A Solution To Banking Scams?

RG2015

I try to be vigilant and hope I can avoid being scammed. I have had fraudulent transactions on my credit card but have no way of knowing how this occurred. I now check every account every day. 

Despite all of the warnings, a lot of people are tricked into revealing security information and losing money. Sadly, I cannot see anything that would stop this.

I always assume that every phone call I receive is a potential scam. Similarly, every text and email is treated with suspicion. I have even double checked communications from family if it is unusual in any way.

And finally, when I am online I never ignore any slight change or anomaly on any website. It is a pain when a company, especially a bank, updates its site without telling me.

The most dangerous form of complacency is to say "It looks odd but it will probably be fine" and just carry on. 

MattMattMattUK

UKMAN1969 said:

I know what your saying but I am not in a position to protect it, I don't think its something that is protectable.

The one thning I do know it that it is bulletproof as far as scammers go, it stops them dead in their tracks 100%

Nothing is ever as secure as it's designers think it is. There will always be weak links in any system and even if they are not technical they are often the human element, some people will always be idiots and you cannot prevent that. In theory 2FA protects against almost all fraud/hacking/unauthorised access issues, until you put a human user doing something stupid into the loop, in which case the security fails. 

If you are unable to protect it then it has little to no value to you, your best bet would be to fully document it, get it published and peer reviewed and then you might be able to get some consultancy fees, public speaking engagements etc. from being the one who created an unbreakable bank security. 

The reality is that unless you plan on magically imbuing the whole of humanity with common sense you will ever solve scams.

cx6

This is just part of the generic problem set of 'I have an idea about how something can be improved - how can I protect and hopefully monetise it?'.

This (and other ideas) come under the heading of intellectual property. You therefore need to research what you ned to do to protect an idea before releasing it.

Goggle is helpful if you ask how to protect IP and ideas.

RG2015

MattMattMattUK said:

MUKMAN1969 said:

I know what your saying but I am not in a position to protect it, I don't think its something that is protectable.

The one thning I do know it that it is bulletproof as far as scammers go, it stops them dead in their tracks 100%

Nothing is ever as secure as it's designers think it is. There will always be weak links in any system and even if they are not technical they are often the human element, some people will always be idiots and you cannot prevent that. In theory 2FA protects against almost all fraud/hacking/unauthorised access issues, until you put a human user doing something stupid into the loop, in which case the security fails. 

If you are unable to protect it then it has little to no value to you, your best bet would be to fully document it, get it published and peer reviewed and then you might be able to get some consultancy fees, public speaking engagements etc. from being the one who created an unbreakable bank security. 

The reality is that unless you plan on magically imbuing the whole of humanity with common sense you will ever solve scams.

Excellent post, but I must challenge the final paragraph. It is too easy to conclude that victims of scams are lacking in common sense. I suspect banks and the like assume this to be the case, even if subconsciously.

Even if this was not exactly what you meant to say, it is likely what you believe, albeit subconsciously.

I do not believe that banks are doing enough. Too many people are transferring large funds in an uncharacteristic fashion and the banks are not challenging this. There must be algorithms that can allow these to be intercepted and held in suspense pending confirmation.

This is the way to stop the problem, at source, rather than the OP’s magic wand.

sheramber

I made a bank  transfer to a company for work done.  It was not very large amount  ( £4000) but was more than I normally paid out.

It took 45 minutes for me to answer questions and convince my bank's fraud department that I was not being scammed.

cx6

45 mins? You lucky lucky person.....

I had to go down to the branch with my passport.

the transfer, by the way, was to an account in my own name albeit at a different bank.

MattMattMattUK

RG2015 said:

MattMattMattUK said:

MUKMAN1969 said:

I know what your saying but I am not in a position to protect it, I don't think its something that is protectable.

The one thning I do know it that it is bulletproof as far as scammers go, it stops them dead in their tracks 100%

Nothing is ever as secure as it's designers think it is. There will always be weak links in any system and even if they are not technical they are often the human element, some people will always be idiots and you cannot prevent that. In theory 2FA protects against almost all fraud/hacking/unauthorised access issues, until you put a human user doing something stupid into the loop, in which case the security fails. 

If you are unable to protect it then it has little to no value to you, your best bet would be to fully document it, get it published and peer reviewed and then you might be able to get some consultancy fees, public speaking engagements etc. from being the one who created an unbreakable bank security. 

The reality is that unless you plan on magically imbuing the whole of humanity with common sense you will ever solve scams.

Excellent post, but I must challenge the final paragraph. It is too easy to conclude that victims of scams are lacking in common sense. I suspect banks and the like assume this to be the case, even if subconsciously.

Even if this was not exactly what you meant to say, it is likely what you believe, albeit subconsciously.

Oh no you are right, I do presume a some people lack common sense, this is evidenced by human behaviour. The banks constantly tell people that they do not ask for passwords, they do not ask for login details, they do not ask you to transfer money etc. time after time. I get these message nearly every time I log in to my personal bank account, we are told this again and again in the media, yet people still do these things. 

RG2015 said:

I do not believe that banks are doing enough. Too many people are transferring large funds in an uncharacteristic fashion and the banks are not challenging this. There must be algorithms that can allow these to be intercepted and held in suspense pending confirmation.

There are algorithms that can do this, the problem is that they have a fairly high false positive rate, quite a lot of people make "unusual" transactions when you take a population of 55 million adults, so hey have been dialled down to a level that can be managed and is not too intrusive on the ability of users to operate bank accounts. I triggered fraud blocks when I attempted to transfer my deposit on my flat, in the end I had to arrange a video call and show my face and passport to get things unblocked. For my business bank account I have had transactions blocked temporally because I tried to pay a European supplier etc. However they won't like false positives, customers don't like false positives as they take time to resolve an are inconvenience. 

Things like Confirmation of Payee, 2FA and other methods are there to stop unauthorised access to accounts. Unauthorised access to online accounts does still happen, but more often than not the access and the transfer are fully authorised by the account owner, they are not doing what they thought they are doing though. That is down to social engineering and is far harder for the banks to tackle, especially when everyone wants things done quicker and made simpler. It also becomes a bit like squeezing dough, you can not actually make the dough any smaller, if you squeeze the fraud in one place it pops out somewhere else, you can keep squeezing indeed the banks must try to stay one step ahead of the criminals, but they will continue to evolve their methods. Then banks are well aware of this and know that the weak link in any security system will always be the human, if someone wants to transfer money to someone they there will always be people who can be persuaded to transfer that money to the wrong person, to the fraudster, the only way to make it impossible to transfer money to the fraudsters is to stop people transferring money. 

RG2015 said:
This is the way to stop the problem, at source, rather than the OP’s magic wand.

I don't think we will ever stop it entirely, we can keep attempting to minimise it, to increase the chance of recovering the funds or the likelihood of catching the criminals, but deception happens even in the animal world, it has evolved throughout human history and for many millions of years before we existed, we will never stop it entirely because where there is a niche it will always be exploited, either in evolutionary terms or by criminals. 

jimjames

MattMattMattUK said:

RG2015 said:

MattMattMattUK said:

MUKMAN1969 said:

I know what your saying but I am not in a position to protect it, I don't think its something that is protectable.

The one thning I do know it that it is bulletproof as far as scammers go, it stops them dead in their tracks 100%

Nothing is ever as secure as it's designers think it is. There will always be weak links in any system and even if they are not technical they are often the human element, some people will always be idiots and you cannot prevent that. In theory 2FA protects against almost all fraud/hacking/unauthorised access issues, until you put a human user doing something stupid into the loop, in which case the security fails. 

If you are unable to protect it then it has little to no value to you, your best bet would be to fully document it, get it published and peer reviewed and then you might be able to get some consultancy fees, public speaking engagements etc. from being the one who created an unbreakable bank security. 

The reality is that unless you plan on magically imbuing the whole of humanity with common sense you will ever solve scams.

Excellent post, but I must challenge the final paragraph. It is too easy to conclude that victims of scams are lacking in common sense. I suspect banks and the like assume this to be the case, even if subconsciously.

Even if this was not exactly what you meant to say, it is likely what you believe, albeit subconsciously.

Oh no you are right, I do presume a some people lack common sense, this is evidenced by human behaviour. The banks constantly tell people that they do not ask for passwords, they do not ask for login details, they do not ask you to transfer money etc. time after time. I get these message nearly every time I log in to my personal bank account, we are told this again and again in the media, yet people still do these things. 

The banks might constantly tell people that but then go against their own rulings/advice when they phone out of the blue and want to take you through security. They tend to get quite annoyed when you refuse yet it's someone calling unexpectedly that claims to be your bank but you have no way to know if they are or not.

Thrugelmir

RG2015 said:

MattMattMattUK said:

MUKMAN1969 said:

I know what your saying but I am not in a position to protect it, I don't think its something that is protectable.

The one thning I do know it that it is bulletproof as far as scammers go, it stops them dead in their tracks 100%

Nothing is ever as secure as it's designers think it is. There will always be weak links in any system and even if they are not technical they are often the human element, some people will always be idiots and you cannot prevent that. In theory 2FA protects against almost all fraud/hacking/unauthorised access issues, until you put a human user doing something stupid into the loop, in which case the security fails. 

If you are unable to protect it then it has little to no value to you, your best bet would be to fully document it, get it published and peer reviewed and then you might be able to get some consultancy fees, public speaking engagements etc. from being the one who created an unbreakable bank security. 

The reality is that unless you plan on magically imbuing the whole of humanity with common sense you will ever solve scams.

Excellent post, but I must challenge the final paragraph. It is too easy to conclude that victims of scams are lacking in common sense. I suspect banks and the like assume this to be the case, even if subconsciously.

Often the case that those with higher IQ's . As they overide common sense with their own brain power. 

masonic

Sensory said:

masonic said:

What RG2015 might be referring to is a telephone password that the bank must give you if they call you. One bank is now sending push notifications in their app which enable both parties to verify they are talking to the right person, rather like authorising a debit card transaction. No system is perfect though, as people can always be persuaded to do the wrong thing.

Yes, just like convincing a victim to reveal an OTP, verifying via push notification is just another vector for fraudsters to bypass via social engineering. There are quite a few services that verify via push notification too (as an alternative in addition to OTP). As long as a system allows users to trigger a request for an OTP/push notification, there's always a possibility that a fraudster could do it too.

I think you misunderstand. The push notification is sent by customer services at the bank to notify the customer they are on the phone to a genuine bank employee. It is sent while the the bank is on the phone with the customer. The customer must authenticate within the app and confirm the notification. The customer can decline the notification if they are not currently on the phone to their bank. This gives pretty good protection because the fraudster has no way of sending the push notification (without compromising the bank's IT system) and a man in the middle would be very tricky to execute while the fraudster is on the phone with the genuine bank customer services in order to get CS to push out the notification at the right time. As such it prevents the need for customers to disclose "memorable information" to an unauthenticated caller.

I do agree that it is easily bypassed if the customer does not know to require it whenever someone claiming to be from the bank calls.