We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Bank account hack without breaking into (stolen) mobile phone
Granadalad
Posts: 42 Forumite
Just discovered from a BBC broadcast that online banking typically allows your cashpoint card PIN to be viewed. If your phone and card are stolen together, fraudsters can easily set up online banking on THEIR phone. A one time access code is then sent to YOUR phone, but unless you have blocked notifications to your locked screen, the access code will briefly be revealed without even having to hack your phone.
Just checked my Android phone and altered settings to "Don't show notifications" on Lock Screen. Easy to fix, but some poor souls had lost thousands in no time.
3
Comments
-
Good tip about notifications on lock screens.. thanks for sharing.3
-
Usefull to know. You should post on the Banking section. More traffic there.2
-
Same applies to those of us with a smart watch. I can see the notifications looking at my watch.I’m a Forum Ambassador and I support the Forum Team on Debt Free Wannabe and Old Style Money Saving boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. All views are my own and not the official line of MoneySavingExpert.
"Never retract, never explain, never apologise; get things done and let them howl.” Nellie McClung
⭐️🏅😇1 -
Hi, many thanks for that. I wasn't aware and I have now also turned off 'notifications' on my android phone.
I also realised I was daft (not daft now, though) because my debit card was tucked into one of the little pockets of my mobile phone cover. Handy for me but of course really handy for thieves and hackers. Duh!
Rectified.
Please note - taken from the Forum Rules and amended for my own personal use (with thanks) : It is up to you to investigate, check, double-check and check yet again before you make any decisions or take any action based on any information you glean from any of my posts. Although I do carry out careful research before posting and never intend to mislead or supply out-of-date or incorrect information, please do not rely 100% on what you are reading. Verify everything in order to protect yourself as you are responsible for any action you consequently take.1 -
I don't know what the BBC broadcast actually said but it's not typical for the PIN to be visible in online banking. A few banks do allow it but most don't. None of the banks that I worked for on PIN processing systems between 1987 and 2008 held the PIN in a form where it could be viewed by either the customer or a member of staff, and i think it's extremely poor security for those banks that do allow it. I'm actually rather surprised that it's not against the VISA/Mastercard/Amex regulations, but apparently it isn't.Granadalad said:Just discovered from a BBC broadcast that online banking typically allows your cashpoint card PIN to be viewed.
3 -
For iPhones, if you use the notification centre, you should also stop this being visible on the lockscreen. Instructions for this (for iPhones) are available here: How to Disable Notification Center on iPhone Lock Screen (howtogeek.com)The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.1
-
I don't buy it
My banking app doesn't open without biometrics ( fingerprint) , a pin , or password and 2FA .
Without any of the above your card PIN in never visible to a Thief.
I suspect someone had their app pin stupidly written down and available for use by the thief.
To set the app up on another phone I need access to the app on the old phone .Ex forum ambassador
Long term forum member5 -
This will be the usual half story from the media.
I have 5 banking apps on my phone.
All require passwords/fingerprints to access the app, let alone pin details.
Thats assuming someone got my phone whilst it was unlocked in the first place.0 -
Well, I tried this with my amazon newday card - to see if I could set up the app on a different device with just my locked phone and card.
It asks for my username.
If I have forgotten my username, it wants my last name (on the card), date of birth, postcode AND card details.
That seems secure enough to me!
Edited: Tried first direct too. It wants my username, no option at all if I can't remember it.
Edit again: Starling needs a text message sent to my phone!!!... And then my password. Seriously, what banks only need your mobile number, as I am running out of cards here.
It might be possible with some banks, but in my very scientific experiment looking at just two three cards...0 -
I don't think it's got anything to do with breaking into banking apps.If you use your card online these days, it's very common to get a text message with a one-time code that you have to enter into the web site. So someone can go on a spending spree with your card (or even a photograph of both sides of your card) and phone without ever hacking into any apps.If it sticks, force it.
If it breaks, well it wasn't working right anyway.2
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.7K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards