We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Don't be fooled by cunning con artists
Comments
-
Are you seriously trying to construct a case that a stated desire to improve corporate culture (in the context of ethics, integrity, professionalism, etc) should somehow be compared with accepting financial liability for careless customers being tricked out of money by criminal fraudsters?! That's quite some leap you're making there....peterbaker wrote: »....a letter to FT by Marcus Agius and 16 other financial services chairmen/CEO's about improving their corporate culture....0 -
Cunning con artist can trip you up...if you say it fast. No warning about that from Barclays.I came into this world with nothing and I've got most of it left.0
-
That's the problem. Profit still comes first, doesn't it?Are you seriously trying to construct a case that a stated desire to improve corporate culture (in the context of ethics, integrity, professionalism, etc) should somehow be compared with accepting financial liability for careless customers being tricked out of money by criminal fraudsters?! That's quite some leap you're making there....
Why do most personal customers ever use a bank for anything thesedays? Same reason they always did in the Wild West. If they didn't put their money stash in the bank, they'd be constantly worried about being robbed as they went about their business, and business would be worried too about the even greater piles of cash they assimilated in their offices daily.
In the Wild West, banks made good profits out of that simple service and if anything bad happened, you could still always remonstrate with the manager whom you'd better have known personally else why would you trust the bank (in the Wild West)?
In all this, it is essential to restate and affirm the social purpose of financial institutions as well as affirming the personal vocation of those who work in the industry.
It is the bank's job to manage the risk of customers' stashes being robbed, and it beholds us all to fully affirm what the hell it is banks staff think they are there for. I can give you a starter for ten: it is not to deny the overall social purpose of the bank. And no, the social purpose of the bank is not to be able to report good works by smiling staff in t shirts out in the community cleaning up a canal-side, or visiting a childrens home for a photo to put in the Annual Report and Accounts!
If banks can't manage the digital risk their overly transparent and penetrable systems offer to robbers, then they should desist from offering digital access entirely and go back to branches with Mainwarings whom customers can trust, else get out of banking altogether. Oh and if the latter happened then maybe bank staff would have to find another interesting job, perhaps social care for vulnerable people at one end of a potential spectrum of usefulness or data science at the other, instead of pretending they already know everything about both and that they are following the letter of that 2010 industry grandees' letter when clearly they have scarcely read it, let alone ever understood it.0 -
EssexExile wrote: »'Cos us old people are really vulnerable!
I suppose I should thank the OP for the warning that after November I'll become vulnerable and will need to follow slavishly every word that he writes because obviously he knows best.0 -
Wow ! I work for a bank and your comments are very patronising. I'm also over 60.0
-
I'm sure you'll get over it, meer53. And now you've got me thinking about handsome final salary pensions on a near horizon - goodness knows why! Don't get scammed before you get there:pWow ! I work for a bank and your comments are very patronising. I'm also over 60.
Anyway, in case you hadn't noticed, there are huge and growing numbers of us over 60 along various spectra of- deprived to very comfortably off thanks,
- suffering significant early onset cognitive decline to staying sharp forever
- constantly worrying or even frightened of risk to very laid back
- in and out of hospital to fit as a butcher's dog
- don't really understand SMS let alone operate the smart features of a smartphone or a computer, to very Digital fluent
- etc
- etc
Oh by the way, if you find all my comments patronising maybe I ought to tell you that one line is word for word from Marcus Agius 2010 letter which I see Stephen Green also signed at the time if that meant anything then or since
0 -
I think you're taking that 2010 letter too literally! They didn't say anything about ceasing attempts to make a profit and remain commercial companies with that stated aim.peterbaker wrote: »That's the problem. Profit still comes first, doesn't it?
My reading of what was being said then (bearing in mind the toxicity of the prevailing industry issues back in 2010) is that they'd be taking reasonable steps to instil a culture that would prevent activities such as PPI mis-selling, LIBOR rate fixing, generous bonuses rewarding poor performance, over-aggressive acquisition strategies, ultra-risky loan books, contaminating retail banking with overlap with 'casino banking', etc, etc.
They clearly felt the need to be publicly taking steps to rebuild trust in a discredited industry, but nowhere do they make some sort of commitment to suddenly becoming benevolent charities and there's a reason for that!
The banks can and do manage their own risks but can't reasonably be expected to take responsibility for the actions of negligent customers.peterbaker wrote: »It is the bank's job to manage the risk of customers' stashes being robbed
[...]
If banks can't manage the digital risk their overly transparent and penetrable systems offer to robbers
In other words, if hackers directly breach the security perimeter of banks' online systems and access funds then that's obviously the banks' liability.
However, if a 'cunning con artist' phones up a customer and claims to be from the bank and persuades the customer either to divulge their credentials or to actually conduct transfers to fraudsters' accounts, then it's clearly never going to be viable for the bank to guarantee to pick up the tab for that, not least because in itself this would stimulate fraudulent activity, for the reason highlighted by MisterMotivated above.
I imagine that the authors of the letter were assisted by some fairly creative wordsmiths to come up with that, but the trouble with glib soundbites like that is that they're obviously open to (mis)interpretation. You choose to interpret that as meaning that they'll underwrite the consequences of customer negligence, but I simply don't make that connection, as explained above.peterbaker wrote: »In all this, it is essential to restate and affirm the social purpose of financial institutions as well as affirming the personal vocation of those who work in the industry.
Having said all that, I do find it difficult to reconcile their lofty aspirations with the subsequent cull of branches and do accept that this increases the reliance on online services, so I'm not blindly trying to defend the indefensible here....0 -
peterbaker wrote: »IIf you receive a phone call and you're not totally sure...
It might have been pertinent to warn customers what happens if you do get fooled and lose money from your account, not just by persons masquerading as your bank, but e.g. from Microsoft Tech Support.
Will you ever get your money back? Now there's a question with hopefully non-evasive answers from your bank, and well worth knowing in advance.
If you *do* get fooled? Contact your bank as soon as possible (there are a variety of channels available), have your card and/or account frozen if applicable, and raise a claim to hopefully recover your funds.
Why can't banks give more concrete promises? Because to an extent they have to weigh up every fraud/scam on its own merits and making anything akin to a legally enforceable promise would be suicide. First-party fraud exists. Even when the fraudulent activity is third-party they may deem the customer's activity to be so far outside the terms and conditions of the account that the bank can't be held liable (for example entrusting your card and PIN number to a carer or family member).
So why put out these ostensibly helpful but ultimately disingenuous (in your opinion) public service announcements? Well, firstly because some kind of prevention is better than nothing. A seat belt isn't guaranteed to save your life if you drive off a cliff, but the advice to wear a seat belt is still a sound one *in general*. Secondly, because fraud costs them money. Depending on the amounts involved and whether the customer is deemed to be vulnerable, the banks will often pay out even when they haven't made a recovery, i.e. they incur a loss. If a public awareness campaign can lead to a net reduction in these losses (i.e. cost of advertising < saving made) then it makes sense for them to do so.
I'm ultimately not sure what it is you expect banks to do.: )0 -
I thank you for engaging a little further eskbanker.Having said all that, I do find it difficult to reconcile their lofty aspirations with the subsequent cull of branches and do accept that this increases the reliance on online services, so I'm not blindly trying to defend the indefensible here....
Let's leave the letter for the moment and let others interpret it - it was afterall a letter supposedly approved by the legal departments up to 17 major financial services companies to be released as the gospel according to their highest ranking officers, so how else but to interpret it but literally ...
Some readers will recall that I entered the fray here on the forums recently to highlight Microsoft Tech Support Scam.
eskbanker you and others have several times referred to the carelessness of customers. I honestly do not think you have scoped how very little carelessness is required to facilitate some of these attacks.
A very good analogy I think is the security chain on our front doors. If we hear a knock on the door and we can't immediately identify who it is via the peephole, must we pretend we are not in?
Generally, I think most people might say, well if they look a bit rough, then yes, pretend not to be in, but otherwise the security chain allows you to open the door a few centimeters to see what they want without letting them in.
If they were a bit rough and up to no good, then many of us will realise that the security chain is pretty hopeless unless we are fit and 20 stone and can force the door shut as soon as we suspect their motive.
However, if they aren't rough looking, and I do recognise that I do indeed seem to have business with them, at what stage do I release the security chain and offer them tea, if not my debit card?
Physical security and face to face interactions are about as much as vulnerable customers can hope to control to any extent. Now hop over to the combination of telephone and Digital scenarios. These are the combined scenario which many older people in particular have little life-long experience. Telephone yes. Combination of telephone and digital, much less so.
Even cards with PINs are an unacknowledged problem for some senior citizens. An untold number have been writing down the PINs and tucking them in their purses next to their cards since they first started receiving the damned things! That's despite warnings to the contrary because no-one really bothered to engage with each individual customer to get the message properly across.
How many posters here understand what I mean by combination of telephone and digital?
How many understand that this type of combination potentially amplifies risks maybe 10 fold or a 100 fold or even 1,000 fold?
When I worked in banking, retail staff were warned that organised fraudsters might target them (the staff) on the way home or after work or in the pub and try to tempt them with as much as £1,000 for a customer recent bank statement or utility bill or other habitual ID verification and maybe one other piece of personal data. (Or worse). To many low paid bank staff that was a month's take home pay. Many bank staff are strapped for cash!
Now thankfully, not too many get tempted each year in percentage terms, but it is significant. So what has this to do with Microsoft Tech Support Scam? Again it is that word "combination". You will now find the same word or the word combine or combined in every revised GDPR set of T&Cs you have been asked to accept.
Enormous power is leveraged by combination of data from different sources including legally obtained data from telephone directories and data sold from surveys and very old data that on its own, the unitiated might think is harmless because of its age and "out of datedness". And we know what power does, don't we, irrespective of who we first think warned societies at large
Just today, Dixons Carphone Warehouse have admitted that TEN MILLION customers were affected by last year's data breach, and I have a nasty feeling that was not their first. When they first admitted the problem it was said to be only 1.2M customers. Who has that data now and what is it combined with? Is it combined with TWENTY-FIVE MILLION citizens' HMRC data lost in 2007? What else is it combined with before a scammer even picks up the phone to call you? A certain number of £1,000 backhander obtained details too I expect.
If I was an organised criminal running a call centre for scam purposes, I'd combine all sources of data I could get my hand on and train my operatives into easily filling in the gaps with confidence trickster spiels, and in the workarounds currently still possible to thwart various digital challenges and verifications.
So when a Microsoft Tech Support Scammer calls and is successful at his or her art, no bank should instantly think 'oh dear there is a high likelihood the customer has been very careless here - we must "investigate" - let's commiserate but direct them to Action Fraud' ... NO. That's not a fair general start point for any bank.
There is social purpose to a modern bank, same as there has always been to every bank ever. So mere commiseration and redirection/deflection is not good enough as a common corporate reaction to trending risks that are supposed to be controlled and managed as part of the service.
I had a discussion in the last few days in the case of my elderly friend about 3D-Secure, which will probably mean the most only to knowledgable bankers or eBanking specialists here in the forum. We were discussing how 3D-Secure had failed to stop reserved card transactions leaving my friend's account two and five days after the first direct transfers from the account which is the first time the bank responders had noticed something else afoot!
I know now, that Isignthis was probably used on at least one transaction - again only a small subset of posters might know what Isignthis is and an even smaller subset of MSE readers. It was used in my friend's case and it succeeded in fooling the bank who were aware of the Scam call and the missing direct transferred funds within an hour of the scammers getting off the line. So how can the reserved card transactions have been missed and not immediately disputed? As at today's date, 13 days after the scam, the main losses have been refunded, but the reserved card transactions still have not been refunded. The plan is that they now will be after tomorrow when a separate second signed letter is filed confirming the card transactions were not authorised by my friend.
I read that Isignthis have been denied operations in Australia. Part of the reason seems to be that numerous "flaw-related submissions" had been made to authorities about that system.
I do not believe that my elderly friend sat there on the phone and reeled off her card details on demand. She is an ex-bank employee! Nor do I believe she acknowledged any 3D-Secure challenges, so what might have happened? It is no use, and serves no social purpose to counter with "she must have done".
I doubt there are more than one or two MSE members with the knowledge to be able to argue the probabilities of that case all the way from from data science first principles, and even if there were, they are probably too busy elsewhere.0 -
Try this for size:Flobberchops wrote: »I'm ultimately not sure what it is you expect banks to do.- Be prepared to suffer reduced profits as an industry to fund much more investment in countering fraud that employs digital, and in offering re-opened senior-staffed local branches offering the alternative of full basic non-digital customer services
- slow the headlong leap into launching half-baked competitive ideas of market-leading innovation and constant churning of customers aided unfortunately by switch ideas here on MSE!
- work together toward social purpose and making sure their staff do not question it as was ostensibly their affirmation in the 2010 letter
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards