Nat West say "Device ID" proves I'm a fraudster?

waveyjane

Thanks - they've paid the disputed transactions back, but not offered compensation. I would guess it would take things to another level if I asked them. To be fair, I've not spent that much time on this really though - a couple of hours writing letters and making phone calls perhaps. But I think you're right about switching banks. I've been with them for 25 years!

robatwork

waveyjane wrote: »

Not so fast - it's probably the TCP/IP model we are discussing, which isn't about strict hierarchical encapsulation and layering as per OSI.

But I know what you mean. :beer:

Now that's true. But your router or phone via 4G still won't be letting your MAC address out onto a website

waveyjane

robatwork wrote: »

Now that's true. But your router or phone via 4G still won't be letting your MAC address out onto a website

Yes. As an aside to all this, the fact that I've not been able to find out what the fabled "device ID" is actually comprised of makes me think it's probably secret. All the information I've found on it is super vague

And of course we're no nearer any kind of clue as to how the fraud was done, with or without any evidence of the device ID being spoofed in some way. What, for example, prevents a bent member of the fraud team doing it? They're the only ones with access to both my card details AND my device ID. I'll get my tin-foil hat... :undecided

robatwork

Unless you get someone who
a) works in bank security AND
b) is happy to reveal something they probably shouldn't
I expect it will remain a mystery.

I would speculate the DeviceID is something hashed out of the connecting IP and some token that the app passes across based on your login details, and possibly session ID.

Pretty annoying for you, and they have several regulations to hide behind if they want to cover up a mistake or some internal shenanigans.