HSBC customer service to children

Marchitiello

born_again said:

Zuzi said:

I just wanted to remark that the "name" of the company to me, a basic Polish speaker, looks like just a description of the type of the company, the actual name would follow thereafter or be much longer. FIRMA HANDLOWO USL is bound to be abbreviation for FIRMA HANDLOWO USLUGOWA which just means "a company dealing in trade and services" in Polish.

If it was me and this was all I had by way of who received the money, other than some Polish association I wouldn't know how to research them further. I hope this is all clarified soon for you and your niece.

The address is also a private house with 34 other companies registered to it. 

Ducers being one that is on a sign on the house.
https://find-and-update.company-information.service.gov.uk/company/07942922

What's betting they all use the same bank account.

That looks (DUCERS) to be an accountant firm, quite common for LTD ‘s to have the registered office at the accountant address .

there are two potential companies within Companies House records with that name, both dissolved and apparently involved in the sale (one only retail, the other retail and wholesale) of auto parts. 

One was based in Leeds, the other in SW London, but the people associated with each are not the same.

AmityNeon

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

Marchitiello

AmityNeon said:

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

That is a good point but I am assuming information were indeed shared by HSBC when they informed the OP/OP’s niece that FaceID was used, so they could have said something on the line of The same and only device registered was used and all three transactions authorised via FaceID at 23:12, 23:20 and 23:31 (for example) 

teebaks

AmityNeon said:

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

My niece received all alerts the following morning and then contacted the bank to report money missing from her account. 

The agent then went through security questions and asked her about the last 2 transaction to verify security. Since she was unable to confirm these payment, the agent told her that she failed security and her account was suspended.

I just don’t understand why the agent asked for last few transactions!!!! It does not make sense at all.

teebaks

Marchitiello said:

AmityNeon said:

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

That is a good point but I am assuming information were indeed share by HSBC when they informed the OP/OP’s niece that FaceTime was used, so they could have said something on the line of The same and only device registered was used and all three transactions authorised via FaceID at 23:12, 23:20 and 23:31 (for example) 

No evidence from the bank as per when all transactions took place. The letter just said they have closed the case since payments were made using security credentials on the same device and unlikely for third party to gain access to make payments. The bank has multiple levels of security build into mobile banking. 

Scammers are getting smarter everyday!

AmityNeon

teebaks said:

Marchitiello said:

AmityNeon said:

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

That is a good point but I am assuming information were indeed share by HSBC when they informed the OP/OP’s niece that FaceTime was used, so they could have said something on the line of The same and only device registered was used and all three transactions authorised via FaceID at 23:12, 23:20 and 23:31 (for example)

No evidence from the bank as per when all transactions took place. The letter just said they have closed the case since payments were made using security credentials on the same device and unlikely for third party to gain access to make payments. The bank has multiple levels of security build into mobile banking.

Scammers are getting smarter everyday!

It's important to differentiate between types of scam(mer)s. Most rely on social engineering to deceive victims into providing authentication credentials, thereby bypassing security. In some cases, malware is involved exploiting technical vulnerabilities, although this is more easily avoided by keeping your phone firmware officially updated, only installing reputable apps from official app stores, and exercising extreme caution with unsolicited messages (especially links).

What's the exact model of your niece's phone? Have you gone through an audit of every app to ensure legitimacy? Are there any other devices registered to the HSBC account? Never mind what HSBC has claimed about the same device being used; always verify for yourself.

Based on the events involved, an internal transfer of savings followed by three external transfers to a new payee, all authorised by Face ID, at a time of night when your niece was in bed and the phone presumably in a relatively secure location, it does seem extremely unlikely that this could have been attributed to malware alone, so there must have been a large element of social engineering involved. If HSBC cannot assist any further, then unfortunately you can only look closer to home, and that will involve familial dynamics with a young teenager and education on safety and security.

Marchitiello

teebaks said:

Marchitiello said:

AmityNeon said:

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

That is a good point but I am assuming information were indeed share by HSBC when they informed the OP/OP’s niece that FaceTime was used, so they could have said something on the line of The same and only device registered was used and all three transactions authorised via FaceID at 23:12, 23:20 and 23:31 (for example) 

No evidence from the bank as per when all transactions took place. The letter just said they have closed the case since payments were made using security credentials on the same device and unlikely for third party to gain access to make payments. The bank has multiple levels of security build into mobile banking. 

Scammers are getting smarter everyday!

HSBC (and other banks) often ask you for last transaction details to pass security.. this is something that the system in front of the operator comes up with, not his own choice. Nevertheless they could also switch to a different question (regular payment, direct debit, last time you used Debit Card etc).

How do you know the time that those transaction took place? Where was your niece phone overnight? What type of notification did she receive? Is there any “activation” message in her SMS inbox? 

what is your “theory” of what “scammers” have done to “clone” your niece phone, enabled FaceID (I am guessing an iOS device) and proceed with small transfers and small payments, all consecutive? 

As the other poster have said, did you actually investigate the phone yourself or with the help of someone more tech savvy? I often audit my son’s phone and occasionally find stuff that caused him some trouble . Check Notification history, SMS, WhatsApp, App usage, photo, deleted photo, etc 

By the way, in similar circumstances (evidence of usual device being used and biometric approval) I am pretty sure that all banks would have given you the same response, not only HSBC. I realise reading your first few messages again that you may feel responsible as your niece was sleeping at your place when this happened, but I invite you again to look at the whole situation without emotions and look at plausible explanations closer to home. 

born_again

Marchitiello said:

born_again said:

Zuzi said:

I just wanted to remark that the "name" of the company to me, a basic Polish speaker, looks like just a description of the type of the company, the actual name would follow thereafter or be much longer. FIRMA HANDLOWO USL is bound to be abbreviation for FIRMA HANDLOWO USLUGOWA which just means "a company dealing in trade and services" in Polish.

If it was me and this was all I had by way of who received the money, other than some Polish association I wouldn't know how to research them further. I hope this is all clarified soon for you and your niece.

The address is also a private house with 34 other companies registered to it. 

Ducers being one that is on a sign on the house.
https://find-and-update.company-information.service.gov.uk/company/07942922

What's betting they all use the same bank account.

That looks (DUCERS) to be an accountant firm, quite common for LTD ‘s to have the registered office at the accountant address .

there are two potential companies within Companies House records with that name, both dissolved and apparently involved in the sale (one only retail, the other retail and wholesale) of auto parts. 

One was based in Leeds, the other in SW London, but the people associated with each are not the same.

I was just looking at the one, that has the same address in Leeds as the alleged fraudulent transactions. The address is a residential property. 

born_again

teebaks said:

AmityNeon said:

I'm still curious as to how the transactions were initially discovered. Were there payment notifications (timestamped overnight) when she woke up the next morning? That's the only feasible scenario in which I can imagine knowing exactly when the transactions took place (at night time in bed), other than HSBC informing directly, because as far as I'm aware HSBC does not provide instant email or SMS alerts, nor do their online/mobile banking interfaces provide transaction timestamps.

My niece received all alerts the following morning and then contacted the bank to report money missing from her account. 

The agent then went through security questions and asked her about the last 2 transaction to verify security. Since she was unable to confirm these payment, the agent told her that she failed security and her account was suspended.

I just don’t understand why the agent asked for last few transactions!!!! It does not make sense at all.

That is part of their online security.
At least being suspended would stop any further transactions.
They will also be able to see the time the transactions were made & exactly how they were made & on which device including the IP address, which if it had been used before is further proof for their argument.

Marchitiello

born_again said:

Marchitiello said:

born_again said:

Zuzi said:

I just wanted to remark that the "name" of the company to me, a basic Polish speaker, looks like just a description of the type of the company, the actual name would follow thereafter or be much longer. FIRMA HANDLOWO USL is bound to be abbreviation for FIRMA HANDLOWO USLUGOWA which just means "a company dealing in trade and services" in Polish.

If it was me and this was all I had by way of who received the money, other than some Polish association I wouldn't know how to research them further. I hope this is all clarified soon for you and your niece.

The address is also a private house with 34 other companies registered to it. 

Ducers being one that is on a sign on the house.
https://find-and-update.company-information.service.gov.uk/company/07942922

What's betting they all use the same bank account.

That looks (DUCERS) to be an accountant firm, quite common for LTD ‘s to have the registered office at the accountant address .

there are two potential companies within Companies House records with that name, both dissolved and apparently involved in the sale (one only retail, the other retail and wholesale) of auto parts. 

One was based in Leeds, the other in SW London, but the people associated with each are not the same.

I was just looking at the one, that has the same address in Leeds as the alleged fraudulent transactions. The address is a residential property. 

I may have missed the Leeds reference by the OP so far, but if it was already narrowed down to Leeds, then that is it.

It is not an issue that a “residential property” is being used fully or partly as an accountant office. I have lived for almost 10 years in a semi detached where the neighbour was indeed an accountant operation.

And again, accountants often offer the “registered office” service to client (charging additional fees) to many LTD, especially start ups and/or business where the trading location may not be suitable to keep company records (e.g. a retail shop, restaurant, etc). As a matter of fact, one of the declared Nature of Business for Ducers LTD is “

• 82110 - Combined office administrative service activities”

Even the 101 appointments (only 3 are actually active) may be a sign of an accountant offering Company Set up service, where they set up the LTD with them as Director, so all the initial bits of setting up bank accounts, etc, and then they update the directors /shareholder at the first opportunity. This is of great help when the directors and/or shareholders are foreigners and/or foreign resident.

although the company is dissolved, if it turns up to be a scam and/or an illegal activity, the directors would still be responsible for that, hence it would be good to report it to the police, but the OP do need to get the honest truth from the niece (based on what HSBC has responded, and potentially with additional details they own of IP address, etc, you need an actual story of how the child was duped in sending the money). I guess the fact that the reason was selected as “Family” imply that one cannot claim to have paid for “undelivered” goods in court even if the story is that the child was duped in sending the money as a payment for something.