"Warning"..re. on-line banking

[mick094m]

I have recently found myself in a similar situation with another member having my on-line banking "hacked " into, and some startling facts have come to light.To start with it started happening last month with "suspicious e-mails" requesting personal details uodating,as evryone should be aware,this is incorrect as they( any banks) NEVER request anything like this so as requested I forwarded them to the online security,I think it was a total of five e-mails, never got any replies which seemed a bit odd to me. Then last weekend I was away in Wales on both Saturday and Sunday at motorcycle event in Mid Wales,on my return on Saturday,there was a letter from the Halifax thanking me for informing them of my "change of address" as I had never done so as soon as I was able I contacted them to inform them that this was not the case and that I was still at my present address.Then to my horror whem I went onto my on-line account I found that my account had been cleaned out plus £445 of my overdraft facicilty gone( this overdraft had never been used for a long time it was only there for "emergency" use).I found out that it was part of a standing order that had been setup with a Barcleys account from an address in Wolverhampton this took £445 from the overdraft facility and would have taken out £100 per month if I had not deleted the standing order from my account.after reporting it to the Branch in Liverpool I was told that there was nothing to worry about as I would get it all back along with any charges,nothing to worry about !!!!!!!!!!???? on my return home I then went in to my account changed the pass word and found some startling facts about on-line banking that has made me mad.it is no wonder it is so easy for identity fraud, in the past I may have noticed this but paid little attention to it at the time,on my account statements along with the input of my "state pension" there is my "NATIONAL INSURANCE NUMBER",so therefor Halifax are giving personal information on a plate to anyone that hacks into any account,this has left me fuming, and would like to know if this is legal for them to do this ,surely this is against the Data Protection guidelines. Though if the online banking was as secure as they state there would be nothing to worry about.But then comes how easy it is made for any "hacker" to gain access ,all they need to do is download the change of address form submit it and away they go,given a head start by the only means of this being confirmed is when a letter drops through your letter box asking if this change of address is correct if it is not they have already given the "hackers" a head start and freedom to empty ypur account.

Surely as an e-mail address and phone number of all online account holders are held by the Bank surely it would be a lot quicker and surely more common sense to do this or phone the person instead of relying on a letter via a mail system that resembles the pony express. Or in some cases the person the letter is sent to is away on a months holiday.

The most annoying part of my experience is the fact that I alerted Halifax Security Online by forwarding them the "suspicious e-mails and nothing was done regarding them ,I would have surely expected them to have flagged up my account to be watched for any suspicious activity,and as I have not needed to use the overdraft facility,this would have aroused suspicions and they should have contacted me and therefore prevented any access to my account.

I am now worried sick as to what is being done with my National Insurance Number,I will be contacting the DWP on Monday informing them of what happens.I will also be lodging a VERY STRONG COMPLAINT with the Halifax and informing them to expect Legal Action to follow............I hope that this has been of some help to other members of the group that have accounts with the Halifax ..........CHECK YOUR ACCOUNTS EITHER PAPER OR ON_LINE ,If you are on any form of benefit CHECK TO SEE IF THEY ARE DISCLOSING YOUR NATIONAL INSURANCE NUMBER.Then complain about it to THEM.

[PriorityOne]

This is not the first time this has happened with Halifax. If I were you, I would log this one with the police and then make a string of complaints to the various authorities.

 

I was in touch with someone on here re. Halifax fraud until fairly recently... and in her case, an inside job was suspected. Having said that, those phishing emails have been doing the rounds for months.... I did a thread on it not so long ago to warn people.

[sillygirl1]

I get those emails from banks I don't even have accounts with, they get passed to my sister who works in the Forensic department of the Met, and she passes them to her contact.

 

I'm looking at opening an account with the Halifax but if they use my NI no as a form of ID then NO. I feel very strongly about that and there are plenty of other ways to confirm ID. The NI no gives people access to a whole lot more info about you than you can get yourself. This is clearly wrong and ANY company who demands I send them this gets told 'sorry you've lost yourself a customer'.

 

As far as I am aware Natwest don't reveal this information.

[PriorityOne]

I have 2 accounts with Halifax.... but refused an online facility. There is no need for an NI number.... how were you persuaded to pass that info. over, if you don't mind me asking ?

 

Oh right... just realised it goes on a statement when Benefits/Pensions are credited. Hmmm...

[mick094m]

Sorry if I did not make it plain this information about my National Insurance number was not requested by them it is actually "printed " on my bank statements when my pension is paid into my bank by the DWP each week for my state pension and each monthe for my DLA payment therefor it is clearly visible to anyone that has hacked onto anyones account that gets these payments

[mick094m]

This National Insurance Number is also shown on my on-line banking,I don't know if this is common to all bamks or just the Halifax but I am going to take this up with the DWP on monday over the phone.

[PriorityOne]

I suspect you've probably clicked on a link in an email..... so really should report this to the police and then include all details in with your complaint....

 

Halifax have a duty towards protecting their customers at the end of the day and if someone's able to override this by setting up a grubby website or whatever, then you need to be reimbursed and compensated for your trouble.

 

Complain to the Information Commissioner as well (data protection)... and send everything by rec. delivery.

 

[PriorityOne]

This National Insurance Number is also shown on my on-line banking,I don't know if this is common to all bamks or just the Halifax but I am going to take this up with the DWP on monday over the phone.

 

Don't do anything "over the 'phone". There is no paper trail and you're wasting your time. In writing only... by rec. delivery and keep a copy of everything sent.

Edited July 26, 2008 by PriorityOne
spelling

[mick094m]

I never clicked on any links I forwarded them to the online security without clicking on anything the e-mails were requesting an update of my information which I knew no bank requests this to be done, so just forwarded them and they were not acted upon just ignored

[saintly_1]

Apparently I have accounts with LLoyds/TSB, Halifax and RBS And on all these my online banking details need immediate attention as they are now being upgraded:eek:. I forwarded the first lot to each banks relevant department as I have never had bank accounts with any of these banks now they are marked as 'Junk mail' and go straight to me junk mail folder where I report them a phishing [problem] emails

 

saint

[PriorityOne]

I never clicked on any links I forwarded them to the online security without clicking on anything the e-mails were requesting an update of my information which I knew no bank requests this to be done, so just forwarded them and they were not acted upon just ignored

 

Whoever's done this must have had access to your online password to enable them to get to your info. and account.... unless of course, it was an inside job of some sort.

 

You are the only person who can really backtrack to find any clues to this.... but links in emails are notorious for leading you to sites that may look like the real deal, but are in fact a very good bogus for it. Anything addressed to "Dear customer" is usually the first giveaway....

 

Whatever you suspect must be reported to the police and the relevant authorities asap though.

[mick094m]

I am aware of all that anything recived as I have already stated has been forwarded to the Halifax online security and I have printed off copies of all the e-mails and the standing order that was set up and all the e-mails are saved elsewhere on my PC and I have also copied them all to disc,as you say it can only be an inside job as NOBODY other than myself has access to my online password,also what is very strange is that though I forwarded all the e-mails I DID NOT RECEIVED any form of notification of any of them being recived ,apart from one that I recieved yesterday and this I suspect was only because I had reported it and that report had been sent to the Halifax Fraud Dept,also I am suspicious of the fact that I changed my password to my online banking straight away,I could access the account for one day the next day I was denied access as it stated I had used incorrect details ( the password I had changed was not recognised) ,then I received another e-mail that was again forwarded and I received a reply that this one had been received.I have never ever open any links if there were any on any of the e-mails, also as you state I am also a firm believer in everything put into "writing" ,when I say I will be contacting by phone I mean that it is to inform them that they will be receiving a strong letter of complaint in "writing" following the phone call and that I will be expecting them to act upon the letter IMMEDIATELY they recdeive it I don't care how busy bthey are as I regard ID theft as very serious and intend taking the appropriate action.

[PriorityOne]

Please let us know how you get on Mick... this is not the first time it's happened with Halifax, as I mentioned earlier.

 

Sounds like you know the procedures to go through... doesn't stop it being a major headache and on ongoing worry though.

[mick094m]

I certainly will do and yes it does give you an unwanted headache and worry I can well do without,but getting used to the manner in which businesses are allowed to treat people in this country,the laws and the people that enforce them leava lot to be desired ,regards the previous mention of "phising" I find that a total wate of time JUST DELETE is my motto anything in anyway suspicious "phising" don't work in my opinion

[yourbank]

.....................................

Edited July 29, 2008 by yourbank
Cannot Help

[MARTIN3030]

I have has Halifax online banking for a couple of years without any problems It needs not be said that you should not respond to any phishing emails.

I am am active and advise on a couple of sites to people residing here from Russia and Ukraine they are here legitimately as spouses.The biggest single complaint I hear is the difficulty in opening a bank account because the criteria asks for things they dont even have.

I think we should remember that the problems faced by those who seek to do honest and straightforward business,has been made very much more difficult as a result of the actions of those whose business has been to cheat defraud and manipulate at every corner.

Unfortunately theres no such thing as a one fits all.

[yourbank]

..................................

Edited July 29, 2008 by yourbank
cannot help

[qwerty101]

Ok to clear this up the reference you see on your online statement/paper statement is actually keyed in by the person/company sending the payment, just as if you were making a payment you would be asked do you have a reference to put on? This is not halifax fault, is the dwp who are keying this reference when the payment is sent!

 

As reguards that you notified halifax of these suspicious emails, does mean they will sit and watch your account to make sure nothing happens, the ammount of people who recieve these emails each day would not allow that to happen, as there is simply not enough staff in any bank to do this. The team where you send the email to, tries to investigate wee the email orignated from to try and stop it from happening.

[mick094m]

I have to dissagree with you when you state that Halifax is not at fault, Are they not aware that disclosing a persons National Insurance Number is the worst thing that anyone can do.....(because I do and do not disclose it to anyone) as I am sure other members of this forum are aware of the concequences of doing so.Also Halifax clearly state that their Banking system is "secure",therfore I would have assumed that if there had been any breach in their "secure site" that they would have the means and the staff to "investigate" not as and when, they seem fit but "immediately", in order to limit the amount of customers that will be effected by that breach of security,I mean one of the e-mails that was forwarded to them was in JUNE 2008,surely that is a warning to them that something suspicious is about to happen,I am afraid if they are not willing to act ,and just ignore the "warning signs" then they are totally responsible and cannot plead ignorance to the fact as I have personally "warned" them by forwarding the "suspicious " e-mails as advised by the Halifax to do so,therefore what is the point of the Halifax giving advice that you follow and then they ignore,perhaps as you say through lack of staff,well sorry but that is not my fault they should have adequate staffing levels as everyone knows that this is a common occurance ,but it is not until you are put into this position of having "unauthorised access" to your account that you realise the far reaching consequences. I am most annoyed of the fact that it appears to me to very simple,and easy, if you have the time and the knowledge to actually do this sort of thing.I mean for a system to allow someone to set up a standing order by the means of changing an address and the only means of confirming this that the Halifax has is by writing a letter to the person who's address they are changing,when all other details i.e. phone number e-mail is already on the data base of the Halifax,is it too much to ask for them to actually phone and contact you to ask if this is correct,I mean as I am in Liverpool it would not be an actual Wolverhampton number they would be calling ,that in itself is a secure way as I am sure they would not be able to use my phone number to confirm the change of address unless they have the means of transfering my phone line to the address in Wolverhampton where they setup the standing order,I know this to be impossible, it also shows the lack of communication between banks as the standing order was to Barclays, they too have a lack of secure means of checking the validity of standing orders setup between banks,I must be missing something but all this contradicts what the person from the Halifax told me "they are very clever people that do this",,,,sorry not so I am more inclined to say that the Banking industry is so stupid and that is the reason it is so easy to do this."clever" is not in the equation you don't seem to be that clever to fool the Halifax is my opinion.Rest assured I will be taking all of this up with all the parties concerned and if need be take each and everyone to court over the matter,and must point out I am not one to settle out of court as I reckon it defeats the object.by doing so they don't get the adverse publicity that they deserve,but they will in this case if I am forced to take that action to get it sorted out "properly" and for the benefit of other Halifax customers,then look for a more secure place to deposit my account.

Sorry this has been so long winded but I don't take too kindly for anyoe attempting to make excuses for the culprits actions in this case The Halifax

[yourbank]

................................

Edited July 29, 2008 by yourbank
cannot help

[yourbank]

........................

Edited July 29, 2008 by yourbank
cannot help

[yourbank]

...........................

Edited July 29, 2008 by yourbank
cannot help

[Hoose]

Mick,

 

as an IT specialist (albeit not in banking) let me advise you of the following:

 

the spam emails you received were not targeted at you specifically. I personally recieve some 40 of these per day, many for banks that I do not and have not banked with.

 

what has happened, is you have entered your details (specifically your email address) on an insecure website that has then been "harvested" by a spammer. They then send out blanket emails to some 2000/3000 people at a time.

 

this happens with banks, paypal, ebay, amazon, you name it.

 

You can help protect yourself by using better personal security measures.

 

for example, instead of using your name as a login, use your name and some random numbers. for your password, something as simple as letter substitution, and capitalisation can prevent hackers from simply guessing your password.

 

for example, password would become:

P4$$W0rd

 

immediatley much harder to guess.

 

but moving on from this issue, and onto what was listed in your recent transactions,

 

Halifax cannot change the reference lines of any transaction, as that could be classed as Fraud.

 

When the DWP sent out your payment, THEY (not halifax) specify that the reference for the transaction is XX then your NI number. this is so that they can trace payments in their systems, and you know that this is your pension.

 

It is exactly like when you set up a standing order to another account, or do a transfer, you are asked for a reference. this reference is what you use to describe the payment, "credit card bill", "payment to church for hall hire" etc etc etc. Why are you slating them for presenting accurate information???

 

I bank with Halifax, and yes, they have many faults, but you cannot and should not slate them for providing accurate information on what they (rightly) assume is YOUR computer screen, and on statements sent to your address.

 

sorry for the rant folks.

[mick094m]

If the Halifax are supplying as they say a secure site they are responsible for all the information PRINTED on there site so mister know all, relating to BACS why is it that when you make a purchase all you details are not shown on the recipt I.E. card no bla bla bla then ******* etc,why don't they disclose the full number, because common sense prevails and they know by doing so they are leaving them selves open to LEGAL ACTION, if it is a BACS system then Halifax should be able to do the same .if not they should ENSURE that the BACS system they use does it for them, not "rocket science" just protecting their interests and their customers, and I repeat regardless of what you say they are responsible for anything printed ON THEIR STATEMENTS as will be proven in a court of LAW,it is a HALIFAX STATEMENT so they are disclosing it or have they some magic means of disowning statements wants it is sent out BY THEM nobody else THE HALIFAX .......GET IT ( written in black & white ON Paper with HALIFAX headed Paper.and don't bother replying as you are beginning to annoy me

[Hoose]

Who should not bother replying mick?

 

when you get a printed receipt, the full card number is not displayed, this is a security measure to prevent someone getting your card number and making CNP transactions.

 

BACS references are plain text fields, and Halifax have no idea as to the information in them and what relevance they have to you.

 

Also, payments be Debit / Credit cards ARE NOT BACS transactions, they are two seperate systems

 

so, what do you think should happen??

 

on your statement you get the following:

 

Date Detail Amount

12/2 XXXXXX 121.65

13/2 XXXXXX -5.99

14/2 XXXXXX 9.99

 

 

how is that going to help you keep track of your finances?

 

if you have an issue with your NI number being used as a transaction reference, then speak to the DWP.

 

Can other more learned forumites confirm that if Halifax were to alter any transaction information then this could be classed as fraud??

Edited July 27, 2008 by Hoose
Added distinction between bacs and card payments