We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Santander Bank
Options
VTR1000
Posts: 22 Forumite
How does this happen?
11 April I get a text from my bank asking if an online debit card transaction for £1,300 is mine – reply Y or N. I reply N and within seconds get a phone call from the security dept. asking questions to confirm it’s not related to me.
Online banking cancelled a few hours later and no access to current account without going in to a branch – and only then after going through security who allow the branch access to my account which is cancelled immediately after withdrawal has taken place. This continues for three weeks before they finally allow me access.
I raise a complaint due to the lack of info and other things that happen during the ‘suspension’.
Turns out that while I was speaking to security saying it wasn’t me, someone else was on the phone to the bank at the same time stating the payment was genuine – I’m assuming the online retailer referred the thief to the bank? They got through to security to discuss the transaction by answering a number of security questions, including my monthly direct debit for council tax (even I didn’t know the value of the direct debit) and more importantly, a transaction at my local Paddy Power on the 6 April – Grand National, only time I ever bet and never won… What is strange is that the impersonator quoted the transaction as Power Leisure, rather than Paddy Power, which to me means they’ve been in my account.
I therefore asked for all the IP addresses to the online log in’s to my account from the 6th to the 11th – I’ve gone through my browser history and they’re all me.
My security details have never been written down anywhere and I’ve only accessed my account from home or office laptop – never a public internet access point. I’ve never had any scam phone calls and buy everything with my credit card, settling the account in full every month.
Hopefully the above makes sense.
My question is; how does a scammer get that level of detail without working at the bank?
11 April I get a text from my bank asking if an online debit card transaction for £1,300 is mine – reply Y or N. I reply N and within seconds get a phone call from the security dept. asking questions to confirm it’s not related to me.
Online banking cancelled a few hours later and no access to current account without going in to a branch – and only then after going through security who allow the branch access to my account which is cancelled immediately after withdrawal has taken place. This continues for three weeks before they finally allow me access.
I raise a complaint due to the lack of info and other things that happen during the ‘suspension’.
Turns out that while I was speaking to security saying it wasn’t me, someone else was on the phone to the bank at the same time stating the payment was genuine – I’m assuming the online retailer referred the thief to the bank? They got through to security to discuss the transaction by answering a number of security questions, including my monthly direct debit for council tax (even I didn’t know the value of the direct debit) and more importantly, a transaction at my local Paddy Power on the 6 April – Grand National, only time I ever bet and never won… What is strange is that the impersonator quoted the transaction as Power Leisure, rather than Paddy Power, which to me means they’ve been in my account.
I therefore asked for all the IP addresses to the online log in’s to my account from the 6th to the 11th – I’ve gone through my browser history and they’re all me.
My security details have never been written down anywhere and I’ve only accessed my account from home or office laptop – never a public internet access point. I’ve never had any scam phone calls and buy everything with my credit card, settling the account in full every month.
Hopefully the above makes sense.
My question is; how does a scammer get that level of detail without working at the bank?
0
Comments
-
Who else lives in your house?0
-
Malware on your pc?0
-
Where are your bins and do you shred things? Would this I for have been on statements that were thrown away? A lot of identity theft is digital but there is still a large amount of it that comes from the old fashioned technique of sifting rubbish0
-
The first text message was a phishing scam, the follie up phone call from 'security ' was part of the scam.
The phone call gave the scammers your security answers which they then used to contact your bank and impersonate you.
You are how this happened.0 -
Thanks for all the replies. I'll respond to the posts in order:
1) My wife is the only other person living in our home and she doesn't know the login details as I do all of the online banking and the details aren't written down anywhere.
2) PC regularly scanned by Malwarebytes, but there are two security password/number sets that must be known before you can login and these are never asked for in full, so unless someone was extremely lucky to get the same requests as I had previously entered (within three attempts) the account would have been locked.
3) We don't have paper statements.
4) Not sure if you've ever had a call from Santander security but they never ask for the full details of the security code, so they didn't get enough from me to get through to the account. Secondly the text asked about a specific shop (Louis Viutton) which Santander confirmed. The thief had already tried to make the transaction before I was called. Thirdly, of the security questions answered by the thief I've only ever confirmed DOB in a call - so the other stuff didn't come from me.0 -
penners324.
The thief was on the phone to Santander at the same time I was - the info could not possibly have come from me, so I'm confident I am not how this happened.0 -
what info 'exactly' did you give to 'santander' when they called you.
saying santander 'never ask full details of a security code' is meaningless0 -
Turns out that while I was speaking to security saying it wasn’t me, someone else was on the phone to the bank at the same time stating the payment was genuine – I’m assuming the online retailer referred the thief to the bank? They got through to security to discuss the transaction by answering a number of security questions, including my monthly direct debit for council tax (even I didn’t know the value of the direct debit) and more importantly, a transaction at my local Paddy Power on the 6 April – Grand National, only time I ever bet and never won… What is strange is that the impersonator quoted the transaction as Power Leisure, rather than Paddy Power, which to me means they’ve been in my account.
How do you know all these details?0 -
In order.
1) the 3rd and 5th digit of my security code & DOB/post code. That in isolation isn't enough - trust me, I know. The impostor also gave them my council tax bill/the last payment I made on my debit card.
2) They told me that someone claiming to be me was trying to release the payment at the same time I was talking to security.
3) see above0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards