Ok, since there's a lot of posts about bank cards and bank account I thought I'd write something here for you folks.
If you have a bank account, I strongly suggest you read this in full. If you have any comments, things I've missed out, corrections, please post them and I'll edit this post. I am not trying to create a list of everything that could cause money to be stolen from you. I'm trying to create something somewhere between complete, and short.
Bank Account Security Numbers -
You will only use this when you contact the bank. Never, ever, ever when they contact you. Under no circumstances will your bank ask for your security number unless you have contacted them, or you are using their internet service.
Outbound Security -
Outbound means when they contact you. They will not ask you for specifics about your bank account. They will ask you security questions, but not bank account specifics. If at any point you are unsure about who it really is calling you, ask them to put a note on your account that you were unwilling to continue for safety reasons, and ask them for the department name you need to speak to. And for Gods sakes don't phone the number they give you. Look up your banks number yourself. If I'm going to phone you and scam you, and you ask for a number to call to make sure, just who do you think is going to answer the phone? Me!
An alternative is once you've answered the security questions, i.e. your DOB, your post code, your overdraft/credit card limit. Then ask them security questions. It's perfectly acceptable to ask them for the amount of money you last took from an ATM.
Emails -
If you receive an email from the bank, never, ever, ever follow any links on it. Never ever go to the address they specify. If a box appears asking for your details close it. By all means act on the information - if they contact you to say there is a problem with your account, for example, or that you qualify for a discount on x y or z. Thats' fine. But go to the site manually.
Internet Banking -
Never, ever follow a link to get to your internet banking. Never ever. Before you go to your internet banking, close every single browser window you have open. Next go to your banks page, by typing in the URL yourself. hsbc.co.uk halifax.co.uk natwest.co.uk. Whatever it is. Always make sure you've typed it in yourself. Always check that the address displayed in the navigation bar on your browser is your banks before typing anything in. And always check it's the domain. hsbc.internetbanking.server1351.com is NOT your bank. The part before the .com or .co.uk or .net should always be the name of your bank. And it should not be hsbc-internetbanking or hsbc-server1351. If in doubt close the window and start again.
Chip and Pin, Debit card and credit card use -
Insist on putting the card into the machine yourself, or, make sure the card does not leave your sight between moving from your hand, to the tellers, to the machine. The machine should be nearer you than the teller. If you're unsure about which way to put it in, ask them before you insert it. Don't worry too much if they put it in for you, they can't do anything by just touching it. If you're at a petrol station and they say the pin machine is inside and you need to tell them the pin - don't. Refuse point blank and do not do it. In circumstances like that, it is currently acceptable for them to process it as a signed for transaction, i.e. you don't use the machine. If you cannot type in the digits then do not reveal them. If you hand over a card to anyone, and they write down any numbers, once out of sight phone your bank, ask for lost and stolen and state that you think someone wrote down your card details, and that your card has to be cancelled, and a new one sent out to you. You will not be liable for any fraudulent transactions. Under no circumstances EVER let someone take a note of the 3 security digits on the back of your card. That is for you to use on the internet/telephone only. If by doing any of this a shop gives you a hard time then that is their problem.
Computer Security -
Keep your computer spyware and virus free. Not just protection software is required. Common sense too. Don't run programs you downloaded on peer to peer software. Don't open email attachments. Don't run dodgy pirated cracks or whatever. It's only a matter of time before a piece of spyware is released (perhaps there already has been) which will redirect your browser to a fake site when you type in the name of your banks site. To you there will be no way to tell you've logged on to someone's site only placed on the internet to steal your details. And before you know it, you'll have given them your passnumber, account number, been told internet banking has a fault and to try tomorrow... bang, account emptied. Never ever use a public computer, your work computer, your friends computer to access your bank details.
Cash Machines ATMs-
Don't use cash machines often and for small amounts. Use them infrequently for large amounts. Withdraw cash on your lunch hour, on the high street where it's busy. Not late at night where it's deserted. Take out enough to last you two weeks or a month. Don't take out 20 quid every time you need it. Use 2 or 3 cash machines only. That will 1) Make sure if you see an ATM usage on your statement you'll know if it was you or not. 2) You'll get used to it, and spot if someone modifies it. A modified cash machine does not look dodgy, it doesn't look stupid or out of place. I've seen pictures of them where it looks perfectly ordinary. Watch for anything that looks "after market" on the card slot. If it looks like something has been added on, no matter how legitimate it appears, do not use the cash machine.
That cash machine has been altered. You won't know it when you use it. But someone will make a card, with their name, their signature and your bank details on it, and go shopping with it.
This is it unmodified.
A Big Warning -
Right now banks are refunding customers who make elementary errors like the ones above. They are NOT obligated to do so. If you give a conman who knocks on your front door your credit card then you would not expect your bank to pay. Yet, right now when a conman sends you an email, and you give them your bank details, your bank is paying for your mistake. This will not continue forever. Sooner or later banks are going to stop paying out for customer errors. It might sound unfair, but banks give interest, charge interest, make charges etc all to pay for staff, costs and fraud. Fraud is on the increase, banks are extremely competitive. It's going to become the norm for banks to tell customers "We've cancelled your cards, that will stop any more money being stolen. We will now lock your security details, you'll need to visit a branch with two forms of ID to reset it. But you are liable for the money" Banks will continue to pay out for some forms of fraud. But "phishing" which refers to people pretending to be your bank to get your details, will, sooner or later, be the bank customers problem.
A Disclaimer -
I'm an employee of a bank. But this is not information from a bank, it's information from me, not as part of my job. I don't take any responsibility for anything that happens to you as a result of this. None of this is sensitive information, and none is information I am releasing that is confidential bank information.
If you have a bank account, I strongly suggest you read this in full. If you have any comments, things I've missed out, corrections, please post them and I'll edit this post. I am not trying to create a list of everything that could cause money to be stolen from you. I'm trying to create something somewhere between complete, and short.
Bank Account Security Numbers -
You will only use this when you contact the bank. Never, ever, ever when they contact you. Under no circumstances will your bank ask for your security number unless you have contacted them, or you are using their internet service.
Outbound Security -
Outbound means when they contact you. They will not ask you for specifics about your bank account. They will ask you security questions, but not bank account specifics. If at any point you are unsure about who it really is calling you, ask them to put a note on your account that you were unwilling to continue for safety reasons, and ask them for the department name you need to speak to. And for Gods sakes don't phone the number they give you. Look up your banks number yourself. If I'm going to phone you and scam you, and you ask for a number to call to make sure, just who do you think is going to answer the phone? Me!
An alternative is once you've answered the security questions, i.e. your DOB, your post code, your overdraft/credit card limit. Then ask them security questions. It's perfectly acceptable to ask them for the amount of money you last took from an ATM.
Emails -
If you receive an email from the bank, never, ever, ever follow any links on it. Never ever go to the address they specify. If a box appears asking for your details close it. By all means act on the information - if they contact you to say there is a problem with your account, for example, or that you qualify for a discount on x y or z. Thats' fine. But go to the site manually.
Internet Banking -
Never, ever follow a link to get to your internet banking. Never ever. Before you go to your internet banking, close every single browser window you have open. Next go to your banks page, by typing in the URL yourself. hsbc.co.uk halifax.co.uk natwest.co.uk. Whatever it is. Always make sure you've typed it in yourself. Always check that the address displayed in the navigation bar on your browser is your banks before typing anything in. And always check it's the domain. hsbc.internetbanking.server1351.com is NOT your bank. The part before the .com or .co.uk or .net should always be the name of your bank. And it should not be hsbc-internetbanking or hsbc-server1351. If in doubt close the window and start again.
Chip and Pin, Debit card and credit card use -
Insist on putting the card into the machine yourself, or, make sure the card does not leave your sight between moving from your hand, to the tellers, to the machine. The machine should be nearer you than the teller. If you're unsure about which way to put it in, ask them before you insert it. Don't worry too much if they put it in for you, they can't do anything by just touching it. If you're at a petrol station and they say the pin machine is inside and you need to tell them the pin - don't. Refuse point blank and do not do it. In circumstances like that, it is currently acceptable for them to process it as a signed for transaction, i.e. you don't use the machine. If you cannot type in the digits then do not reveal them. If you hand over a card to anyone, and they write down any numbers, once out of sight phone your bank, ask for lost and stolen and state that you think someone wrote down your card details, and that your card has to be cancelled, and a new one sent out to you. You will not be liable for any fraudulent transactions. Under no circumstances EVER let someone take a note of the 3 security digits on the back of your card. That is for you to use on the internet/telephone only. If by doing any of this a shop gives you a hard time then that is their problem.
Computer Security -
Keep your computer spyware and virus free. Not just protection software is required. Common sense too. Don't run programs you downloaded on peer to peer software. Don't open email attachments. Don't run dodgy pirated cracks or whatever. It's only a matter of time before a piece of spyware is released (perhaps there already has been) which will redirect your browser to a fake site when you type in the name of your banks site. To you there will be no way to tell you've logged on to someone's site only placed on the internet to steal your details. And before you know it, you'll have given them your passnumber, account number, been told internet banking has a fault and to try tomorrow... bang, account emptied. Never ever use a public computer, your work computer, your friends computer to access your bank details.
Cash Machines ATMs-
Don't use cash machines often and for small amounts. Use them infrequently for large amounts. Withdraw cash on your lunch hour, on the high street where it's busy. Not late at night where it's deserted. Take out enough to last you two weeks or a month. Don't take out 20 quid every time you need it. Use 2 or 3 cash machines only. That will 1) Make sure if you see an ATM usage on your statement you'll know if it was you or not. 2) You'll get used to it, and spot if someone modifies it. A modified cash machine does not look dodgy, it doesn't look stupid or out of place. I've seen pictures of them where it looks perfectly ordinary. Watch for anything that looks "after market" on the card slot. If it looks like something has been added on, no matter how legitimate it appears, do not use the cash machine.
That cash machine has been altered. You won't know it when you use it. But someone will make a card, with their name, their signature and your bank details on it, and go shopping with it.
This is it unmodified.
A Big Warning -
Right now banks are refunding customers who make elementary errors like the ones above. They are NOT obligated to do so. If you give a conman who knocks on your front door your credit card then you would not expect your bank to pay. Yet, right now when a conman sends you an email, and you give them your bank details, your bank is paying for your mistake. This will not continue forever. Sooner or later banks are going to stop paying out for customer errors. It might sound unfair, but banks give interest, charge interest, make charges etc all to pay for staff, costs and fraud. Fraud is on the increase, banks are extremely competitive. It's going to become the norm for banks to tell customers "We've cancelled your cards, that will stop any more money being stolen. We will now lock your security details, you'll need to visit a branch with two forms of ID to reset it. But you are liable for the money" Banks will continue to pay out for some forms of fraud. But "phishing" which refers to people pretending to be your bank to get your details, will, sooner or later, be the bank customers problem.
A Disclaimer -
I'm an employee of a bank. But this is not information from a bank, it's information from me, not as part of my job. I don't take any responsibility for anything that happens to you as a result of this. None of this is sensitive information, and none is information I am releasing that is confidential bank information.
Last edited:
I have such a bad memory, I'd most probably forget which digits they asked for and end up giving my whole pin number... Cheers for the advice 
