Money not refunded by bank after I was mugged

TheBanker

MattMattMattUK said:

GeoffTF said:

Here is a cautionary tale:

https://biz.crast.net/i-was-in-despair-how-lending-a-phone-led-to-lifes-savings-being-stolen/

They do not seem to be able to make their mind up about the gender of the victim, but hopefully the rest of the report is accurate.

Yes, do not hand your mobile phone to some random on the street. Anyone who needs that as a piece of advice should not be in charge of their own finances.

I handed my phone to someone in the street. I witnessed someone collapse, I gave my phone to the only other person present (a child) and asked them to call 999 while I administered first aid. Not exactly the same scenario as the article but sometimes needs must. 

booneruk said:

born_again said:

booneruk said:

born_again said:

That is not a failure of the banking system. Unless you want the bank to question every transfer you make out of your app.

I'd dispute that somewhat. If the transfer is completely outside the norm of the customer's trends (an account being completely emptied at some late hour), then the bank's systems should put an automatic block on. Or at least a delay giving the poor victim time to phone and block.

What is the norm on any account?

Example. My acc is pretty much all dd's. So I then book a holiday & pay via bank transfer. Blocking it could mean losing booking. 

Several times each year people make payments out of their normal spending. Do you expect these to be stopped?

I wouldn't mind, I'd also try another account/card if it was something important to me. 

If we hold the banks responsible for loss of money through APP etc then it's reasonable for them to make payment blocking part of their bag of tricks.

Banking systems have algorithms within them, which (should) be training themselves on normal behaviour of the individual. I would argue that setting up new payees and emptying accounts to them within a matter of minutes late in the evening is a lot more suspicious than an annual holiday purchase. I'd expect even a moderately clever algorithm to block the former.

That is what should happen. As I said before I have worked in this area, and I do not think I am divulging sensitive information when I say that new payees and payments that empty accounts are both considered higher risk transactions, especially if the payee is a third party (as opposed to an account in the customer's own name validated via Confirmation of Payee), and/or if the customer's normal behaviour is to keep a balance in their account.

It looks at lots of other things too. There's a lot of information from the device that can be used to analyse the transaction.

But there is a balancing act - for every fraud that gets prevented, there will be several people complaining about blocked payments.

And in all of this, the weakest link is the customer. Not withstanding the OP's situation, almost every fraud we see begins with the customer divulging some information, whether that's through inputting their card details into a bad website, or responding to a phishing message/call, or allowing malware to be installed on their device. All of these are circumstances where regulators and the Financial Ombudsman Service have decided that customers have not been grossly negligent and therefore are entitled to a refund. 

35har1old

masonic said:

35har1old said:

Simple answer to not using a mobile device for both making the transaction and verifying the payment is to ditch all banking apps.

 You would need to ditch your smartphone altogether if using this approach. Online banking can still be accessed via a web browser on a smartphone. The alternative approach is to ditch SMS as a means of verification. It may be inconvenient to have to use a secure key or card reader to set up a new payee, but I suspect many could cope with not having that ability when out and about.

35har1old said:

Mules are usually vulnerable people

The majority are young people recruited through social media who simply don't think about the consequences of their actions. Some may go on to be coerced into other criminal acts including taking part in robberies. Some of those being seduced into money muling are children. This is why government needs to play a role. It is good to see there is work being done in this area...

https://policeprofessional.com/news/government-unveils-biggest-ever-crackdown-on-money-mules-in-the-uk/

If you ditch the app  and only use a phone to verify the transaction its just like using a secure key.
If you use a phone to excess a online site it's does slightly improve security due to the fact that your have in some cases have to enter a 16 digit user number along with a 5 digit or more security code and possibly a  OTP code.
The downside to visiting a site via your Web browser is the size of screen its like reducing your laptop to the lowest percentage view and beyond.
Not all banks ever used secure keys and i can only think of 1 building society and that still does.
Instead of increasing security its has been diminished all for speed and ease of use in the app world.
You have to laugh when you are asked to approve a payment in the app you login with a code then to approve payment a few seconds later you have to input the same code again surely there should be a separate approval code.

35har1old

TheBanker said:

MattMattMattUK said:

GeoffTF said:

Here is a cautionary tale:

https://biz.crast.net/i-was-in-despair-how-lending-a-phone-led-to-lifes-savings-being-stolen/

They do not seem to be able to make their mind up about the gender of the victim, but hopefully the rest of the report is accurate.

Yes, do not hand your mobile phone to some random on the street. Anyone who needs that as a piece of advice should not be in charge of their own finances.

I handed my phone to someone in the street. I witnessed someone collapse, I gave my phone to the only other person present (a child) and asked them to call 999 while I administered first aid. Not exactly the same scenario as the article but sometimes needs must. 

booneruk said:

born_again said:

booneruk said:

born_again said:

That is not a failure of the banking system. Unless you want the bank to question every transfer you make out of your app.

I'd dispute that somewhat. If the transfer is completely outside the norm of the customer's trends (an account being completely emptied at some late hour), then the bank's systems should put an automatic block on. Or at least a delay giving the poor victim time to phone and block.

What is the norm on any account?

Example. My acc is pretty much all dd's. So I then book a holiday & pay via bank transfer. Blocking it could mean losing booking. 

Several times each year people make payments out of their normal spending. Do you expect these to be stopped?

I wouldn't mind, I'd also try another account/card if it was something important to me. 

If we hold the banks responsible for loss of money through APP etc then it's reasonable for them to make payment blocking part of their bag of tricks.

Banking systems have algorithms within them, which (should) be training themselves on normal behaviour of the individual. I would argue that setting up new payees and emptying accounts to them within a matter of minutes late in the evening is a lot more suspicious than an annual holiday purchase. I'd expect even a moderately clever algorithm to block the former.

That is what should happen. As I said before I have worked in this area, and I do not think I am divulging sensitive information when I say that new payees and payments that empty accounts are both considered higher risk transactions, especially if the payee is a third party (as opposed to an account in the customer's own name validated via Confirmation of Payee), and/or if the customer's normal behaviour is to keep a balance in their account.

It looks at lots of other things too. There's a lot of information from the device that can be used to analyse the transaction.

But there is a balancing act - for every fraud that gets prevented, there will be several people complaining about blocked payments.

And in all of this, the weakest link is the customer. Not withstanding the OP's situation, almost every fraud we see begins with the customer divulging some information, whether that's through inputting their card details into a bad website, or responding to a phishing message/call, or allowing malware to be installed on their device. All of these are circumstances where regulators and the Financial Ombudsman Service have decided that customers have not been grossly negligent and therefore are entitled to a refund. 

I tend to use online banking late in the evening unless it's Barclays which seems to shut up shop perhaps all banks should.
Santander used to have a system that gave you a clue you where on there site by bringing up say a picture that you had selected before proceeding to login but this was removed because of convience 

Olinda99

the only real defense against having to transfer money under duress is to either not have the app on your phone or only have a little bit of money in the accounts for the app(s) that you do have

probably worth considering if you need to have apps for your accounts with high balances on your phone at all

GeoffTF

The only banking app on my smart phone is Tesco Clubcard Pay+. I keep £150 maximum in that account, and I cannot log into any of my online accounts with only that phone. Lean pickings.

masonic

35har1old said:

masonic said:

35har1old said:

Simple answer to not using a mobile device for both making the transaction and verifying the payment is to ditch all banking apps.

 You would need to ditch your smartphone altogether if using this approach. Online banking can still be accessed via a web browser on a smartphone. The alternative approach is to ditch SMS as a means of verification. It may be inconvenient to have to use a secure key or card reader to set up a new payee, but I suspect many could cope with not having that ability when out and about.

35har1old said:

Mules are usually vulnerable people

The majority are young people recruited through social media who simply don't think about the consequences of their actions. Some may go on to be coerced into other criminal acts including taking part in robberies. Some of those being seduced into money muling are children. This is why government needs to play a role. It is good to see there is work being done in this area...

https://policeprofessional.com/news/government-unveils-biggest-ever-crackdown-on-money-mules-in-the-uk/

If you ditch the app  and only use a phone to verify the transaction its just like using a secure key.
If you use a phone to excess a online site it's does slightly improve security due to the fact that your have in some cases have to enter a 16 digit user number along with a 5 digit or more security code and possibly a  OTP code.
The downside to visiting a site via your Web browser is the size of screen its like reducing your laptop to the lowest percentage view and beyond.
Not all banks ever used secure keys and i can only think of 1 building society and that still does.

If someone is attempting to force you to log in, then they'll want you to use the web browser on your phone if you don't have the app, and it is very difficult to completely disguise where you bank. Only a device with no web browsing capability could be used as a second factor when SMS authentication is used - and it would need to be left at home, which defeats the object of a mobile phone. I doubt many people took those secure keys or card readers out and about - I know I never did. I don't think not having this critical device would be as risky as saying you don't remember your login details (in at least some cases, these can be reset on the spot using details from your debit card and an automated phonecall/SMS).

35har1old said:

Instead of increasing security its has been diminished all for speed and ease of use in the app world.
You have to laugh when you are asked to approve a payment in the app you login with a code then to approve payment a few seconds later you have to input the same code again surely there should be a separate approval code.

Agree. Banks are led by their customers, who generally want things as easy as possible, but there needs to be some push-back, or at least options for more the security minded.