Getting bank card PIN from phone/wallet theft?

Azza

Azza

Azza

Caporegime
Joined
6 Dec 2005
Posts
37,581
Location
Birmingham
Street said:
Yep, I tested it yesterday with my Satander account and had found my ID, reset the password and got on to the app to view my PIN in under 5 minutes. All you need is the SIM card, bank card and ID with date of birth on, which presumably, were stolen along with her phone. Pretty shocking security wise! It never occurred to me before and I was wondering how they'd got around the iPhone lock/biometrics etc.
Click to expand...



It baffles me that you don't need to do any of that 'What's your mothers maiden name?' verification stuff on either 'find my personal ID' or 'reset online banking' processes.
 

Pawnless Endgame

Pawnless Endgame

Pawnless Endgame

Soldato
Joined
10 May 2004
Posts
12,834
Location
Sunny Stafford
tom_e said:
She's full of **** and they refunded the money to make her go away.
Click to expand...

koolpc said:
I believe she had the pin written down.
Click to expand...

Feek said:
You can guarantee that the PIN was written down and kept with the card.

Sounds like something Simon0001 would do.
Click to expand...

potatolord said:
Diary in her bag with her pin/ passwords/ login details?
Click to expand...

Zenduri said:
An old favourite would be putting the pin in the phone as a contact. Used to see that a lot.

100% It was written somewhere so they got into her phone and her banking app and realising she ****** up she cried to the bank on twitter and they basically paid her off to stop bad press. The problem is people like this make it harder for genuine victims to sort this **** out.
Click to expand...

I'm with you guys and also a Santander user.

You need either the Santander web login or your own biometrics to access the app. Changing the face or fingerprint with the phone would have caused the Santander app to revert back to asking for the web login.

So her relevant numbers (card PIN and Santander web login) surely were written down on something, in the same bag that had her phone.
 

Zenduri

Zenduri

Zenduri

Soldato
Joined
17 Mar 2009
Posts
6,608
Location
Nottingham
Pawnless Endgame said:
I'm with you guys and also a Santander user.

You need either the Santander web login or your own biometrics to access the app. Changing the face or fingerprint with the phone would have caused the Santander app to revert back to asking for the web login.

So her relevant numbers (card PIN and Santander web login) surely were written down on something, in the same bag that had her phone.
Click to expand...
I may eat my own words but turns out you can recover and reset the santander login detials by putting the sim in a new phone and following a process as long as you know the persons birthday which i assume they would if they had her ID in her purse/wallet
 

dlockers

dlockers

dlockers

Soldato
Joined
21 Jan 2010
Posts
22,472
Pawnless Endgame said:
I'm with you guys and also a Santander user.

You need either the Santander web login or your own biometrics to access the app. Changing the face or fingerprint with the phone would have caused the Santander app to revert back to asking for the web login.

So her relevant numbers (card PIN and Santander web login) surely were written down on something, in the same bag that had her phone.
Click to expand...
Did you even read the thread before you agreed with all the incorrect people?

Try it yourself. Put your SIM in a dumb phone and go through the motions to reset your password. You just need your card, DOB and something else.
 

jpaul

jpaul

jpaul

Soldato
Joined
1 Mar 2010
Posts
22,018
You would expect them to be able to patch the behaviour quickly if the moved sim is the explanation
... whenever you change to a device with a new IMEI it should be asking for you to phone them, or send the code to a pre-declared backup device
 

Street

Street

Street

Soldato
Joined
17 Jan 2005
Posts
8,556
Location
Liverpool
Scam said:
But how did they? This is what we dont know, right?
Click to expand...
They didn't need to, just put the SIM in another phone. I did it with a spare phone here!

Azza said:
It baffles me that you don't need to do any of that 'What's your mothers maiden name?' verification stuff on either 'find my personal ID' or 'reset online banking' processes.
Click to expand...
Yeh, it's appalling, you just need date of birth, post code, 16 digit card number and CVC number. Which, if you've stolen their wallet along with their phone, chances are you'll now have their bank card and drivers license.
 

jpaul

jpaul

jpaul

Soldato
Joined
1 Mar 2010
Posts
22,018
yes he's right
now wondering why I've never enabled it, otherwise anyone who nicked the phone with a credit card could make online purchases.

Evidently the banks are not currently calling that negligent.
 

dlockers

dlockers

dlockers

Soldato
Joined
21 Jan 2010
Posts
22,472
jpaul said:
yes he's right
now wondering why I've never enabled it, otherwise anyone who nicked the phone with a credit card could make online purchases.

Evidently the banks are not currently calling that negligent.
Click to expand...
Number high jacking means you aren't even secure with a SIM pin. People social engineer the call centre into releasing the PAC...
 

GreatAuk

GreatAuk

GreatAuk

Soldato
Joined
3 Apr 2009
Posts
3,975
Location
Warrington
I remember having an Orange SIM that was pin locked years ago (like 2002ish -2009ish time I think) but had no idea what the pin was... Tried the 'default' options listed around the place but no joy so ended up getting PUK locked. Memory is a bit hazy but I think after some googling I found a sim serial number > PUK code calculator / list somewhere online which worked :p. Probably not possible for newer SIM cards though I guess, Orange probably got hacked or used an unsecure algorithm for generating the codes or something I guess. (I'm 95% sure I never had to ring up customer services or whatever to get a code, as I don't think I even knew that was an option then, despite it being what everyone advises you to do now).

Anyway, since then I don't think any of my SIMs have come locked by default (or possibly came with a generic 0000 / 1234 code) and I never bothered setting a pin, because as my logic went there's no point risking the hassle of forgetting the PIN and getting locked out when I try to change phones in the future, and if my phone was stolen I'd be far more bothered by the loss of my phone than the loss of £10 or so of credit on my SIM card :p. If a SIM pin is all that stands between me and my bank account getting pwned though I might have to rethink that...

Then again if someone already has your driving licence then I bet that's enough information for many mobile carriers to hand over a PUK code for the SIM, so it may not actually matter that much.
 

dlockers

dlockers

dlockers

Soldato
Joined
21 Jan 2010
Posts
22,472
GreatAuk said:
I remember having an Orange SIM that was pin locked years ago (like 2002ish -2009ish time I think) but had no idea what the pin was... Tried the 'default' options listed around the place but no joy so ended up getting PUK locked. Memory is a bit hazy but I think after some googling I found a sim serial number > PUK code calculator / list somewhere online which worked :p. Probably not possible for newer SIM cards though I guess, Orange probably got hacked or used an unsecure algorithm for generating the codes or something. I guess (I'm 95% sure I never had to ring up customer services or whatever to get a code, as I don't think I even knew that was an option then, despite it being what everyone advises you to do now).

Anyway, since then I don't think any of my SIMs have come locked by default (or possibly came with a generic 0000 / 1234 code) and I never bothered setting a pin, because as my logic went there's no point risking the hassle of forgetting the PIN and getting locked out when I try to change phones in the future, and if my phone was stolen I'd be far more bothered by the loss of my phone than the loss of £10 or so of credit on my SIM card :p. If a SIM pin is all that stands between me and my bank account getting pwned though I might have to rethink that...
Click to expand...
Ah man that brings back memories! My first phone was an "Orange Savvy" and I managed to PIN lock it, then PUK lock it, and then try and enter my mobile phone number as the PUK about 30 times to ultimately brick it. All in about 3 hours of owning it. What a twerp.
 

jpaul

jpaul

jpaul

Soldato
Joined
1 Mar 2010
Posts
22,018
dLockers said:
Number high jacking means you aren't even secure with a SIM pin. People social engineer the call centre into releasing the PAC...
Click to expand...
yes it was in my earlier post - reputedly they've tightened up post 2020

Moreover the several hundred car insurance I payed yesterday with a lloyds CC and sms confirmation code would have been vulnerable - nothing to do with Santander. ...
still I always cycle to the (better) gym with just a credit card,

Santander account, didn't everyone get one when they used to pay interest? is just used for paying utilities for the pittance of cash-back now.

Pity the banking app can't check if the sim pin is set before installing.
 
You must log in or register to reply here.
Back
Top Bottom