Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • pritchardtuesnoad
    • By pritchardtuesnoad 12th Jan 19, 10:55 AM
    • 1Posts
    • 1Thanks
    pritchardtuesnoad
    Help - bank scam
    • #1
    • 12th Jan 19, 10:55 AM
    Help - bank scam 12th Jan 19 at 10:55 AM
    This is a complaint about Nat West who I have been a customer with for over 40 years.

    I was subject to a scam which was perpetrated on me on the 17th December 2018. It resulted in us (myself, my wife and my daughter) having £15,690 removed from our bank accounts and has left us completely devastated.

    I consider myself savvy, but this was extremely professional. I was persuaded to give out my mobile app number on the basis that this was an activation code and the mobile app needed to be urgently deactivated. When I challenged this saying I never give out a code, I was told the bank would never ask for a PIN code, but they needed the activation code, and this was different.

    Again, I challenged the caller asking to confirm they were from Nat West. They told me to look at the number they were calling from to check it matched the enquiries number on my debit card. I did and indeed it did match.

    I think there is a vulnerability in the NatWest security system which allows a single number to access the mobile app. As I had not used it for 2 or 3 years I was persuaded that the number I was giving out was an activation code rather than a PIN number. Had I been using it regularly I don't think I would have done that. Surely there ought to be a system that if a feature is not used for certain period it is all automatically deactivated?

    The caller then rang the following day at a pre-arranged time and clearly had made some transfers between our accounts already. He had cleared my wife's and my daughter’s account and my overdraft. He went through about 20 direct debits with me, ostensibly to check I wanted them all transferred to the new account – in hindsight this was a further confidence boosting measure. Using the card reader, I was persuaded to transfer the sum of £15,690 into the account which I was assured was my new ‘safe’ account. It was set up with my name and reference.

    Still thinking this was genuine but feeling a little uneasy, I called NatWest fraud line who said it was likely to be a scam. They have since said the beneficiaries account had been cleared and no monies could be recovered, the bank had no liability. I received a highly impersonal standard photocopied letter from Nat West. In my view displaying a complete lack of concern for a customer of over 40 years.

    Aside from the systems vulnerability of the single access code for the mobile app, the second issue I have is that the perpetrator was able to move amounts from accounts which are linked but not related to mine, although were accessible through the internet banking site, and by doing so was able to take money out of my wife's and daughters accounts. without any action on my part. This also seems to be a vulnerability in the internet portal.

    The police have identified a suspect and they tell me there is a chance they might be able to pursue charges.

    Do I have any comeback against Nat West or other suggestions on what I might be able to do to recover any funds?
Page 1
    • NewToTheUkAgain
    • By NewToTheUkAgain 12th Jan 19, 11:02 AM
    • 84 Posts
    • 52 Thanks
    NewToTheUkAgain
    • #2
    • 12th Jan 19, 11:02 AM
    • #2
    • 12th Jan 19, 11:02 AM
    Hello, thank you for your post.

    I am really sorry to hear you have lost your money.

    Time for some bad news, I don’t think Natwest will assume responsibility on the matter.

    You really should of put down the phone and called them back.

    As you have admitted to passing security codes, I assume you will be left liable.

    Again sorry to hear about your incident.
    • zx81
    • By zx81 12th Jan 19, 11:04 AM
    • 20,120 Posts
    • 21,473 Thanks
    zx81
    • #3
    • 12th Jan 19, 11:04 AM
    • #3
    • 12th Jan 19, 11:04 AM
    You have no comeback against NatWest as you gave away your access to your accounts.

    But hopefully the police will have some success.

    In future, if a bank calls you and ask for details of anything, always call them back.
    • dunstonh
    • By dunstonh 12th Jan 19, 11:13 AM
    • 96,425 Posts
    • 64,325 Thanks
    dunstonh
    • #4
    • 12th Jan 19, 11:13 AM
    • #4
    • 12th Jan 19, 11:13 AM
    I think there is a vulnerability in the NatWest security system ...
    Yes. it is called the customer. it is the weakest part in any security chain.

    Aside from the systems vulnerability of the single access code for the mobile app,
    It is not vulnerable unless you give it out. And the banks tell you time and again, not to give this information out.

    the second issue I have is that the perpetrator was able to move amounts from accounts which are linked but not related to mine, although were accessible through the internet banking site, and by doing so was able to take money out of my wife's and daughters accounts. without any action on my part. This also seems to be a vulnerability in the internet portal.
    I dont know the natwest system but most banks will only list sole accounts or joint accounts under the single login.

    Hopefully, someone else with knowledge of Natwest systems will clarify that.

    Do I have any comeback against Nat West or other suggestions on what I might be able to do to recover any funds?
    Probably not as you voluntarily gave out the security details and agreed and carried out the instructions. Sorry.
    I am an Independent Financial Adviser (IFA). Comments are for discussion purposes only. They are not financial advice. If you feel an area discussed may be relevant to you, then please seek advice from an Independent Financial Adviser local to you.
    • masonic
    • By masonic 12th Jan 19, 11:37 AM
    • 10,608 Posts
    • 8,001 Thanks
    masonic
    • #5
    • 12th Jan 19, 11:37 AM
    • #5
    • 12th Jan 19, 11:37 AM
    Natwest requires a card reader to be used to set up a new payee, doesn't it? So how was this step bypassed?

    Edit: perhaps using the "Pay Someone New" feature in the app (https://supportcentre.natwest.com/Searchable/913207942/What-is-Pay-someone-new-in-the-mobile-app.htm), but this is limited to £500 per day

    Edit2: Nevermind, here's the answer: "Using the card reader, I was persuaded to transfer the sum of £15,690 into the account which I was assured was my new ‘safe’ account. It was set up with my name and reference."
    Last edited by masonic; 12-01-2019 at 11:42 AM.
    • EachPenny
    • By EachPenny 12th Jan 19, 11:38 AM
    • 9,618 Posts
    • 26,747 Thanks
    EachPenny
    • #6
    • 12th Jan 19, 11:38 AM
    • #6
    • 12th Jan 19, 11:38 AM
    You have no comeback against NatWest as you gave away your access to your accounts.

    But hopefully the police will have some success.

    In future, if a bank calls you and ask for details of anything, always call them back.
    Originally posted by zx81
    Agreed, but worth adding that you should also always ensure the line has been cleared (i.e. the scammer is not still connected) and manually enter the number from a trusted source (like the back of your card) rather than using any 'contacts' or last-number redial.
    "In the future, everyone will be rich for 15 minutes"
    • colsten
    • By colsten 12th Jan 19, 12:24 PM
    • 9,562 Posts
    • 8,586 Thanks
    colsten
    • #7
    • 12th Jan 19, 12:24 PM
    • #7
    • 12th Jan 19, 12:24 PM
    OP, please can you clarify what number you gave to the thieves. I have the Natwest app, and I can't see anything called a mobile app number. Do you mean the app passcode? The passcode by itself is obviously not enough info for using the app - unless the thieves used your mobile to log into the app and to move the money (but you said you moved the money yourself?)

    I also think we have some other details missing. How did the scamsters have access to the wife's and the daughter's accounts? You may be shocked to hear this but it sounds suspiciously as if your wife and/or your daughter are actually in cahoots with the thieves.

    It's excellent that you have reported the theft to the Police and that they might have a suspect. I hope you get your money back from the thieve(s) but I don't think you have a claim against Natwest as it appears you have willingly given out security information to access your account, and critically, you have transferred the £15,690 yourself.
    • gt94sss2
    • By gt94sss2 12th Jan 19, 12:50 PM
    • 4,112 Posts
    • 1,910 Thanks
    gt94sss2
    • #8
    • 12th Jan 19, 12:50 PM
    • #8
    • 12th Jan 19, 12:50 PM
    Do I have any comeback against Nat West or other suggestions on what I might be able to do to recover any funds?
    Originally posted by pritchardtuesnoad
    Have a look at:

    https://www.thisismoney.co.uk/money/beatthescammers/article-5470187/New-rules-protect-victims-bank-fraud-following-crackdown.html

    https://www.moneysavingexpert.com/news/2018/02/new-protection-for-victims-of-cash-transfer-scams/
    • cloud_dog
    • By cloud_dog 12th Jan 19, 1:05 PM
    • 3,999 Posts
    • 2,413 Thanks
    cloud_dog
    • #9
    • 12th Jan 19, 1:05 PM
    • #9
    • 12th Jan 19, 1:05 PM
    Agreed, but worth adding that you should also always ensure the line has been cleared (i.e. the scammer is not still connected) and manually enter the number from a trusted source (like the back of your card) rather than using any 'contacts' or last-number redial.
    Originally posted by EachPenny
    Also agree. Always put the phone down if in doubt and ring the number provided on any paperwork or the actual website. Also, importantly, ring the number from a different phone.
    Personal Responsibility - Sad but True

    Sometimes.... I am like a dog with a bone
    • masonic
    • By masonic 12th Jan 19, 1:34 PM
    • 10,608 Posts
    • 8,001 Thanks
    masonic
    Still not agreed, let alone implemented, unfortunately. The last press report I read in October last year suggested the new rules would be brought in at some point this year, but would not affect those defrauded prior to them coming into effect.

    Edit: "The new rules will come into force on 31 January 2019." https://www.financialreporter.co.uk/regulation/fca-issues-new-rules-for-banks-receiving-fraudulent-payments.html
    "Victims of APP fraud can make a complaint to the PSP receiving their payment and if they’re not satisfied with the outcome, can refer their complaint to the Financial Ombudsman Service."
    Last edited by masonic; 12-01-2019 at 1:41 PM.
    • masonic
    • By masonic 12th Jan 19, 2:01 PM
    • 10,608 Posts
    • 8,001 Thanks
    masonic
    The week's Moneybox covers a story of someone else who was defrauded out of £33,000 from two different banks. The banks were able to recover some of the money. Both banks eventually decided to refund all the money and bear some of the loss as a gesture of good will (covered at the start of the programme).

    https://www.bbc.co.uk/radio/play/m0001zw3
    • Silvertabby
    • By Silvertabby 12th Jan 19, 2:22 PM
    • 3,629 Posts
    • 5,428 Thanks
    Silvertabby
    The week's Moneybox covers a story of someone else who was defrauded out of £33,000 from two different banks. The banks were able to recover some of the money. Both banks eventually decided to refund all the money and bear some of the loss as a gesture of good will (covered at the start of the programme).

    https://www.bbc.co.uk/radio/play/m0001zw3
    Originally posted by masonic
    Listened to that this morning. The lady concerned was a retired teacher - who had been told that her accounts had been 'compromised' and that she should transfer her money to another account for safety.

    Did feel so sorry for her - but, come on, how many times have there been stories in the newspapers, on the tv news, and on boards such as these, about these 'transfer' scams?
    • masonic
    • By masonic 12th Jan 19, 2:36 PM
    • 10,608 Posts
    • 8,001 Thanks
    masonic
    Did feel so sorry for her - but, come on, how many times have there been stories in the newspapers, on the tv news, and on boards such as these, about these 'transfer' scams?
    Originally posted by Silvertabby
    Yes, and I hold accounts with most of the banks and have received a notice or communication from pretty much all of them warning me about push payment fraud.
    • Flobberchops
    • By Flobberchops 12th Jan 19, 3:16 PM
    • 898 Posts
    • 714 Thanks
    Flobberchops
    The caller then rang the following day at a pre-arranged time and clearly had made some transfers between our accounts already. He had cleared my wife's and my daughter’s account and my overdraft....
    Originally posted by pritchardtuesnoad
    It was at this point I realised the OP had left out a large section of the story. So, it was a social engineering scam, with the callers presumably claiming to be from the bank or police, urging the OP to move funds from an "unsafe" account to a "safe" one set up for them?

    I don't understand the relevance of the initial "banking app number" but presumably this granted the scammers access to Online Banking where they moved funds between accounts - internal payments often requiring a much lower level of security than setting up a new payee. The wife's and daughter's accounts must have been joint or trustee accounts, is that correct?

    The real damage occurred when the OP gave out the card reader code to authorise the payment. To be clear, any secure code generated by a card reader device should be considered as sensitive as a PIN! In the context of online or mobile banking, they grant access to your account.

    The good news, if that's not too perverse a way of putting it, is that it will be easy to find the scammer's beneficiary account and by extension the identity of the receiving account holder. The bad news is that this person isn't necessarily one of the scammers; it may be an unwitting third party who, for example, thought they were doing friends a favour by receiving and withdrawing in cash the £15k. Or it could be a dormant account sold to scammers by a since-departed international student. And so on. It gives the police a lead to go on, but there's no telling where and when that lead will turn cold.

    Unfortunately this is a scam rather than a fraud, i.e. it involved OP being tricked into doing something voluntarily rather than details being stolen or an account being hacked, so NatWest could rightly say their security measures were sufficient and working as intended. There is precedent for banks paying out-of-pocket to cover customers losses in these situations but that's generally when the victim is very vulnerable - for a "savvy" customer who by their own description knows better than to give away sensitive information, NatWest may not feel so generous. The fact that you're a customer of 40 years is really neither here nor there.

    Hope the police catch the scammers and your money is recovered in full, OP.
    I work for a UK bank, but any comments made on this forum are solely my personal opinion. Caveat Emptor!
    • deadendwaterfall
    • By deadendwaterfall 12th Jan 19, 3:21 PM
    • 114 Posts
    • 33 Thanks
    deadendwaterfall
    The 'only just joined and has only one post' siren just sounded: https://www.youtube.com/watch?v=frcehiHU72g

    Anyways, to answer the question, unfortunately, I don't think they have a leg to stand on, they stand more of a chance of Jeff Banks writing them a cheque for £1 billion.
    • masonic
    • By masonic 12th Jan 19, 3:32 PM
    • 10,608 Posts
    • 8,001 Thanks
    masonic
    I don't understand the relevance of the initial "banking app number" but presumably this granted the scammers access to Online Banking where they moved funds between accounts - internal payments often requiring a much lower level of security than setting up a new payee. The wife's and daughter's accounts must have been joint or trustee accounts, is that correct?
    Originally posted by Flobberchops
    Correct, payments to existing payees don't normally require use of a card reader or any 2FA. Presumably the "banking app number" was a one-time login code intended to be used to login once on an untrusted device, after which it would expire - preventing the capture of the usual credentials.

    This appears to have been used as a tactic to scare the OP and show someone else had account access, but they needed him to set up and authorise the payment used to steal the funds using his card reader.
    Last edited by masonic; 12-01-2019 at 3:35 PM.
    • 18cc
    • By 18cc 13th Jan 19, 8:15 AM
    • 978 Posts
    • 683 Thanks
    18cc
    I know it's the DM, but...

    https://www.dailymail.co.uk/news/article-6583453/Fraud-victims-tricked-handing-life-savings-money-back.html
    • Gary_Dexter
    • By Gary_Dexter 13th Jan 19, 9:33 AM
    • 3,100 Posts
    • 1,791 Thanks
    Gary_Dexter
    I don’t think we’ll hear back from OP again.

    They don’t usually come back when they don’t hear the answers they wanted to get
    • sully1311
    • By sully1311 13th Jan 19, 2:44 PM
    • 111 Posts
    • 46 Thanks
    sully1311
    No sympathy sorry. Why would the bank ask you to move funds to a 'safe account' if it's been compromised? If they had any suspicions they would just freeze the account.

    How people are still falling for these scams when they are well publicised now in the media is beyond me. A bit of common sense goes a long way sometimes.
    • tempus_fugit
    • By tempus_fugit 13th Jan 19, 3:54 PM
    • 558 Posts
    • 506 Thanks
    tempus_fugit
    Listened to that this morning. The lady concerned was a retired teacher - who had been told that her accounts had been 'compromised' and that she should transfer her money to another account for safety.

    Did feel so sorry for her - but, come on, how many times have there been stories in the newspapers, on the tv news, and on boards such as these, about these 'transfer' scams?
    Originally posted by Silvertabby
    That's the thing, this type of scam is not new, and have been publicised time and time again. And as dunstonh said the banks have said time and time again not to give out codes (including one-time-passwords for transaction authorisation) to other parties, including the banks themselves as they would never ask for them, at least I know my banks have been telling me this for a number of years. So anyone who does not know these things by now cannot call themselves "savvy" and I'm not sure how many more of these sort of scams have to be publicised before people realise that transferring your money voluntarily to another account that you clearly don't have control of is really not a good idea and is unlikely to be reimbursed by the bank.
    Retired at age 56 after having "light bulb moment" due to reading MSE and its forums. Have been converted to the "budget to zero" concept and use YNAB for all monthly budgeting and long term goals.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

1,943Posts Today

8,698Users online

Martin's Twitter