Fraud Advice

Status
Not open for further replies.
Soldato
Joined
13 May 2003
Posts
11,865
Location
Hamilton
Ok, since there's a lot of posts about bank cards and bank account I thought I'd write something here for you folks.

If you have a bank account, I strongly suggest you read this in full. If you have any comments, things I've missed out, corrections, please post them and I'll edit this post. I am not trying to create a list of everything that could cause money to be stolen from you. I'm trying to create something somewhere between complete, and short. :)

Bank Account Security Numbers -

You will only use this when you contact the bank. Never, ever, ever when they contact you. Under no circumstances will your bank ask for your security number unless you have contacted them, or you are using their internet service.

Outbound Security -


Outbound means when they contact you. They will not ask you for specifics about your bank account. They will ask you security questions, but not bank account specifics. If at any point you are unsure about who it really is calling you, ask them to put a note on your account that you were unwilling to continue for safety reasons, and ask them for the department name you need to speak to. And for Gods sakes don't phone the number they give you. Look up your banks number yourself. If I'm going to phone you and scam you, and you ask for a number to call to make sure, just who do you think is going to answer the phone? Me!

An alternative is once you've answered the security questions, i.e. your DOB, your post code, your overdraft/credit card limit. Then ask them security questions. It's perfectly acceptable to ask them for the amount of money you last took from an ATM.

Emails -


If you receive an email from the bank, never, ever, ever follow any links on it. Never ever go to the address they specify. If a box appears asking for your details close it. By all means act on the information - if they contact you to say there is a problem with your account, for example, or that you qualify for a discount on x y or z. Thats' fine. But go to the site manually.

Internet Banking -

Never, ever follow a link to get to your internet banking. Never ever. Before you go to your internet banking, close every single browser window you have open. Next go to your banks page, by typing in the URL yourself. hsbc.co.uk halifax.co.uk natwest.co.uk. Whatever it is. Always make sure you've typed it in yourself. Always check that the address displayed in the navigation bar on your browser is your banks before typing anything in. And always check it's the domain. hsbc.internetbanking.server1351.com is NOT your bank. The part before the .com or .co.uk or .net should always be the name of your bank. And it should not be hsbc-internetbanking or hsbc-server1351. If in doubt close the window and start again.

Chip and Pin, Debit card and credit card use -


Insist on putting the card into the machine yourself, or, make sure the card does not leave your sight between moving from your hand, to the tellers, to the machine. The machine should be nearer you than the teller. If you're unsure about which way to put it in, ask them before you insert it. Don't worry too much if they put it in for you, they can't do anything by just touching it. If you're at a petrol station and they say the pin machine is inside and you need to tell them the pin - don't. Refuse point blank and do not do it. In circumstances like that, it is currently acceptable for them to process it as a signed for transaction, i.e. you don't use the machine. If you cannot type in the digits then do not reveal them. If you hand over a card to anyone, and they write down any numbers, once out of sight phone your bank, ask for lost and stolen and state that you think someone wrote down your card details, and that your card has to be cancelled, and a new one sent out to you. You will not be liable for any fraudulent transactions. Under no circumstances EVER let someone take a note of the 3 security digits on the back of your card. That is for you to use on the internet/telephone only. If by doing any of this a shop gives you a hard time then that is their problem.

Computer Security -


Keep your computer spyware and virus free. Not just protection software is required. Common sense too. Don't run programs you downloaded on peer to peer software. Don't open email attachments. Don't run dodgy pirated cracks or whatever. It's only a matter of time before a piece of spyware is released (perhaps there already has been) which will redirect your browser to a fake site when you type in the name of your banks site. To you there will be no way to tell you've logged on to someone's site only placed on the internet to steal your details. And before you know it, you'll have given them your passnumber, account number, been told internet banking has a fault and to try tomorrow... bang, account emptied. Never ever use a public computer, your work computer, your friends computer to access your bank details.

Cash Machines ATMs-

Don't use cash machines often and for small amounts. Use them infrequently for large amounts. Withdraw cash on your lunch hour, on the high street where it's busy. Not late at night where it's deserted. Take out enough to last you two weeks or a month. Don't take out 20 quid every time you need it. Use 2 or 3 cash machines only. That will 1) Make sure if you see an ATM usage on your statement you'll know if it was you or not. 2) You'll get used to it, and spot if someone modifies it. A modified cash machine does not look dodgy, it doesn't look stupid or out of place. I've seen pictures of them where it looks perfectly ordinary. Watch for anything that looks "after market" on the card slot. If it looks like something has been added on, no matter how legitimate it appears, do not use the cash machine.

cashmachine2.jpg


That cash machine has been altered. You won't know it when you use it. But someone will make a card, with their name, their signature and your bank details on it, and go shopping with it.

This is it unmodified.

cashmachine1.jpg


A Big Warning -


Right now banks are refunding customers who make elementary errors like the ones above. They are NOT obligated to do so. If you give a conman who knocks on your front door your credit card then you would not expect your bank to pay. Yet, right now when a conman sends you an email, and you give them your bank details, your bank is paying for your mistake. This will not continue forever. Sooner or later banks are going to stop paying out for customer errors. It might sound unfair, but banks give interest, charge interest, make charges etc all to pay for staff, costs and fraud. Fraud is on the increase, banks are extremely competitive. It's going to become the norm for banks to tell customers "We've cancelled your cards, that will stop any more money being stolen. We will now lock your security details, you'll need to visit a branch with two forms of ID to reset it. But you are liable for the money" Banks will continue to pay out for some forms of fraud. But "phishing" which refers to people pretending to be your bank to get your details, will, sooner or later, be the bank customers problem.

A Disclaimer -


I'm an employee of a bank. But this is not information from a bank, it's information from me, not as part of my job. I don't take any responsibility for anything that happens to you as a result of this. None of this is sensitive information, and none is information I am releasing that is confidential bank information.
 
Last edited:
yak.h'cir said:
Very informative!! Thank you for the effort. It all seems very obvious but then why oh why do so many fall for it?!?

You're not concentrating, the bank phones. They ask you for digit 2 and 3 of your security number, they say they may have misheard you, and ask for the first and last digit. They then tell you that you've been selected for a special rate on life insurance. You say you're not interested, hang up. It wasn't your bank. They empty your account.

You get an email, asking you to check your details. You click the link, your banks homepage loads, and a box appears asking for your pass number. You type it in. Someone else empties your account.

You walk into a small shop, ask to pay by card, sure they say, write down your card number on the back of the slip. Plus your 3 digit security number. Later on that same card number is used in the casino.

Etc etc.

Unless you read something like this and give it some thought, when you aren't concentrating you'll slip up.

Now you've read it, hopefully, if it does happen to you, something will fire, a bulb will light up and you'll say "no".
 
Harley said:
There's a few other steps you can take to avoid many of these problems.


1) Don't use internet banking
2) Don't EVER put any banking details on a PC that is connected to the net
3) Don't mail order via the internet.
4) Don't give your bank an email address for you. Then, anything that arrives purporting to be from your bank is fraudulent.

Of course, that involves sacrificing a level of convenience, but it sure increases your level of security. :D

If you're going to that level...

Then scratch off the 3 digit security number on the back of your bank/credit cards. It'll technically invalidate your cards. But you won't be using them in shops anyway. Cash machines don't need that.

A step further is to take some alcohol/something and a cotton bud and rub off the signature strip completely.

Tell your bank you don't want a security number, and ask them to remove it.

Tell your bank to use a fake date of birth as your identification date of birth.

Tell them your address has changed and make up a name for your house. Insist that they post everything to that address.

The Hilton
8, Anystreet Avenue
Wherevertown

Will get to you just the same as -
8 Anystreet Avenue
Whereevertown.

But you'll know the letter is from your bank.

Make sure that they do not have your permission to pass your address to anyone else outside the actual bank, even the group.
 
Harley said:
Hmmm. Sneeeeaky. I like it. :D

For HSBC customers anyway you can request that we do that. We'll be more than happy to do it. Just don't forget you did it, or your account could get locked very easily :P

It's done for people where their family (son, daughter, ex-wife, etc) has tried to gain access.

It's a beautiful little thing in my opinion.

The bank can only tell you "Some of the information you have given has not been correct" and the fraudster will in no way suspect it was the date of birth.
 
Killerkebab said:
By security number, you mean chip/pin of the CVV2 ?

cvv2.jpg


Edit : I do NOT recommend removing those 3 digits, or the whole security strip. That's a very extreme measure, and any retailer presented with a card like that should refuse it (but most won't).
 
Killerkebab said:
Can it be different information? Can I request that the bank call me Superman?



That would be CVV2 then :)

Yes. But banks don't ask you to do that when you identify youself to them. If you like though, your cards can have "Superman" and letters will be addressed "Dear Superman" Any time you speak to the bank though, they'll be thinking "Well, I'm a banker. And he's something that rhymes with it"
 
Killerkebab said:
A tanker? Must the bank know I am in the army? :D
Also, what does removing the CVV2 number do? Is it just that now I can't use it online/by telephone?

Right. It means that if you're in a shop and someone takes a note of your card number and that 3 digit number they can order online or on the phone using it.

Up where I live there was a syndicate of people doing it. They got people working in shops to collect the numbers, and 6 weeks after it was collected they'd then go and use the card details.
 
Vixen said:
If you remove the CVC digits from your card, then your card with not be authorised for any referral. So no high value purchases or making lots in one day for a start.

As far as asking for security passwords goes, if Natwest/RBS call, they will ask for two letters from the password if it is there. With us at least, if you ever recieve a call you're unsure about, call the number on the back of the card. During the day we can check with our fraud departments if they have called out, or there are folders with a bunch of contact numbers to check against. If someone says they can't check for you, the weekend team leaders are on or they are being lazy.
If a message is left, there should always be a name and reference number given.

Very similar with HSBC.

I wasn't aware that other banks ask for pass details when they call you. Neither HBOS, HSBC or the other couple I've had personal accounts with have done this.

If Natwest are doing this it's a very questionable procedure.

On the one hand, Natwest are sure they are dealing with you. On the other hand, you're giving out vital information.

But one thing that stands is that if you're entirely unsure, say you're unsure, and that you'll call back (and remember to look up the number yourself!)
 
Vixen said:
It's not questionable at all. They will only ask for two letters from the password. If we can't confirm the customer then we can't go over any account details. It's people who say any details are wrong to give out that make our life at the bank VERY difficult.
Last night I had to call a customer to tell him some cards had been found at a gym and I had to cancel them (company policy) but if I could ID him then I was able to at least get a new card out for the end of the week. Trying to figure out what to ask customers in that situation is such a pain because no-one trusts it actually is the bank any more :(

Postcode and DOB :)

Asking for passwords/codes on outbound calls is questionable. It's questionable because I'm questioning it. I didn't say it was wrong, I said it was questionable. HSBC don't, and I agree why we don't.
 
Status
Not open for further replies.
Back
Top Bottom