Help please!!! transferred £300 into the wrong account.

Hominu

Uxb wrote: »

Tesco - and others use a special flash cookie - sometimes known as a super cookie.
They are not supposed to be deleted by normal cookie deletion managers/program etc

That's how it used to work. Now browsers such as Firefox treat LSOs the same way as HTTP cookies - deletion rules that previously applied only to HTTP cookies now also apply to LSOs.

This is due to privacy concerns - sites using LSOs (also known as flash cookies) to bypass browser cookie clearing on session closure as people were thinking they had deleted tracking cookies by asking their browser to do so and were unaware about another cookie stash by Adobe Flash.

~Chameleon~

Uxb wrote: »

Tesco - and others use a special flash cookie - sometimes known as a super cookie.
They are not supposed to be deleted by normal cookie deletion managers/program etc

Flash Cookie manager
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager09.html

Try telling that to my computers! Every time I close the browser I have to re-verify that I am in actual fact using my own computers to log into Tesco banking. It's a major PITA (both Mac & Win7 platforms)

pqrdef

Hominu wrote: »

That's how it used to work. Now browsers such as Firefox treat LSOs the same way as HTTP cookies - deletion rules that previously applied only to HTTP cookies now also apply to LSOs.

That would explain why I can only get the Tesco Bank site to work using Firefox. Presumably it sees I'm using Firefox and switches to a different method.

pqrdef

Goldiegirl wrote: »

A name check system would be helpful, but the banks may think that it's to expensive to install.

Banks think anything is too expensive if it doesn't save or generate more than it costs.

Money lost by their customers doesn't enter the equation.

JuicyJesus

pqrdef wrote: »

Banks think anything is too expensive if it doesn't save or generate more than it costs.

Money lost by their customers doesn't enter the equation.

That's because it's the customers' fault. If I post some cash to 69 Big B*llocks Road and it was actually supposed to go to 96 Big B*llocks Road then it is just as much the banks' fault as it is if you send cash electronically to an incorrect account number. Where a customer has lost money through no fault of their own, i.e. through fraud, as opposed to lack of care, they are refunded. Indeed, the banks lose millions of pounds each year doing so.

Everything Is The Fault Of The Banks Somehow though, so presumably if I want to do something like posting cash they should step in and magically stop me from writing the wrong numbers on the envelope and then posting it using a series of spy planes and mind control beams.

cdotr

JuicyJesus wrote: »

Everything Is The Fault Of The Banks Somehow though, so presumably if I want to do something like posting cash they should step in and magically stop me from writing the wrong numbers on the envelope and then posting it using a series of spy planes and mind control beams.

JuicyJesus your posts are the best! :rotfl:

BlindLeadingTheBlind

It would seem banks were well aware before the introduction of the Faster Payments Service that there was the likelihood of a significant increase in mis-directed payments partly through the customer's involvement in inputting account details.

The central feature of the FP Service is virtual real-time processing which removes the opportunity for the banks to intervene to stop incorrect payments which is available to an extent with other payment methods simply because of the extended processing time. When coupled with the irrevocable nature of a Faster Payment it was essential for the sending banks to introduce early in the process simple validation checks. The fact banks still haven't done so quite frankly shows an atrocious lack of care to their customers.

It was also known to banks that the characteristics of the FP Service would undoubtedly attract the attention of fraudsters looking for weaknesses in the system. By increasing their customers' exposure to fraud, it is reasonable to assume banks accepted an increased responsibility to ensure their systems and procedures surrounding the FP Service were watertight. They are quite clearly not!

JuicyJesus

BlindLeadingTheBlind wrote: »

It would seem banks were well aware before the introduction of the Faster Payments Service that there was the likelihood of a significant increase in mis-directed payments partly through the customer's involvement in inputting account details.

Not really. The same problem existed with BACS, as a quick search of the MSE forums will tell you. It was only that due to the non-real time nature of it there was a possibility of recall if done within a certain timeframe (the two working days it took for BACS to process the payment). The flipside was that if you put in the wrong account details the BACS system would not - could not - flag it up and so your money would take two working days to reach the other side, and either be held in a suspense account, pinged back (taking another two working days) or credited to a customer's account - which after the two working days has elapsed and so a BACS recall wasn't possible would leave you in much the same situation.

With FPS, the banks and everyone else have gone to great pains to make it clear that the recall option does not exist and that Faster Payments are irrevocable once sent (barring fraud committed against the customer, and even then that is more of an interbank agreement than anything to do with FPS itself - FPS has no recall mechanism built into it). This has not stopped people being careless.

The central feature of the FP Service is virtual real-time processing which removes the opportunity for the banks to intervene to stop incorrect payments which is available to an extent with other payment methods simply because of the extended processing time. When coupled with the irrevocable nature of a Faster Payment it was essential for the sending banks to introduce early in the process simple validation checks. The fact banks still haven't done so quite frankly shows an atrocious lack of care to their customers.

As stated, the FPS system compels its member banks to automatically refuse payments that are instructed to be sent to non-existent account numbers. This is a substantial improvement on BACS for the reasons stated above. There is little else the banks can practically do - a name check is infeasible for reasons which have already been stated ad nauseam on this forum and elsewhere.

The correct response is to not try to shift liability to the bank for the errors of the customer, which is the effect here. By all means, they should advise customers that the sort code and account number are the only routing information used for payments, but where a customer is negligent and ignores the warnings and doesn't make certain of what they're doing I see no reason why anyone else should foot the bill.

I have nothing against consumer rights, but I take the position that I'm in favour of transparency, full disclosure and equitable treatment allowing people to make informed choices and decisions, not indemnifying customers against their own negligent mistakes. That way lies madness.

It was also known to banks that the characteristics of the FP Service would undoubtedly attract the attention of fraudsters looking for weaknesses in the system. By increasing their customers' exposure to fraud, it is reasonable to assume banks accepted an increased responsibility to ensure their systems and procedures surrounding the FP Service were watertight. They are quite clearly not!

Complete cr*p. Fraud is one thing, and as stated banks pay out millions in fraud restitution each year; incorrect customer instructions are another.

So, speaking about fraud specifically, and not idiots putting in wrong numbers and expecting other people to indemnify them for their mistakes, how have the banks failed to prevent fraud with FPS? Most have introduced two-factor authentication which all but eliminates fraud carried out through bank transfers - oddly enough, customers have been the ones kicking and screaming because it's "inconvenient", despite the invaluable protection it brings.

Gromitt

~Chameleon~ wrote: »

Try telling that to my computers! Every time I close the browser I have to re-verify that I am in actual fact using my own computers to log into Tesco banking. It's a major PITA (both Mac & Win7 platforms)

You can backup your LSOs (Local Storage Objects) whilst your online to Tesco, and then restore them next time before you visit Tesco again. It might be better and easier to just request another security code to be texted to your phone however, as you would be taking a snapshot, as it were, or you could adjust your browser privacy settings so it doesn't delete cookies after session closure.

BlindLeadingTheBlind wrote: »

It would seem banks were well aware before the introduction of the Faster Payments Service that there was the likelihood of a significant increase in mis-directed payments partly through the customer's involvement in inputting account details.

Ok, lets go back to before Faster Payments were introduced. The only difference I remember is that it took a few days to get to its destination and we didn't have the ridiculous limits that we have now. Nothing else changed.

Now lets compare it to several other business models:
If I post a cheque to the wrong address, the post office don't return it to me saying "Mr X" doesn't live at that address. They'll deliver it without a name.
If I send someone money via Paypal and accidentally type the wrong email address, Paypal don't bounce it saying I got there name correct, as they never ask for it. Some goes for several other such providers, such as Nochex.
If I use Barclays PingIt and type in the wrong phone number, the payment doesn't bounce back as they never ask for the persons name.
If I setup a DD on someone elses account but give my name, the DD is still processed, as they don't care about the name.

Do you see a pattern here?

~Chameleon~

Gromitt wrote: »

You can backup your LSOs (Local Storage Objects) whilst your online to Tesco, and then restore them next time before you visit Tesco again. It might be better and easier to just request another security code to be texted to your phone however, as you would be taking a snapshot, as it were, or you could adjust your browser privacy settings so it doesn't delete cookies after session closure.



Ok, lets go back to before Faster Payments were introduced. The only difference I remember is that it took a few days to get to its destination and we didn't have the ridiculous limits that we have now. Nothing else changed.

Now lets compare it to several other business models:
If I post a cheque to the wrong address, the post office don't return it to me saying "Mr X" doesn't live at that address. They'll deliver it without a name.
If I send someone money via Paypal and accidentally type the wrong email address, Paypal don't bounce it saying I got there name correct, as they never ask for it. Some goes for several other such providers, such as Nochex.
If I use Barclays PingIt and type in the wrong phone number, the payment doesn't bounce back as they never ask for the persons name.
If I setup a DD on someone elses account but give my name, the DD is still processed, as they don't care about the name.

Do you see a pattern here?

Oh please, don't confuse him with even more technological routes for transferring funds

I'd not heard of LSOs until this thread. Will investigate further