Could Your Bank Have Saved You From Becoming a Victim of Fraud? Duh!

HomeATM's SafeTPIN could eliminate phishing, cloned bank websites AND "Account Takeover Fraud" in one fell swoop...er, swipe.

Customers are complaining that lax monitoring of accounts has cost them thousands of pounds

Times Online - Lauren Thompson

Banks are not properly monitoring accounts for fraud, so putting their customers’ money at risk, a Times Money investigation has found.

Many people assume that their banks will pick up on unusual activity and stop transactions if they appear suspicious. However, fraud victims say that their banks have authorised transactions allowing several thousands of pounds to be spent in a few hours.

Sandra Quinn, of Apacs, the UK payments association, says: “There are no industry guidelines for how banks should monitor fraud. Each has a different policy. It is impossible for consumers to know which is best — or worst — because they do not publish their fraud figures or details of their monitoring policies.”

While there is nothing in the Banking Code that compels banks to monitor for fraud, they all say that they have “detection systems” to identify unusual spending patterns and potentially fraudulent transactions. But they deliberately do not tell consumers the type of transactions that may be flagged as suspicious in case it gives fraudsters too much information.

Alex Barnett, of Halifax, says: “We are unable to disclose what values or transaction patterns trip a fraud alert, mainly because this is assessed on an individual basis. A set of normal transactions for one person may not be normal for another.”

Concerns about monitoring have mounted as banks appear more reluctant to compensate victims of chip-and-PIN fraud. Times Money has been inundated with letters from readers who have had thousands of pounds withdrawn from accounts, only to find that their banks refuse to compensate them. Many have been “shoulder-surfed” — watched as they enter their PIN — then had their cards stolen and accounts drained at cash machines and in shops.

Under the Banking Code, consumers are not liable for such fraudulent transactions, but banks are refusing to pay out, telling customers that they "must have been" negligent with their PIN.

Jane Smith, 58, was a victim of fraud after an HSBC cash machine on Baker Street, Central London, swallowed her Abbey debit card. She went back to the branch as soon as it opened the next day, only to find that fraudsters had spent £4,000 — her entire overdraft — in less than 24 hours. Abbey initially refused to pay a refund, saying that she must have given her PIN to someone. It took her three months to recover the money.

She says: “I have been a loyal Abbey customer for 30 years (Editor's Note: which is probably the "only" reason it took three month instead of never...read on) and have never been overdrawn until this happened.

Surely the bank should have noted the transactions and stopped them?”

Professor Ross Anderson, of the University of Cambridge computer laboratory, says that Mrs Smith’s story is common. “Banks have used chip-and-PIN to dump liability,” he says. “If a transaction is disputed and a PIN was used, it is either the customer or the merchant’s fault. Why should banks go to the trouble of running a complex detection system to flag up suspicious transactions? It is simpler to authorize transactions, especially once fraud becomes someone else’s problem.”

Emma Woolf, 27, had a similar problem with her Abbey business account. She was horrified to discover a balance of £23 when she logged on to online banking — her account should have contained about £10,000. Fraudsters had been draining the funds for three months, mainly by making cash withdrawals of up to £500 at a time. They had also changed the address on the account.

Miss Woolf, who lives in northwest London, says: “I have not made a cash withdrawal on my account for several years, so endless cash withdrawals are very out of character. Yet it was not flagged up by the fraud team.”

Like Mrs Smith, Abbey told Miss Woolf that she must have been negligent with her PIN and is refusing to pay back her money.

“I have kept my card in a safe since October and have never told anyone the PIN,” she says. “I have now lost £10,000 and my business cannot operate. It has been a nightmare.”

Miss Woolf says that she is a victim of "account takeover fraud," which rose by 62 per cent last year, compared with 2007.

A fraudster contacts a bank, masquerading as the genuine cardholder, and then arranges for funds to be transferred out of the account, or changes the address and asks for a replacement card.

Editors Note:  Masquerading as the "genuine" cardholder fraud is UP 62%?  How so, or why so?  Two thoughts:  

1. The genuine cardholder should be "required" to prove they are genuine. 

What better way than swipe their card and enter their PIN? 
Two Factor Authentication with the same protocols as accessing an ATM...and

2. If they claim they "lost" the card, (and need a replacement) how's this for a thought to cut down on fraud that's rose 62% last year...Simply require them to physically come to the bank to get a new one and provide documentation.

The story continues...

Fraud costs the banking industry millions of pounds every year — and losses are increasing. Last year card fraud rose to £609.9 million, a 14 per cent increase on 2007. Cathy Neal, of Which?, the consumer organization, says that there needs to be greater clarity and consistency on how banks monitor fraud: “They will not pick up on highly unusual activity but will often stop transactions if a customer is abroad, for example.

“The vagueness of the Banking Code on fraud liability means that banks are inconsistent with compensation. Many victims are also not told how fraudsters stole account or card details, which can be very unsettling.”

Nina Gregory, 70, is taking Abbey to a small claims court next week after fraudsters took £2,800 from her Isa account two years ago while she was on holiday. The bank has refused to refund the money, a decision upheld by the Financial Ombudsman Service.

She says: “I went to Russia for five weeks and took my VIsa card with me. When I received my monthly statement when I got back, I saw that £200 had been withdrawn from cash machines in West London, every day for two weeks, until the money ran out. I have never withdrawn so much cash from a machine, or so regularly.

“However, Abbey insists that because the correct PIN was used, and the transactions took place near to my house, it cannot be fraud. It implied that I left my card at home and was somehow negligent with my PIN.”

Mrs Gregory, like many victims of fraud, says that she was made to feel like a criminal, adding:

“Abbey’s fraud department asked me lots of aggressive questions to try to establish how I had been negligent. Where did I keep my purse? Had I written down the PIN? To be accused of lying or colluding with fraudsters at my age is an insult.”

Continue Reading at Times Online

account takeover fraud, phishing, SafeTPIN, cloned bank websites

Related articles by Zemanta

• One in five ID fraud victims 'not reimbursed' (telegraph.co.uk)
• Privacy is Dead, Long Live the PIN (pindebit.blogspot.com)
• Online Banking's Innate Security Flaws (information-security-resources.com)
• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)
• Who Needs an Ounce of Prevention...We Have 10 pounds of Cure! (pindebit.blogspot.com)
• To Hell With Convenience (pindebit.blogspot.com)