Santander Bank

18cc

Thanks for the apology. It is difficult to do much more than give pointers but some things you may want to ponder:

1. are you sure that the original call from security dept was indeed from Santander and not the fraudsters wanting to gain your DOB and PCD.

2. with your DOB and PCD - and card long number and CVV - they can display your Santander userid. They MAY have those debit card details as if it was Santander in 1. above then they made an online £1300 purchase using them (if it wasn't Santander then the text was a lie and there was no purchase it was just a ruse for when they called).

3. when you tried to logon was it simply account suspended or did you try to login with your credentials and got messages saying they were invalid - 2 tries left etc (implying they had been changed). The account could have been suspended by fraud dept or by the fraudsters trying 3 invalid logon attempts - but the branch visit implies it was Santander.

4. the fact that they could quote amounts (c tax etc) implies they did indeed have access to your account - the question is did they know your credentials or did they reset internet banking and change the credentials (hence 3. above). If they changed them they would have had to have access to your mobile phone to receive the OTP.

No solution I know but some things to mull over.

colsten

VTR1000 wrote: »

The exec complaints manager is ringing me back today to discuss my concerns that the access stemmed from them.

Did that happen? How did you leave matters with him/her?

ryan121

Santander does send those kinds of texts and they will phone you about it as well so that's perfectly normal.

As long as they've cancelled your card you should be fine and replying no should block that transaction. If someone tried to transfer all the money out of your account they would need the code via text that's only sent to you anyway so doing anything with your online banking is a waste of time.

I think you'll be fine but someone was able to get your card details somehow.

Also if you're using windows 10 all the security you need is built in. You don't need anything like malwarebytes anymore.

Terry_Towelling

VTR1000, can you confirm how you made your bet with Paddy Power?

Terry_Towelling

Terry_Towelling wrote: »

VTR1000, can you confirm how you made your bet with Paddy Power?

In the absence of an answer to this question from OP, I am forced to assume it was a card-present debit card transaction because OP refers to placing a bet at their 'local' Paddy Power for the Grand National and it appears on the bank account as Power Leisure.

This does not match with their contention that they didn't use their debit card for anything this year other than online road tax and a few cash transactions. So, was this just an oversight by OP and why share with us the fact that this was the only bet where they never won?

Sometimes I get the feeling that what appears to be just a way of exercising our minds (but not necessarily on this thread) is that some people are trying to invent fraud scenarios and then test them out on us for robustness. Should they prove to be watertight, just maybe they are a fraud worth committing, should they have holes in then more planning will be needed.

robatwork

The OP is ignoring some of the finer detailed questions, I guess we can draw our own conclusions as to why.

Terry_Towelling

robatwork wrote: »

The OP is ignoring some of the finer detailed questions, I guess we can draw our own conclusions as to why.

...and continues to do so - and their last post was quite final in the way it was signed off.

Other things that might be questioned are:-

1. Would a FTSE 100 company really only employ two people capable of remotely connecting to the endpoints of staff using its IT network?

2. Can a company really have an IP address registered to it on a permanent basis and is there a way of checking this registration on the internet? I don't have the knowledge in this area and was going to contact an IT friend of mine to ask - but couldn't be bothered in the end.

londoninvestor

Terry_Towelling wrote: »

...and continues to do so - and their last post was quite final in the way it was signed off.

Other things that might be questioned are:-

1. Would a FTSE 100 company really only employ two people capable of remotely connecting to the endpoints of staff using its IT network?

2. Can a company really have an IP address registered to it on a permanent basis and is there a way of checking this registration on the internet? I don't have the knowledge in this area and was going to contact an IT friend of mine to ask - but couldn't be bothered in the end.

1 seems pretty unlikely.

2 though is not at all uncommon - many large companies will do this rather than rely on a third party provider to manage the addresses. (It's probably a block of adjacent addresses, rather than literally a single address, but the point still stands that the owner of the address can be looked up in this situation.)

VTR1000

robatwork wrote: »

The OP is ignoring some of the finer detailed questions, I guess we can draw our own conclusions as to why.

Which would be what?

Would you question my honesty to my face?

I haven't signed in for days - nothing to report.

Terry_Towelling wrote: »

...and continues to do so - and their last post was quite final in the way it was signed off.

Other things that might be questioned are:-

1. Would a FTSE 100 company really only employ two people capable of remotely connecting to the endpoints of staff using its IT network?

2. Can a company really have an IP address registered to it on a permanent basis and is there a way of checking this registration on the internet? I don't have the knowledge in this area and was going to contact an IT friend of mine to ask - but couldn't be bothered in the end.

londoninvestor wrote: »

1 seems pretty unlikely.

2 though is not at all uncommon - many large companies will do this rather than rely on a third party provider to manage the addresses. (It's probably a block of adjacent addresses, rather than literally a single address, but the point still stands that the owner of the address can be looked up in this situation.)

It's a de-centralised company and pretty much each opco has their own IT team.

I put the IP address in a 'checker' and it came up with the opco that pays my salary.

BTW I paid Paddy Power with the debit card as I assumed they'd charge me extra for paying by credit card, other than that oversight there were no other payments.

Anyhoo, just off the phone from the executive complaints manager and it seems that Santander gave the info on Paddy Power/council tax out to someone who passes security with my card details and DOB/Address. Apparently, they wouldn't give any further details.

30 minutes later the they tried to order £1,300 on my account...

And for the doubters on here I might post a copy of the (redacted) Santander letter of apology.

VTR1000

ryan121 wrote: »

Santander does send those kinds of texts and they will phone you about it as well so that's perfectly normal.

As long as they've cancelled your card you should be fine and replying no should block that transaction. If someone tried to transfer all the money out of your account they would need the code via text that's only sent to you anyway so doing anything with your online banking is a waste of time.

I think you'll be fine but someone was able to get your card details somehow.

Also if you're using windows 10 all the security you need is built in. You don't need anything like malwarebytes anymore.

Thank you.

I know the text came from Santander - it's the way that the whole saga started.

What I am struggling with is how someone saw inside my wallet as it's the only way a stranger (assuming it is) would be able to get the details that got them past the initial Santander security. My driving licence is stored in my wallet too - which gives the address and DOB in an easily readable code format.

Yep, using Windows 10.If not needed I'll uninstall Malwarebytes.