Llandudno? Are you sure you don't mean to send it to your wife's account 404040 12345679?". But I don't think that would be very easy to implement!

All it takes to avoid mistakes is for the user to check, re-check and check again before sending their money. I will look at the form for a few minutes, checking where I mean to send it and what I've written, and will then do the same on the "Are you sure ...?" page. So far it's avoided any mistakes.

tosyn

Another scaremongering article to bring some advertising revenue to daily mail !!!

However, there is one point valid. which I always wondered and why it wasn't implemented especially with new Faster Payments(FP) system.

When you make a transfer using FP (which is near to real time and almost instantaneous) why doesn't the bank return or bounce the transaction back if the account holder name is not matched.

For e.g if you are paying 3 persons (A,B,C) amount (N1, N2 & N3), to their accounts (A1, A2, A3 )

The transaction B-->N2-->A2 , should bounce back if the sender/orignator did not put the correct account name (B's Surname ). In reality, the FP transaction will always pass with just the account number. I guess that is what this article is capitalising on.

Wasn't this simple to implement or just a hindsight, I wonder ?

CLAPTON

Scarpacci wrote: »

It's not really a safety or security issue though, is it? It's an issue that online banking systems, like all computers, will do exactly what you tell them to do - they can't read your mind and guess your true intent. It's true that they're not "smart" enough to tell you "I say old chap, why are you sending £10,000 to 404040 12345678, the account of a pensioner in Llandudno? Are you sure you don't mean to send it to your wife's account 404040 12345679?". But I don't think that would be very easy to implement!

All it takes to avoid mistakes is for the user to check, re-check and check again before sending their money. I will look at the form for a few minutes, checking where I mean to send it and what I've written, and will then do the same on the "Are you sure ...?" page. So far it's avoided any mistakes.

actually with the use of check digits it's very easy to know if the wrong a/c numbers are entered; indeed the codes could even be automatically corrected.

computers can do this very easily

however our present banking system chooses not to use check digits so errors can't be identified or corrected.