Lloyds or Halifax bank accounts are easily stolen

BooJewels

Beenie wrote: »

BooJewels, that is no safeguard in my opinion.

I am a 400mile round trip to my mother's, so I see her once every 4-6 weeks finances permitting. The carers are in three times a day, so every opportunity to intercept post.....

I just wanted to offer the information that on-line banking can't just be set up with a phone and e-mail account, so it is slightly more complicated and does offer additional opportunities to protect that information. Maybe a locked box for mail that only one person you trust has a key for etc. You may have to become inventive in finding ways to protect her.

I think I may have seen it in another thread, but are you looking at an LPA for your Mum? We're just setting one up for my Dad as he wants to get it done before it potentially becomes an issue.

d123

Emily_Joy wrote: »

In most cases these PIN's are requested by SIM/Android OS. Therefore anyone who can intervent with bootloader process will bypass them without noticing.

Not directly related to the OPs story, but sim PIN's have got nothing to do with what handset is used, and bootloader process will not bypass them. It's effectively coded into the sim card and if active will disallow moving the sim to another handset or use after rebooting. Inputting the wrong PIN will block the card either requiring a PUK or even permanently deactivating the sim card, depending on number of wrong attempts made.

Pound

Jeddy wrote: »

As suggested above, don't phone a mobile and ask for a code to be entered into it, instead send an SMS and ask for that to be entered into the online banking

But anyone could just put the SIM in their own phone and read the messages sent to it.

enthusiasticsaver

Jeddy wrote: »

As suggested above, don't phone a mobile and ask for a code to be entered into it, instead send an SMS and ask for that to be entered into the online banking - you normally need a PIN to read an SMS on a locked phone.
Also, if someone changes the registered email address, don't send an alert to the phone used to confirm it via SMS, send an email to new and old accounts.
As you suggest, the fact that I've twice changed my password and memorable information within a few days and that's not rung any bells is slightly alarming. I can accept allowing a change of password or memorable information fairly easily, but both at the same time?
As someone suggested above, if I e.g. shared a house or any similar situation where my phone was not beside me and accessible to someone else who knows some basic details about me and they could take the account is of concern. If it were that difficult to open a new account how come there are so many 'push' fraud transactions?
Bearing in mind I may be away from home and my mobile and wallet has potentially been stolen, how easy is it going to be out of hours to contact my bank (what's their phone number, where is the nearest payphone, what are my bank details etc. etc.) to report theft? It's not going to be as quick as someone can take my account and transfer some money.
Maybe I am paranoid, but as they say, that doesn't mean they aren't out to get you.

You make some valid points especially when you point out how many times you have changed your password and other information over the last few days with no question. I think if you are vulnerable to this sort of fraud by living in shared or insecure accommodation then I would be putting some sort of extra security in or changing banks. Santander seem pretty hot on fraud and they use OTP via mobile phone and do extra security checks if you use a device you have never used before.

northwalesd

Jeddy wrote: »

Or is someone also going to advise me I can set my phone up to have to enter a PIN to receive calls (mind, by the time I've done that it will have gone to voicemail anyway).

There are apps for this functionality available in the Play store.

d123

Pound wrote: »

But anyone could just put the SIM in their own phone and read the messages sent to it.

Not if a PIN is set on the SIM card.

Dobbibill

This is all very well and based on a number of assumptions such as the person does internet banking, has their mobile number registered on internet banking and also doesn't report it as a lost/stolen device to their bank.
ETA - They don't log in with fingerprint ID.

From what I've read, the only thing you haven't done is now tried to move all your money out of your account without it being blocked for a fraud check and long term the phone would be reported as stolen, blocked etc so unless you change the phone number your access is going to remain very short term and you need to move everything out to a new payee ASAP.

Emily_Joy

I think the problem here is that a transaction which would concern a customer doesn't ring the bell for online banking security team. On the other hand, why would you carry around on a daily basis sufficient data to get access to an account which has £££ at first place? In countries where this sort of fraud is common there is typically neither name nor account number printed on the cards.

TheBankThatLikesToSayNo

Let us assume you lose your phone and bank cards and driving license, very possible, and don't notice, maybe you are on a night out etc. You can protect yourself.

1. You can set a four digit pin on your actual SIM card within your phone, therefore, even if the phone is lost/stolen not reported lost/stolen (assuming the phone has a lock (touch ID etc) then whoever has it then tries to put it in another phone, cannot use the sim. In addition, disable notifications on your lock screen so that codes sent to your phone cannot be seen. The user gets three attempts to unlock the SIM card, and can then contact your phone company for a possible code beyond that, you should check if your phone company has sufficient safeguards to prevent the code being given out to the "wrong" person.

2. Do not carry your phone and bank cards/driving license or anything that can ID you in the same wallet/case. Many modern phone cases allow this, do not use them, they are a security risk should your phone get lose or is stolen. KEEP THEM SEPARATE!!!!

3. Try to use cash or contactless phone payment systems such as Apple Pay where possible, over the coming years, these systems will become more accessible, in theory there will be no need to carry your bank cards in the end, instead carry cash for emergencies should the payment system fail, or you lose your phone.

4. Change your pin and online banking details on a regular basis, do not allow your computer to save any part of your banking login, even if it is just the username. In addition, do not use a local mail client such as Microsoft Outlook or Apple Mail. This prevents someone from seeing your emails or cached login name and initial password even if they get access to your computer account. Don't register your home landline as a recovery phone number either, unless your can trust everyone within your household 100%!!!!!. I am not sure how it works with banks and giving you money stolen back, but I know house insurance won't be valid if you share your house with someone who has a criminal record on many policy.

5. Use common sense, keep an eye on your stuff and don't be stupid.

6. Change banks, RBS/Natwest/Child/Drummonds does not have account numbers on the cards, I don't know why other banks don't follow.

TheBankThatLikesToSayNo

ttp://c7.alamy.com/comp/D9P7F1/ezio-lloyds-bank-card-reader-online-banking-security-device-D9P7F1.jpg

(Add a "h" to the start of the link)

What happened to these then?

I am a Lloyds customer although only for a few years. Why did they scrap them?????