Lloyds or Halifax bank accounts are easily stolen

Jeddy

eDicky wrote: »

Yeah, you're right, I'm mistaken - the speaker and keypad etc is available when you answer the phone.

That's a shame, I was rather hoping it was my phone which was presenting the security loophole.

Emily_Joy

Jeddy wrote: »

I've tried to alert Lloyds but they aren't interested, so maybe if more people know they may take an interest.
Bank card (or bank sort code / account number / name on account)
Driving licence (or the persons date of birth)
The mobile phone registered to the account (it's typically ok if the phone is locked).
All in all, very insecure and yet Lloyds / Halifax don't care!

I would have thought that quite often having someone's Android/I/phone is sufficient for an ID theft. Phone directory, eMail, Facebook, Twitter will give you all personal data you need, if the owner used phone to take scans/photos of the documents, you will have access to them to. In addition, if you ever took a photo at home, the camera app will keep GPS coordinates and reveal the address. Ever downloaded account statement? The one who found your phone have got this as well. So, basically, if you believe you can loose the phone without realising it soon enough to lock it on time, you take the risk. The balance between easiness of legitimate access and difficulty of fraudulent access is a complex issue. I personally carry a NatWest card which is not contactless and a simple 6 years old phone which is not linked to online banking only whenever visit an area/country where pickpockets are common.

18cc

That is why banks that use phone authorisation (either by typing in a number from the screen or receiving OTP by text) are inherently less secure than institutions that don't use it like Nationwide (card reader), Coventry (grid card) or FD/HSBC (secure key).

Lloyds etc are vulnerable to people with so-called 'priviliged access' - eg people living at the same address (friends sharing, family members etc), people at work where phones, wallets etc may be accessible at various times of the day, people visiting (eg carers) etc etc.

polymaff

enthusiasticsaver wrote: »

I was not responding to your post as you are not the OP.

Then why did you, repeatedly, quote me - and not the OP.

Stop behaving like an incompetent troll.

robatwork

Emily_Joy wrote: »

I personally carry a NatWest card which is not contactless and a simple 6 years old phone which is not linked to online banking only whenever visit an area/country where pickpockets are common.

That's every area in every country where there are lots of people.

Jeddy

Emily_Joy wrote: »

I would have thought that quite often having someone's Android/I/phone is sufficient for an ID theft.

You are of course right, however the distinction I was trying to make was that for the theft you are referring to you need an unlocked phone. To gain control of a Lloyds / Halifax account unless I've got it wrong a locked phone etc. will suffice. If I leave my phone unlocked (I don't) then I'd have to accept that risk, I'm not happy that despite locking my phone my account is still vulnerable.
As an aside I have a seperate email account for my finances which I don't use on my mobile so I've already taken reasonable steps to try to prevent the type of theft you refer to, but if someone managed to unlock my phone they could still at the very least cause a lot of inconvenience and possibly take over my id, but hopefully I've made it harder for them to access my money quickly. I am a bit stuffed though given my bank will contact me via a call to my phone.

Missus_Hyde

Perhaps I am missing something, but in order to access the Lloyds accounts you do need to put in three digits from your memorable information, whether it be on a laptop, tablet or phone.

Supposing you did all the business with the “forgotten ID” and “forgotten password” etc. and managed to get over the first stage as demonstrated by the original post, you would still have to submit three digits from your memorable information. Unless someone was absurdly careless, it’s unlikely they would be carrying their memorable information around in their handbag/wallet to be conveniently stolen, so one would hope that the bank might be a little suspicious that some one had forgotten all their log in details (I suppose you could claim that you had a sudden attack of amnesia and had forgotten everything! )

Jeddy

Missus_Hyde wrote: »

Perhaps I am missing something, but in order to access the Lloyds accounts you do need to put in three digits from your memorable information, whether it be on a laptop, tablet or phone.

Supposing you did all the business with the “forgotten ID” and “forgotten password” etc. and managed to get over the first stage as demonstrated by the original post, you would still have to submit three digits from your memorable information. Unless someone was absurdly careless, it’s unlikely they would be carrying their memorable information around in their handbag/wallet to be conveniently stolen, so one would hope that the bank might be a little suspicious that some one had forgotten all their log in details (I suppose you could claim that you had a sudden attack of amnesia and had forgotten everything! )

Good point, maybe that's the point I'm missing! I'll check this again, I was hoping someone would be able to point me in the direction of what's going wrong. It's very possible I did that bit without thinking about it, and yet I know I managed to change it. Watch this space...

Emily_Joy

Jeddy wrote: »

If I leave my phone unlocked (I don't) then I'd have to accept that risk, I'm not happy that despite locking my phone my account is still vulnerable.

It doesn't matter whether the phone is locked or not. One can always take the SIM out and put in in a different phone. There are programs (I do use them) developed for changing the Operating System on the phone - which will allow you to copy all the data within 24 hours (depending on phone memory).

Jeddy

Emily_Joy wrote: »

It doesn't matter whether the phone is locked or not. One can always take the SIM out and put in in a different phone. There are programs (I do use them) developed for changing the Operating System on the phone - which will allow you to copy all the data within 24 hours (depending on phone memory).

If I turn my phone off / take out the SIM, next time I turn my phone on I have to enter the SIM PIN as well as the phone SIM so I think transferring the SIM would stop a phone call from being received. I doubt however it stops data on the phone being accessed if you can get past the phone PIN however.