Bank account hack without breaking into (stolen) mobile phone

Just discovered from a BBC broadcast that online banking typically allows your cashpoint card PIN to be viewed. If your phone and card are stolen together, fraudsters can easily set up online banking on THEIR phone. A one time access code is then sent to YOUR phone, but unless you have blocked notifications to your locked screen, the access code will briefly be revealed without even having to hack your phone.

Just checked my Android phone and altered settings to "Don't show notifications" on Lock Screen. Easy to fix, but some poor souls had lost thousands in no time.


  • Bradden
    Bradden Forumite Posts: 1,016
    Part of the Furniture 500 Posts Name Dropper Photogenic
    Good tip about notifications on lock screens.. thanks for sharing.
  • Thumbs_Up
    Thumbs_Up Forumite Posts: 954
    500 Posts First Anniversary Name Dropper Photogenic
    Usefull to know. You should post on the Banking section. More traffic there.
  • Brie
    Brie Forumite Posts: 8,248
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    Same applies to those of us with a smart watch.  I can see the notifications looking at my watch.
    "Never retract, never explain, never apologise; get things done and let them howl.”

    2023 £1 a day  £553.26/365
  • MalMonroe
    MalMonroe Forumite Posts: 5,783
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    Hi, many thanks for that. I wasn't aware and I have now also turned off 'notifications' on my android phone. 

    I also realised I was daft (not daft now, though) because my debit card was tucked into one of the little pockets of my mobile phone cover. Handy for me but of course really handy for thieves and hackers. Duh!

    Rectified.         :)
    Please note - taken from the Forum Rules and amended for my own personal use (with thanks) : It is up to you to investigate, check, double-check and check yet again before you make any decisions or take any action based on any information you glean from any of my posts. Although I do carry out careful research before posting and never intend to mislead or supply out-of-date or incorrect information, please do not rely 100% on what you are reading. Verify everything in order to protect yourself as you are responsible for any action you consequently take.
  • SiliconChip
    SiliconChip Forumite Posts: 1,139
    1,000 Posts Second Anniversary Name Dropper
    Just discovered from a BBC broadcast that online banking typically allows your cashpoint card PIN to be viewed.

    I don't know what the BBC broadcast actually said but it's not typical for the PIN to be visible in online banking. A few banks do allow it but most don't. None of the banks that I worked for on PIN processing systems between 1987 and 2008 held the PIN in a form where it could be viewed by either the customer or a member of staff, and i think it's extremely poor security for those banks that do allow it. I'm actually rather surprised that it's not against the VISA/Mastercard/Amex regulations, but apparently it isn't.

  • tacpot12
    tacpot12 Forumite Posts: 7,683
    Seventh Anniversary 1,000 Posts Name Dropper
    For iPhones, if you use the notification centre, you should also stop this being visible on the lockscreen. Instructions for this (for iPhones) are available here: How to Disable Notification Center on iPhone Lock Screen (
    The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.
  • custardy
    custardy Forumite Posts: 38,367
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    This will be the usual half story from the media.
    I have 5 banking apps on my phone. 
    All require passwords/fingerprints to access the app, let alone pin details.
    Thats assuming someone got my phone whilst it was unlocked in the first place.
  • Mnoee
    Mnoee Forumite Posts: 741
    500 Posts Third Anniversary Homepage Hero Name Dropper
    edited 6 September 2022 at 6:34PM
    Well, I tried this with my amazon newday card - to see if I could set up the app on a different device with just my locked phone and card.

    It asks for my username. 

    If I have forgotten my username, it wants my last name (on the card), date of birth, postcode AND card details.

    That seems secure enough to me!

    Edited: Tried first direct too. It wants my username, no option at all if I can't remember it. 

    Edit again: Starling needs a text message sent to my phone!!!... And then my password. Seriously, what banks only need your mobile number, as I am running out of cards here. 

    It might be possible with some banks, but in my very scientific experiment looking at just two three cards... 
  • Ectophile
    Ectophile Forumite Posts: 7,120
    Part of the Furniture 1,000 Posts Name Dropper
    I don't think it's got anything to do with breaking into banking apps.
    If you use your card online these days, it's very common to get a text message with a one-time code that you have to enter into the web site.  So someone can go on a spending spree with your card (or even a photograph of both sides of your card) and phone without ever hacking into any apps.
    If it sticks, force it.
    If it breaks, well it wasn't working right anyway.
Meet your Ambassadors


  • All Categories
  • 340.2K Banking & Borrowing
  • 249.1K Reduce Debt & Boost Income
  • 448.3K Spending & Discounts
  • 232K Work, Benefits & Business
  • 603.2K Mortgages, Homes & Bills
  • 171.6K Life & Family
  • 245.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards