Scammers had access to bank account but only transferred between owners accounts, why?

[Dano]

Long story short, an eldery-ish chap I know got caught by the 'amazon prime is charging you' scam this week, he fell for it far enough that not only did they have remote control of his computer where they setup a paypal account, added his debit card details and then added a pre-authorised payment to a skype account but they also had access to his bank accounts online, they transferred £500 out of the current account to his savings account to prove that 'amazon prime' was incorrectly charging him, then transferred £3,500 from the savings account back to the current account at which point they started trying to get him to send them the £3000 over payment via western union, he belatedly twigged at this point and put a stop to it.

He went to his bank in person and they confirmed the money had been moved around, he has a printed statement direct from his bank showing this, what I cannot get my head around is why the scammers didn't just transfer the money to one of their accounts the moment they had control? Is there something in place that would allow his bank to have reversed whatever they did?

I'm not clued up on the current bank transfer stuff but when I used it last I'm sure I was warned it was basically irreversible, what gives? Seems like he was amazingly lucky to me, lost around £90 via paypal to skype and a bit of stress but could have been far worse.

 

[bazzabear]

I guess that any transfer to an account would be traceable. That's why they wanted the trasnfer to WU instead.

But I don't know why they didn't do the WU bit themselves.

I assume he's stripped his computer bare and changed every password he has?

 

[bazzabear]

Thinking about it, large transfers out probably need a second layer of authentication which they knew they wouldn't be able to perform - like a text to his phone, or using a separate device with his card. That's why they were asking him to do it.

There was maybe little else they could do which wouldn't immediately indentify who they were.

 

[LiamJ]

Transferring to another bank account would require them stealing information to set up the account, then making a withdrawal from that account without detecting suspicion.

Western Union would allow them to just send it straight overseas, likely wherever they're calling from.

As for why they couldn't do WU themselves, I imagine there's maybe some sort of 2FA involved? Not sure, never used it personally.

 

[Dano]

He'd already given them all the security question details and answers :/ Lucky man not to have lost a lot of money.

 

[Werewolf]

Thinking about it, large transfers out probably need a second layer of authentication which they knew they wouldn't be able to perform - like a text to his phone, or using a separate device with his card. That's why they were asking him to do it.

There was maybe little else they could do which wouldn't immediately indentify who they were.

Depending on bank any new transfer as a "payment" would require them to authenticate.
IE with Barclays you can transfer any amount (or so it seems) between your own accounts, but even just authorising a £10 payment to a third party as a bill payment (either new, or because you've not done it for say 6 months) require you to use the "Pin sentry" device, put your card in, enter your pin, press the "respond" (or is it sign?) button when prompted, and enter the amount you're paying.
Basically there is no way to send a new "bill payment" that I've spotted which doesn't require multiple authentication steps (involving physically having both the card, reader and pin), specifically in order to thwart scammers who might have got your login details..

The chances are in the OP's case the scammers either didn't realise that at first (or didn't realise it before hanging up), or were using it to gain the confidence of the victim before they would have asked for the additional steps to be taken.

 

[Amnesia]

transferring to their own account would clearly leave a trace to the scammer or an accomplice. they need money by other means.
transferring between accounts can show money coming in or money going out which ever they please, they could say look at your main account and write down the amount and then minutes later withdraw money showing that money has gone out or even money has gone in to fit in with their narrative, yet it would all be there just between different accounts.

go watch some kitboga on twitch, quite fun watching him wind scammers up.