We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Natwest Online Banking Hacked
Options
Comments
-
It was good of the OP to quickly create an account and post the details to warn us though..0
-
To access my online banking, they needed to have known an 8 digit numerical pin number, an alphabetical password and my full internet banking username. These figures were unique to my online banking, not used on any other account, not written down and I've never disclosed them to anyone.
NatWest are right, there are several ways to obtain this and its not worth worrying over.
One of the most common ways is people creating false wifi networks ('evil twins') which allow them to see everything you are doing online. Then there's computer malware which either logs keystrokes, or accesses places where these details might be unintentionally stored. Then there's just people who secretly film what you are doing in slow mo, replaying the footage to see what you typed. And if you get hold of enough personal information, access to email accounts etc you can usually change login details to most things without the person knowing anyway.
Natwest are refunding you and that's all that really matters.0 -
This doesn’t explain how the fraudster was able to authorise the new payee set up with the OP’s debit card and PIN in the card reader.NatWest are right, there are several ways to obtain this and its not worth worrying over.
One of the most common ways is people creating false wifi networks ('evil twins') which allow them to see everything you are doing online. Then there's computer malware which either logs keystrokes, or accesses places where these details might be unintentionally stored. Then there's just people who secretly film what you are doing in slow mo, replaying the footage to see what you typed. And if you get hold of enough personal information, access to email accounts etc you can usually change login details to most things without the person knowing anyway.
Natwest are refunding you and that's all that really matters.0 -
This doesn’t explain how the fraudster was able to authorise the new payee set up with the OP’s debit card and PIN in the card reader.
The payment was made via telephone banking. It seems the security system Natwest were using for this was:
- Person passed phone security
- Text message with OTP was sent to OPs phone to verify transaction, but never asked for
- Payment made over phone
Prior to this the fraudster had accessed online baking, presumably to look over transactions so that they could pass phone security.
It is p0 -
yes the payment was made via telephone banking and presumably the way they got through security is natwest asking questions like how much is your water direct debit or some other things like that which the op says the fraudster managed to get by logging onto their account and browsing their direct debits
in the end who knows i would be doubtful if any bank would use such simple verification to authorise payments for a new payee but who knows you just cant get the staff these days..0 -
I must say, I sometimes got through telephone security, at several different banks, without having my debit card or my telephone password to hand. Nationwide was the most recent one I can remember. They asked me things like whether my account is sole or joint, what my balance is (and accepted a very approximate number), the most recent payment made (and accepted one of several recent payments, with approximate amounts), or random characters from my password. Plus the usual - name, DoB, address.
in the end who knows i would be doubtful if any bank would use such simple verification to authorise payments for a new payee but who knows you just cant get the staff these days..
In none of these cases did I set up a new payment, however. It may well not have been possible to do that, I don't know.0 -
Theundertow99 wrote: »Cheers. I asked for this on the phone. The woman told me that DSAR's have to be sent in writing but she could tell me, straight away, that they would not provide me with a copy of the call as it was not me who was on the call and, therefore, it could be a data protection breach to provide me with the call. She said they would only provide calls, relating to fraud cases, to the police. I will, however, submit a DSAR requesting it anyway.
But according to them, when they authorised the setting up of a new payee, & then when making the payment/transfer, it was you
Have you reported it to the police / action fraud?0 -
But according to them, when they authorised the setting up of a new payee, & then when making the payment/transfer, it was you
Have you reported it to the police / action fraud?
All covered in previous posts.
As far as reporting the incident is concerned, you would only do that if it had actually happened.0 -
in the end who knows i would be doubtful if any bank would use such simple verification to authorise payments for a new payee but who knows you just cant get the staff these days..
Not so long ago, after passing basic phone security on my Barclay card I was able to change my address and then get a new card AND pin reminder sent to the new address, all on one call. Pretty sure they weren't supposed to do this but as you say, untrained staff.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards