We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Lloyds or Halifax bank accounts are easily stolen
Options
Comments
-
I tried contacting Lloyds...
I think you're wasting your time with branch and call-centre staff. They have other priorities and can't fix the problem you describe.
There's a web site somewhere giving CEO email addresses. Go straight to the top.
Could you contact reputable financial journalists who might pursue this for you, without publishing a detailed how-to.0 -
If I get no-where with branch or fraud team I'll do as you suggest via the ceoemail websiteI think you're wasting your time with branch and call-centre staff. They have other priorities and can't fix the problem you describe.
There's a web site somewhere giving CEO email addresses. Go straight to the top.
Could you contact reputable financial journalists who might pursue this for you, without publishing a detailed how-to.
My first step was to alert Lloyds, they weren't interested at the level I spoke to. My second attempt was to contact a financial journalist as mentioned above (BBC Moneybox) - awaiting a reply if any.
I'm not sure I like the suggestion I've published a detailed how to, it's more alerting people how little information is required if you follow the links on their website. I've not published anything new, just follow their links.
I'd be surprised if the crims don't already know all this anyway, so isn't it right to alert those who may be affected so they can take action to avoid being caught out until this is fixed?0 -
I would think that given the amount of effort you are putting in to try and hack your own banking account that time would be better spent researching a new bank account as you clearly have no confidence in Lloyds or Halifax. I don't have either so cannot verify if it is as easy as you say.
I agree with Vortigern that publishing online detailed crib sheet of how easy it is does not sound responsible and you should be sending this to Lloyds or Halifax rather than an online forum.
For this to work someone has to have the bank card, driving licence and mobile phone of someone and the person whose details were stolen would not have had time to alert the bank that their account could be targeted so the account could be frozen. The fraudster would also have to pay the money to another account (not that easy to open new accounts these days without id and it is not instant) so wherever the money is sent would be traceable, obviously they can withdraw in cash but it would all need to be done pretty quickly and the amounts would be limited to daily cash withdrawal limits.
I am not saying that this cannot be done, as I said I cannot prove it and to be honest I would not want to lock my account so even if I had a LLoyds or Halifax account I would not try it. All any of us can do is take as much care with our valuables as possible and try to minimise the risk of anyone being able to access our accounts. Any determined fraudster can get past any banks security systems but they have to relay on us being complacent enough to just leave our phones, bank cards and driving licences about and not contacting banks immediately to let them know if any of these have been stolen.
What would be more useful is how do you think Lloyds or Halifax can improve their systems. Maybe we should not be able to just change our passwords and ids just like that (my online id was sent in the post so maybe we should revert to that?) Maybe it should be referred to the fraud investigation section if both id and password are changed at the same time?I’m a Forum Ambassador and I support the Forum Team on the Debt free Wannabe, Budgeting and Banking and Savings and Investment boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. All views are my own and not the official line of MoneySavingExpert.
The 365 Day 1p Challenge 2025 #1 £667.95/£301.35
Save £12k in 2025 #1 £12000/£80000 -
As suggested above, don't phone a mobile and ask for a code to be entered into it, instead send an SMS and ask for that to be entered into the online banking - you normally need a PIN to read an SMS on a locked phone.enthusiasticsaver wrote: »What would be more useful is how do you think Lloyds or Halifax can improve their systems.
Also, if someone changes the registered email address, don't send an alert to the phone used to confirm it via SMS, send an email to new and old accounts.
As you suggest, the fact that I've twice changed my password and memorable information within a few days and that's not rung any bells is slightly alarming. I can accept allowing a change of password or memorable information fairly easily, but both at the same time?
As someone suggested above, if I e.g. shared a house or any similar situation where my phone was not beside me and accessible to someone else who knows some basic details about me and they could take the account is of concern. If it were that difficult to open a new account how come there are so many 'push' fraud transactions?
Bearing in mind I may be away from home and my mobile and wallet has potentially been stolen, how easy is it going to be out of hours to contact my bank (what's their phone number, where is the nearest payphone, what are my bank details etc. etc.) to report theft? It's not going to be as quick as someone can take my account and transfer some money.
Maybe I am paranoid, but as they say, that doesn't mean they aren't out to get you.0 -
The OP makes a very good point - this is something that can be done with someone's mobile phone, driving licence and Lloyds/Halifax card.
If it works with Lloyds and Halifax, then it'll probably work with BoS and TSB as they use very similar (if not identical) log in methods.
If you're unfortunate to have your wallet/purse stolen and are concerned about someone accessing your online banking details as detailed above, then the best way to stop this would be to phone your mobile phone's network provider ASAP (via a friend's phone or on a landline) and ask them to put a block on that SIM/number.
To be extra secure, phone up your bank and ask them to remove the mobile phone number from your online banking.:grouphug:
Official MSE canny forumite and HUKD VIP badge member :grouphug:0 -
As suggested above, don't phone a mobile and ask for a code to be entered into it, instead send an SMS and ask for that to be entered into the online banking - you normally need a PIN to read an SMS on a locked phone.
On Apple iPhones, the default setting on a locked iPhone is to display the message on the locked home screen. Therefore, codes can be read.:grouphug: Official MSE canny forumite and HUKD VIP badge member :grouphug:0 -
Now you mention it, I have a feeling that may be true on android too, although I've turned that option off for my own privacy and security. But at least it's an option you have control over. Or is someone also going to advise me I can set my phone up to have to enter a PIN to receive calls (mind, by the time I've done that it will have gone to voicemail anyway).On Apple iPhones, the default setting on a locked iPhone is to display the message on the locked home screen. Therefore, codes can be read.0 -
Supposing you don't have an online account, or a computer or a phone. That is the situation of my elderly housebound mother. She has her bank card and passport in her bag at all times. It would be an easy thing for an unscrupulous visitor to take her birthdate, her bank account details from her card, and knowing full well that she has no phone or computer, contact the bank concerned to set up online banking using their own phone and email details. How would anyone know? You need power of attorney to find out the slightest bit of useful info from a bank when enquiring on behalf of their customer (not you, obviously).
This is something that concerns me greatly having a vulnerable elderly relative, who trusts everyone who walks through her door. We don't even know their full names - it's just Tracy or Jack whatever from the council, constantly changing and unaccountable it seems to me.0 -
Perhaps a solution is to step back a little from all this instant technology and if you've forgotten vital information, it has to be posted out to you, or at least to your registered email address. That would build in a time buffer where the genuine customer might be inconvenienced, but there can't be any rapid changes to the account contents. I've not had to change one for years, but a lost PIN had to be posted out - so surely a password should have the same degree of protection, if not more so.You're resetting your password and memorable data from the I've forgotten it link so it can't ask you what your existing information was. The resetting of password and memorable data is authenticated via a received phone call to your (potentially locked) mobile.
I've just set up on-line banking on a newly resurrected dormant account and the passcode I needed to do so was sent out in the post in 2 halves a few days apart. So whilst the same unscrupulous person might have access to mail too - at least it makes it more difficult to intercept than using an email address they can access at any time without the account owner knowing anything about it.Beenie wrote:It would be an easy thing for an unscrupulous visitor to take her birthdate, her bank account details from her card, and knowing full well that she has no phone or computer, contact the bank concerned to set up online banking using their own phone and email details.
Maybe this falls into the category of being statistically improbable and within what banks might consider to be an acceptable risk, considering just how many hoops the potential crim would have to jump through to make this happen - and then potentially not get that much anyway - it certainly wouldn't be worth the effort with my account. I don't even have a driving licence or passport and most places I use a DOB (other than properly official places) I simply lie.enthusiasticsaver wrote:For this to work someone has to have the bank card, driving licence and mobile phone of someone and the person whose details were stolen would not have had time to alert the bank that their account could be targeted so the account could be frozen. The fraudster would also have to pay the money to another account (not that easy to open new accounts these days without id and it is not instant) so wherever the money is sent would be traceable, obviously they can withdraw in cash but it would all need to be done pretty quickly and the amounts would be limited to daily cash withdrawal limits.0 -
BooJewels, that is no safeguard in my opinion.
I am a 400mile round trip to my mother's, so I see her once every 4-6 weeks finances permitting. The carers are in three times a day, so every opportunity to intercept post.....0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.2K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards