Another Victim of NatWest's Insecure Banking Security Systems
Comments
-
Well they obviously need to phone you to social engineer you into not being concerned about the text messages you’re getting, but the fact remains banking systems have been compromised in the past and will again in the future, and yet the banking industry continues to wash its hands of the issues.Nutty Bird
£1 per day 2013
Build a savings pot0 -
Well they obviously need to phone you to social engineer you into not being concerned about the text messages you’re getting, but the fact remains banking systems have been compromised in the past and will again in the future, and yet the banking industry continues to wash its hands of the issues.
Not sure that's entirely true - I'm thinking of those Barclays TV ads over the summer warning specifically about calls claiming to be from the bank. And if I set up a payment to a new payee for my Santander account online, I get more than one warning about push payment scams, and the screen suggests I might like to set the payment for tomorrow rather than today, so I can change my mind.
There's also the IT work ongoing to provide "confirmation of payee name" and warn you if the payee's account name doesn't match what you think it is. Sadly that wasn't there in time for your mum.
In your shoes, I'd still go to the ombudsman, give a frank account of what happened, and hope they'll regard it in the same light as the case of "Brian" here, who did get his money back: https://www.bbc.co.uk/news/business-45265609BBC wrote:One customer called Brian contacted the Ombudsman service after his bank refused to refund him £7,000 in a text message scam.
Brian received a message he thought was from his bank and unwittingly gave out his security details and passcodes.
As a result, the bank said he had been grossly negligent and refused to refund the money.
After reviewing the details, the Ombudsman decided it was a sophisticated fraud, and that the fraudsters had gained Brian's trust and therefore his actions were reasonable.
They forced the bank to reimburse Brian's £7,000.0 -
................ Her first mistake was not to hang up and then call back to the number on the back of the card.she was now confident she was talking to the bank, and they already had the matter in hand, then that was her second mistake.
That was her third mistake. It is very likely that your mother had previously made one or more additional mistakes, which resulted in the fraudsters having access to her account in the first instance. I am afraid, there is nothing in what you have reported that sounds as if NatWest have been negligent but the FOS will be in a better position than us strangers on the internet who don't have access to the full details of this case.Yes during the process my mother put her card into the online banking card reader and authorised the setting up of a new payee,0 -
In your shoes, I'd still go to the ombudsman, give a frank account of what happened, and hope they'll regard it in the same light as the case of "Brian" here, who did get his money back:
Firstly, this relies on the assumption that the mother didn't actually authorise the transaction. The poster hasn't made this assertion yet, they haven't actually said how the money was transferred.
If the transaction was actually unauthorised by the mother, then it is a bit different. But its very unlikely, because the banks response was that 'but as a bank – the NatWest are confident that they have not made any errors' which indicates they were not dealing with an unauthorised transaction (in which case they would have to carefully state why they felt it was grossly negligent).
In fact, even if it was unauthorised I think the bank would have enough to show gross negligence - for example ignoring the second number set up on the account and not taking action after realising that money had been transferred between her accounts.
But as a case with FOS it would still stand a lot more chance than if the transaction was actually authorised by the mother.
IMPORTANT EDIT; Sorry, I just saw the post where the OP says that the mother indeeddid authorise the transaction with the card reader. So this is NOT a case of an unauthorised transaction. This makes it completely different to the 'brian' case mentioned in the BBC. Where a transaction is unauthorised the banks must PROVE gross negligence. Where the account holder authorised the transaction, to have any chance of success they need to prove the bank was grossly negligent.0 -
Also, NatWest do say:We will never ask you to use your card-reader to log in to Online Banking, and we will never phone you to ask for your card-reader details.
I'm not sure if they print that on the card reader itself - they probably should. Nationwide do, for example.0 -
Firstly, this relies on the assumption that the mother didn't actually authorise the transaction. The poster hasn't made this assertion yet, they haven't actually said how the money was transferred.
Fair point.
(Edit - although, the spirit of the FOS's position there seems to focus more on how "sophisticated" and plausible the fraudsters sounded, rather than the specific actions they conned Brian into.)0 -
Thanks for editing this in to your post. That clarifies the situation. Next step: refer your complaint to the FOS, part 1 - details of why your mother believed she was on the phone with the genuine Natwest fraud department, part 2 - the missed opportunity to stop the fraud in branch.Yes during the process my mother put her card into the online banking card reader and authorised the setting up of a new payee, but not having a photographic memory for sort codes, and going only by the fact it appeared to be in her name and was the ‘safe account’ the fraudsters commonly call it, she was still confident it was the bank she was dealing with.0 -
not having a photographic memory for sort codes, and going only by the fact it appeared to be in her name and was the ‘safe account’ the fraudsters commonly call it, she was still confident it was the bank she was dealing with.
A couple of questions on this:- Do you know if the recipient account was NatWest?
- If it wasn't, does NatWest online banking show which bank a sort code belongs to? No bank has the full "verification of payee" yet, but some (e.g. Santander) will at least show you which bank a sort code belongs to when you set up a payment to it, which is a partial line of defence against this kind of attack. If NatWest online banking doesn't show you that, I'd suggest that's worth mentioning to the FOS.
0 -
I must admit, in reading through this, I'm struggling to fathom how this could have been perpetrated without your mother unfortunately doing something that she perhaps shouldn't have done - probably inadvertently and maybe some time ago. I've always had the suspicion that they gather this material over a decent interval, snippets at a time. We've had a real task with one elderly relative in trying to train them not to give their life story when a scammer rings. "Hello Mrs x, we're just ringing from your bank Santander" "Ooh, I think you've got the wrong person, I bank with TSB". etc etc.
I don't bank with NatWest, but the banks I do use now flash up a screen when you set up a new payee warning to be sure that you know the payee you're sending to, to double check if the recipient has just told you that they've changed banks and that the bank fraud department will never ask you to transfer money into another account and that the bank do not operate "safe accounts".
To me, the one place the bank missed an opportunity and may be considered wanting was when your Mum told counter staff about it, that maybe should have warranted a bit more of a detailed conversation with staff. I would hope that if one of my older relatives had raised the same concerns they'd be given more appropriate assistance.0 -
This is the most concerning thing. My mother is not a frail 90 year old bewildered by technology, but an Internet savvy, and highly suspicious 68 year old, so despite what the masses may think here, she has neither been duped into revealing log in details to her on line banking or previously ‘leaked’ them. ...
Mmm, well, actually if your mother does refer her complaint to the FOS, claiming that she is a frail OAP bewildered by technology might be more likely to result in a successful outcome.:)
Someone who is "Internet savvy" and "highly suspicious" really should have known that getting a text message on their mobile saying that a new number had been registered which they hadn't requested themselves meant that their account had been compromised. And putting your debit card into a card reader and authorising the setting up of a new payee at the instigation of some third party over the phone, is just plain stupid. I don't mean to cause offence, but it really is.
I think you stop being angry with NatWest. It's not their fault. Your mother has fallen for a fairly standard scam. She is not as internet as savvy as you think. It may well be that in her particular circumstances, the NatWest could have done more, and that might persuade the FOS to rule in her favour.
But stick to the facts and outlining the sequence of events when complaining to the FOS. Don't make silly assertions about systems being hacked.0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.9K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards