We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Another Victim of NatWest's Insecure Banking Security Systems
NuttyBird
Posts: 50 Forumite
My Mother has been a victim of fraud to the sum of £19850 being stolen from her NatWest Bank Account. It looks like NatWest will not be making any attempt to get this money back in to her Account. Even though this is completely the fault of the bank due to their grossly negligent failure of the branch staff to recognise that a Fraud was in motion at the time and to take prompt action to stop it before the funds left the account.
Looking at my mother’s bank statements it is also evident that the money was still in her account when she went into the bank to express her concerns about the fraud that was in action at the time.
The events are as follows:
My mother received 2 missed calls from the same number that appears on the back of her bank cards. The following day she answered the call –who introduced themselves as the Fraud Team at NatWest. The caller clearly already had access to her bank account as they were able to list a couple of very recent transactions to try and build trust. To allow my mother to check the validity of the phone number and better verify, she asked to be called back later on her Landline Number, which she didn’t give them, but they obviously had it.
Overnight ‐ From Bank Statements it can be seen that 5 transfers between Deposit accounts and the linked Current account take place, totalling £15,752, via the compromised online banking system. My mother went into the local branch, expressed concern that she had been contacted by the Fraud Team and wanting to check her card was working. She Withdrew £35 as shown on the statement. The additional £15,752 was still in the account at this time totalling over £21,000.
The fact that my mother went into the branch, and spoke to a cashier about the fact the she had been contacted by the Fraud Team should have raised alarm bells with the cashier and a further investigation should have taken place. But no – this did not happen and unfortunate my 69 year old mother has now lost £20,000
Today she received a letter from their (can you believe) Customer Care Team! Saying that they fully sympathise that you have been the victim of a scam and such a large sum of money lost is life changing and extremely distressing, but as a bank – the NatWest are confident that they have not made any errors and they have done all they can to assist in the retrieval of her money. The letter also says “You don’t need to take any further action now” REALLY!! And “I hope it won’t be necessary, but you have the right to refer your complaint to the Financial Ombudsman Service.
We feel the NatWest is negligent in its Duty of care and we are strongly considering legal action.
Any advice greatly appreciated
Thanks
Looking at my mother’s bank statements it is also evident that the money was still in her account when she went into the bank to express her concerns about the fraud that was in action at the time.
The events are as follows:
My mother received 2 missed calls from the same number that appears on the back of her bank cards. The following day she answered the call –who introduced themselves as the Fraud Team at NatWest. The caller clearly already had access to her bank account as they were able to list a couple of very recent transactions to try and build trust. To allow my mother to check the validity of the phone number and better verify, she asked to be called back later on her Landline Number, which she didn’t give them, but they obviously had it.
Overnight ‐ From Bank Statements it can be seen that 5 transfers between Deposit accounts and the linked Current account take place, totalling £15,752, via the compromised online banking system. My mother went into the local branch, expressed concern that she had been contacted by the Fraud Team and wanting to check her card was working. She Withdrew £35 as shown on the statement. The additional £15,752 was still in the account at this time totalling over £21,000.
The fact that my mother went into the branch, and spoke to a cashier about the fact the she had been contacted by the Fraud Team should have raised alarm bells with the cashier and a further investigation should have taken place. But no – this did not happen and unfortunate my 69 year old mother has now lost £20,000
Today she received a letter from their (can you believe) Customer Care Team! Saying that they fully sympathise that you have been the victim of a scam and such a large sum of money lost is life changing and extremely distressing, but as a bank – the NatWest are confident that they have not made any errors and they have done all they can to assist in the retrieval of her money. The letter also says “You don’t need to take any further action now” REALLY!! And “I hope it won’t be necessary, but you have the right to refer your complaint to the Financial Ombudsman Service.
We feel the NatWest is negligent in its Duty of care and we are strongly considering legal action.
Any advice greatly appreciated
Thanks
Nutty Bird
£1 per day 2013
Build a savings pot
£1 per day 2013
Build a savings pot
0
Comments
-
... And “I hope it won’t be necessary, but you have the right to refer your complaint to the Financial Ombudsman Service.
We feel the NatWest is negligent in its Duty of care and we are strongly considering legal action.
Any advice greatly appreciated
Thanks
You refer your complaint to the FOS. If that fails, then by all means contact a solicitor in order to take legal action.0 -
You mention 'the compromised online banking system' but have you (or NatWest) established if and/or how online banking was actually compromised? The fact that they're washing their hands of this suggests (to me) that they believe that the security credentials were disclosed by the account holder....
I do get your point that (with hindsight) intervention after her branch visit may have prevented the large transfer, but with the dialogue between account holder and cashier being face to face rather than a routinely-recorded phone call it'll be tricky to establish exactly who said what though.0 -
First of all, you should make use of the Financial Ombudsman Service before considering taking legal action. You can do this straight away based on what the bank has told you.
My understanding is that NatWest uses card readers to verify outgoing payments to new destinations. So one question it would be useful to find the answer to is how were these payments made. Access to online banking and full details of login password/PIN should not have been enough. Perhaps while on the phone to the fraudsters she was asked to pop her card into the reader and type in some numbers, then read back the response to check her card was working?
It does seem as though more should have been done when she visited the branch. This is probably the main thrust of your argument for compensation. Though you would be best to word your complaint a little less emotively than you have done here.0 -
The title is somewhat misleading - it wasn't NatWest's Insecure Banking Security Systems but your mother's actions that enabled the fraudulent transaction.This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0
-
The title is somewhat misleading - it wasn't NatWest's Insecure Banking Security Systems but your mother's actions that enabled the fraudulent transaction.
The callers already had my Mothers details - so no their systems were clearly insecure as prior to any contact with my Mum they already had online access to her account, as they were able to register a new phone number on the account and quote her most recent transactions to gain her trust and she only ever used online banking on her iPhone, so low risk of a computer being compromised. A lot of news recently about various banks mobile banking apps being offline, so you have to wonder if that's because they've been hacked and are leaking peoples passwords.Nutty Bird
£1 per day 2013
Build a savings pot0 -
The callers already had my Mothers details - so no their systems were clearly insecure as prior to any contact with my Mum they already had online access to her account, as they were able to register a new phone number on the account and quote her most recent transactions to gain her trust and she only ever used online banking on her iPhone, so low risk of a computer being compromised. A lot of news recently about various banks mobile banking apps being offline, so you have to wonder if that's because they've been hacked and are leaking peoples passwords.
I'd say it was most likely that your mother divulged the necessary passwords.
Think about it logically for a minute; if the fraudsters "already had online access to her account" why would they need to contact her at all? They would already possess the capability to empty her account, and any subsequent contact would run the risk of warning the target.
That part of the story doesn't make sense, and “If it doesn't make sense, it's usually not true.” As the great Sheindlin puts it.0 -
There are a number of possible explanations as to how the fraudsters obtained enough of your mother's details to gain her trust, each with a different likelihood and responsible party. The bank clearly has taken a different view than your own. It would be prudent to consider why that might be.The callers already had my Mothers details - so no their systems were clearly insecure
Regardless of how the details were obtained, possession of those details were not sufficient for the fraudsters to empty the account. Otherwise they would not have needed to phone your mother - to do so unnecessarily would have been plain stupid. So, they called her to obtain things they didn't have. Based on what happened next, it would appear they got what they needed.0 -
....
My understanding is that NatWest uses card readers to verify outgoing payments to new destinations. So one question it would be useful to find the answer to is how were these payments made. Access to online banking and full details of login password/PIN should not have been enough....
The fraudsters would need the PIN in order to be able to generate the necessary code on a card reader. I suppose it's possible, if you have full details of login/password, to request a PIN reminder, but that is by snail mail and takes days, and would require either a change of address or intercept.0 -
To allow my mother to check the validity of the phone number and better verify, she asked to be called back later on her Landline Number, which she didn’t give them, but they obviously had it.
Simply call directory enquiries to obtain the number. The bank didn't divulge it.
How did they obtain her mobile number?0 -
OP, you may well get somewhere with the ombudsman, as their view is that banks should refund unless the customer has been "grossly" negligent (details here in MSE news story)."But it's not fair to automatically call a customer grossly negligent simply because they've fallen for a scam. That's especially true in light of the sophisticated way criminals exploit banks' security systems – and convince customers that their money is at risk.
You and your mum will need to be upfront about what information was disclosed to the fraudsters when they phoned, though. Your case won't necessarily be harmed (see the quote above) by having given some information away; it will be harmed if there are parts of the story that don't add up.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 619.8K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards