Suing a bank for professional negligence?

goldmine2011

Petriix said:

Are you certain that you can't also create and access chats via online banking? It seems that they are able pass security to log in. This might be possible with a few static details even if you've changed your email address or phone. 

The chats that you have via online banking don't show up in your chat history when you log into the app. The chat history that you can see in your app seems to be chat history that is within the in-app's "chat" feature, and keeps them there for around 12 months from what I can see, as I can see all the chat history from the last time the person/hacker did this exact same thing in Oct.

*weird thing just happened, as I was writing this out Barclays called me*

So someone higher up at Barclays fraud & security just called me, went over the details again of what happened and confirmed from both sides the timelines.

We then went through the phone settings over the phone, checked all the internal settings on the phone (accessibility options, developer options, software versions etc), did a full scan using recommended software installed from the Google play store, and basically the conclusion was that it is very highly unlikely that it was from our device/end.

Obviously not 100% but he said it's unlikely based off the fact that the device was deactivated for access on the 6th and no other device was registered for any online access until the 12th, but he confirmed that he can see the chats happened on the 10th. Even he said he hasn't seen anything like this before. When I pressed further about how can this be possible? he said that 'without certainty' that there could be a backdoor/flaw or security issue somewhere on their end that this is possible. He said hackers are always one step ahead and they are essentially playing catch-up on issues like this.

I recorded this call (which he was fully aware of) and will definitely be using this as part of whatever case I am able to build because regardless of if it is an issue from our end of theirs, they had ample opportunity from this happening the 1st time in Oct, to then us informing them it happening again on the 6th of this month and I also found out now that the account wasn't actually blocked off at all when we first reported it and requested access to be shut off, all that agent did was just cancel and sent a new card, nothing else. The phone call with them confirmed we requested it, the agent agreed and confirmed that would be the case, and nothing was actually done.

Just multiple failings from their end in regards to this, so for the meantime anybody that does bank with Barclays I would suggest if reporting anything suspicious on their account, press them to actually do what they say they are going to whilst on the call (and preferably have it recorded).

goldmine2011

masonic said:

goldmine2011 said:

This is what makes me think there is a security flaw within Barclays itself

If it were a security flaw within Barclays itself, then there would be many more people having this issue. Whereas when all known incidences affect one individual, the most likely explanation is there is something particular to their own environment that is allowing fraudsters to get into their app. Either way, if Barclays has no reasonable grounds to suspect negligence or participation on your part, they have a duty to refund you, which it appears they have done.

The behaviour you describe suggests the fraudsters have remotely captured a session from your device and can therefore continue using it after you remove the app. It may be a failing that Barclays has been unable to block/detect this, but they'd need to have pwned the device to get to that point.

They have refunded for the first instance of this happening back in Oct but not this time.......yet. But i'm sure that they will have to refund based on the evidence that we have of their failings/inactions when we reported it this time. Could have 100% easily have been avoidable if they did as they said on that first phone call, but they just confirmed they didn't actually do anything other than send out a new card. A bit of a joke to be honest.

I do believe that at some point access to the device was possible, but since the first time we had actually got rid of the device and got a new one and new bank details, so either like you said they managed to get in based of old details/sessions. 

goldmine2011

Emily_Joy said:

OP, is there any reason you have only one bank account? This is definitely not recommended.

No specific reason tbh, its mainly where the money comes in and out. Did actually have a additional current account until about 6 months ago but never really used it and closed it. Now I see why its not a good idea to have just 1 and will be getting another 2 once this is resolved (closing Barclays and then getting 2 with different banks)

dinosaur66

this scenario that goldmine2011 is going through is nuts

if something  like this happened to me and i would be fuming mad with the bank

the sheer incompetence of the call handlers

there must be red flags put on the accout after the first time it has been reported and yet it happened mutiple times and no red flags ?

i am of an age where my computer skills are very basic / my phone is old i7 and i would not have been abe to track down the call logs as goldmine2011 has done

never had anything like this happen / i refuse to have banking apps on my phone /

only good thing is that barclays reimbursed the money i think in 10 days

goldmine2011

Olenna said:

Given that they've refunded the funds in full and you have/intend to move banks. 
What is it you're looking to achieve?

Barclays may give you a goodwill payment (to make you go away) but that is likely to be comparable to whatever the FOS may award you with the extra hassle that involves. 

They haven't refunded the amount this time, they refunded the last time it happened. But this time it is a larger amount and they still haven't refunded it.

I think initially once we started this it seemed like a goodwill gesture may have sufficed for the 'inconvenience' but I think after the multiple failings on their behalf and the fact that they have half-admitted that it could be an issue on their side, we are just waiting for a full confirmation of this which they said they are actively investigating.

But the person I just spoke to on the phone said they will have to confirm whether they have a security flaw or not because I said I needed to know for sure, so that I know if it is something again that we need to take action on.

If they admit that they have some type of security flaw then that creates a huge can of worms for them 

goldmine2011

dinosaur66 said:

this scenario that goldmine2011 is going through is nuts

if something  like this happened to me and i would be fuming mad with the bank

the sheer incompetence of the call handlers

there must be red flags put on the accout after the first time it has been reported and yet it happened mutiple times and no red flags ?

i am of an age where my computer skills are very basic / my phone is old i7 and i would not have been abe to track down the call logs as goldmine2011 has done

never had anything like this happen / i refuse to have banking apps on my phone /

only good thing is that barclays reimbursed the money i think in 10 days

I dont work in tech or banking at all but i've always been very tech-savvy (to a degree). And even to me none of this was adding up when I piece'd it together in my mind. Nevermind the incompetence of the people that we dealt with over the phone.

The fact that if they did as they said on the 6th, although they couldn't have prevented the initial access (however the hackers initially got in) they could have prevented the actual standing order being set up which happened on the 10th. It took the guy who I just spoke to on the phone today, 10 seconds to do, he said he disabled access to online access just now until this is all sorted and I said did the guy we spoke to on the 6th not do this? and he said :

"no, according to the records, he sent you a new card and that was it"

The scary part about this now is that if it is their security flaw then even if you dont have the Barclays app on your phone they might be able to access it regardless, this is yet to be confirmed but I have said that I am not letting this go until I have an answer from them as to how they managed to do this when the app wasn't even installed on my phone.

I will definitely update in due course

dinosaur66

i wish you well

i just read your post about the second time they took money you have still not been reimbursed for

it should not be up to the customer to investigate bank fraud when it is this blatant , and when it is the banks staffs fault

i read how savvy these fraudsters are but surely bank staff are trained in every possible way they operate because thats there job to root out scammers and yet reading this some of them are aiding and abbetting the very crooks barclays are paying them to stop.

[Deleted User]

I can't comment on the app as I refuse to conduct business using one so have no experience of using them. You might be eligible for compensation from the financial ombudsman. They have a scale of compensation, but don't expect much even if you win - £1.5k at the top end, likely less.

http://financial-ombudsman.org.uk/consumers/expect/compensation-for-distress-or-inconvenience

The ombudsman should also ensure the last sum is paid back into your account.

Rest assured that even after all that, you still don't hate banks as much as I do.

Emily_Joy

goldmine2011 said:

Emily_Joy said:

OP, is there any reason you have only one bank account? This is definitely not recommended.

No specific reason tbh, its mainly where the money comes in and out. Did actually have a additional current account until about 6 months ago but never really used it and closed it. Now I see why its not a good idea to have just 1 and will be getting another 2 once this is resolved (closing Barclays and then getting 2 with different banks)

Why do you want to wait for this to be sorted? Barclays doesn't have particularly good interest rates either, so it is a bit puzzling why such a considerable sum of money was sitting in an account there.

goldmine2011

dinosaur66 said:

i wish you well

i just read your post about the second time they took money you have still not been reimbursed for

it should not be up to the customer to investigate bank fraud when it is this blatant , and when it is the banks staffs fault

i read how savvy these fraudsters are but surely bank staff are trained in every possible way they operate because thats there job to root out scammers and yet reading this some of them are aiding and abbetting the very crooks barclays are paying them to stop.

Oh trust me there were sooooooo many times i literally knew what was wrong and how to prevent it more than they did, and that evidently proved to be true.

I literally had to do all the 1+1 for them, put the pieces together, draw out the roadmap of how we ended up where we are today, what they should've done, how it could've been prevented etc

I genuinely do not know what any of their staff are actually getting paid for other than to take calls and do the bare basic minimum.

I can tell you one thing is that as a bank, Barclays are reactive and not proactive.......whatsoever