Did the bank follow security Procedures

[billynomates]

Back in January my joint bank account was subject to high value fraud (£4,500) which was achieved over 3 days via telephone banking.

 

Day one £300 transferred - achieved via automated telephone banking

 

Day two £300 transferred – achieved via automated telephone banking

 

Day three 4 X £300 1 X £100 and a Standing Order for £2,500 transferred

 

of the 8 fraudulent transactions (we will call him the fraudster) the fraudster spoke to a telephone banking operator on four separate occasions, the last being to set up the Standing Order.

 

When I noticed the activity on my account I rang the bank via telephone banking and used my PIN number to report the fraud.

 

I have had to ring the fraud department every time for information as they have not been forthcoming with keeping me informed of what is going on.

 

I have requested the telephone recordings and or the transcripts of the conversations as I need to be sure procedures were followed correctly. I have been told that there are no telephone recordings or any transcripts of the conversations.

 

When the fraudster called and spoke to the telephone operators (please correct me if I am wrong) but each operator would have typed up a brief description of what the conversation was about. I have asked for these and have been told that there are no typed notes on our account when the fraudster called.

 

I have asked when the fraudster made the transfers automatedly, then surely they must have had my telephone banking PIN number, I have been told the fraudster initially probably by passed this option and spoke to a telephone banking operator and had enough personal information to pass security, the fraudster then says they have either forgotten or lost the telephone banking PIN and are able to change the PIN number, this then enables the fraudster to transfer the money without having to speak to anyone.

 

This cannot be the case as I used my original PIN number to report the fraud and if you do need to change your PIN number for what ever reason, you would be sent a new pin by post this is quoted on the banks web site.

 

I have asked why no operator suspected unusual activity as it was clearly obvious by say the 4th transfer that something was not quite right. I have been told we TRY to make sure our operators are able to suspect unusual activity.

 

I find this all very strange as I very rarely use telephone banking (maybe once or twice a year) also the only place my telephone banking pin number is held is in my head, my online banking details are totally different to my telephone banking details as is my debit card pin.

 

I have been in regular contact with the fraud department, I have documented every conversation, I have now started to record the conversations to which they do not seem to happy with, I tell them before we start the conversation that this call may be recorded, they usually reply with “oh ok”

 

I have left the best till last:

 

Now I have been asking for the telephone recordings of the calls the fraudster actually spoke with a telephone operator, I have very conflicting answers on this, I have been told, there are no recordings, there is one recording, the call centres that took the calls do not records their calls yet. I have also asked for transcripts of the recordings, but they do not appear to have those either

 

Now I have also asked, for copies of the telephone operators notes that they type up so they have a history of the call on the account, I have been told the operators did not type up any notes, (what none of the operators) Mmmmm strange

 

I have been asking for emails to be sent for confirmation, and this is the best, the bank has actually sent me an attachment that I should not have seen.

 

This reveals that the fraudster did in fact speak to an operator on 4 separate occasions, the call centres that I have been told do not record their calls, well actually they do, this attachment tells me the bank account details of the fraudsters, it tells me the Initials of the person they spoke to, the PC ID number, the time of the calls, the fraudster actually spoke to the same operator at 9.34 and again at 11.30 what are the chances of that happening. These are the calls that they cannot get hold off.

 

I have asked the fraud department if this case went to court they are not going to appear with recordings, or operators notes, they stumble and do not answer the question.

 

I have also asked what security questions did the operators ask the fraudster, I get told I do not know, I have also asked why did none of the operators spot unusual activity on the account, bearing in mind the fraudster achieved 6 transactions on the last day, the last being the S/O of £2,500 the answer to that was we try to get out staff to spot unusual activity.

 

I have now sent a SAR and a DPA clocks ticking.

 

I need to know if the bank has messed up with security, protecting my Identity and followed procedures. I need to know or my own piece of mind.

 

One last thing the fraud department, in error again let slip the names of the accounts that the transfers went too, so now I have the names and bank account numbers, breech of the DPA for releasing confidential information to a 3rd party am I correct.

[Guest NATTIE]

Personally, it is a tough one to call on the identification procedures but telephony centres do not have to write down the details of any calls, however i would have thought a footprint would be left which would give details of when you account was accessed. I am assuming that you have informed the Police because they would get involved.

The last bit is not a breach of the DPA because the transfer went from your account and you have every right to have those details including the Payee which would appear to be the fraudster. I have a feeling a few telephony operatives are sweating a lot, and if they haven't correctly followed the banks processes they will be in a lot of trouble.

[buzby]

One last thing the fraud department, in error again let slip the names of the accounts that the transfers went too, so now I have the names and bank account numbers, breech of the DPA for releasing confidential information to a 3rd party am I correct.

 

It appears from the above that you are complaining that the bank released details of transfers made farudulently from your account by the fraudster, and gave the details to YOU. And you see this as a DPA breach?

 

It couldn't be, as logically this was an financial transaction on your account, and as the account holder, you have every right to this information - although under normal circumstances you'd have known these details bacause it was your account anyway!

 

There's a lot wrong here - but particularly the bad faith in the bank not honestly disclosing the data it held and simply fobbing you off. I'd be inclined to ask the bank to make good the funds, and when they refuse get the all-important 'deadlock letter' that allows you to go to the FSA - you cannot do this until the bank refuses to take it furether and resolve the issue. You can also take them to court, but try the FSA route first.

[billynomates]

Hi Nattie,

 

Thanks for the advice, I thought telephone call centre operators always typed up a brief encounter of the call, for example what would happen if when you rang the call centre again, (say a week later) and previously there had been a problem, the telephone operator that was now taking the call would have no history notes to look back on, so how would the operator know what was last said etc. I had a friend that worked for a call centre and they always typed up notes on the customers account either during the call or after.

 

What would happen if there was a major problem, for example the customer was threatening to take the bank to court. The banks claim that only 90% of their calls are recorded, and for example say the call centre telephone operator that customer spoke to did not type up any notes on the account.

 

Now the call was unfortunately not recorded (as the bank only record 90% of the calls) and their are no notes to back up what the customer said.

 

Is it the case that there is always a possibility that if there were no telephone recordings, no call centre telephone operator/s typed up notes, then obviously nothing could be investigated as there is no trace. Can banks really take this kind of risk, they would need evidence for their own purposes.

 

In answer to your question are the police involved, "yes" we have reported this to the police and we do have a crime number, the police will not get involved in this type of fraud as the loss lies with the Bank, as it is the bank that lose the money, the police will get involved, once and if the bank catch/suspect whom the fraudster/s are.

[billynomates]

Buzby,

 

Maybe I have not explained myself properly LOL, basically I need to know did the bank follow security properly when the fraudster rang the call centre to make 4 out of the 8 transactions.

 

To transfer funds via telephone banking when you first speak to an operator you have to pass security 3/4 questions, I want to know what questions were asked, did the fraudster answer the questions correctly, I know for a fact that this bank PROMPT you if you are unable to answer and say "I cant remember" "can you give me a clue" so I need to know that they have not breeched my privacy/confidential/personal details.

 

4 of the transfers were made automatedly where you do not need to speak with an operator - to do this you have to have a pin number, now as said I rearly use telephone banking maybe twice a year, the fraudster actually used my pin number, the reason I know this is when I spotted the fraudulent activity I rang telephone banking to report it and used my pin number. so how has the fraudster obtained my pin number, I have different pins for debit cards and online banking so I find this strange.

 

Why did none of the operators spot unusual activity? on third day the fruadster managed to transfer funds 6 times surely this should have been picked up.

 

I understand that I am allowed the names of the accounts that my money went to, but surely I would not be allowed to have their account numbers, this was included in the attachment that we were sent in error.

 

Just to say that I spoke to the fraud department last week, I was basically told that the fraud department now exhausted all their options and I as taken up a lot of their time when they had other fraud cases to deal with. Have this conversation recorded, I replied with "I am not going to go down that route, you are dealing with my account and high value fraud I need to know how it has happend" How can a member of the fraud department make that kind of statement.

 

We have so many different answers, it just does not seem to add up, something not quite right, are they hiding something??

 

I need to know that they have followed procedures correctly.

[bazak1]

banks, credit card companies etc are legally bound to follow the office of fair tradings guidelines so give them a call, explain the whole collection of events and even if it doesnt fall under their jurisdiction then they will point you in the right direction. there must be a way to prove where these calls came from and where you were at the same time. i know a couple of people who have had this happen ( not on your scale though ) and it took several phone calls and complaints but all monies were refunded.

[buzby]

Bazak1 - banks etc are under no legal obligation to follow OFT 'guidelines', becasue that's what they are - there is no legal compulsion, however if the OFT enact provision, these are legally enforceable, but the problem here is - as with most fraud - if they tell you what they do, it makes it easier to circumvent.

 

billynomates : I hear what you're asking, but the bank will never disclose this unless you can force them to do so with a court order. We've already seen their bad faith, do you think they will have any intention of disclosing how they facilitated the fraudster? There is no chance of them coming clean to you, but they may do so to a restricted audience, one they can disclose to with assured confidentiality - like a Jusge or FSA...

 

So whether they followed the correct procedure is a question you can ask, but I doubt the answer you get - based on their current attitude - will be honest and truthful.

[bazak1]

thanks Buzby, that was what i meant. if the OFT enact provision then they are legally enforceable. so if they are ( or do get ) involved it is obviously better to have them " on your side ".

billynomates- how long actually was it before you noticed activity on your account, because there is a requirement for the account holder to notify of fraudulent activity asap. as fraud is a criminal activity, have you approached your local police station for advice, because they take a very dark view of this kind of crime.

[Guest NATTIE]

billy, just going back to that point, what i said depends on numerous factors, for example, if you call a natwest branch(yes you can not a call centre) the call is NOT recorded. Depending on the bank the calls can be accessed but maybe not for long periods of time, a footprint is made on accessing the account, so that there is a record of who accessed it and what screens were accessed for audit purposes. That means if data is accessed which in this case is the transfer of monies, there is a trace to who, and where it was made from. Does that make sense?

[tim2718281]

I suspect the problem has arisen from the way you are handling the complaint

 

I would write to the Chief Executive of the bank, stating that the bank has made unauthorised deductions from your account and is unable to explain its actions, which appear to have been the result of fraudulent activity. State that the explanations you have had so far are inconsistent and contradictory.

 

Tim

[billynomates]

Bazak1 & Buzby

 

The activity happened over a Sat, Sun & Mon, funny I checked my balance on the Saturday morning and everything looked fine, didn't go into my online banking on the Sunday,(wish I had) On the Monday evening went online and that is when I spotted the fraud, I rang the bank straight away using my pin number to get through to telephone banking.

 

We reported the fraud straight away and got a crime number. We have had the funds refunded, but thats not the point, the issue here is, I have serious doubts, regarding privacy, confidentiality, procedures etc. and as said the bank appear (or say) they have no trace of the fraudsters tracks, which I find near on Impossible.

 

Buzby, I respect that you are being honest and truthful, I would not want you to say otherwise, and you are perfectly correct in when you say the bank have o intention of disclosing how they facilitate the fraudster.

 

I will wait until I receive the SAR and the DPA to see what they reveal, If we are still being "fobbed" off and getting conflicting information, then I WILL proceed down the judge route, the attachment alone that we were sent in error (via email) confirms the bank keep contradicting their answers, the good thing is we have most of the calls recorded, I would have thought that if the bank were at fault, when questions were asked, we would be given the same answer regardless, but we have been told different answers to the same questions, and at times different answers to the same question to the same members of staff. I am so glad we have the telephone recordings:lol:

 

[buzby]

You've a great deal of work ahead of you - and as you suspect, it may never reach the ears of a judge bacusr of their (the Banks) lack of wanting this to reach a wider audience. Can I suggest in addition to your current route, you keep a 'Plan b' of cost available that you feel will anable you to settle if the bank makes you an offer. This way you can react quickly and not make a mistake!

[missm]

just a wee point on this-

Call centres have small numbers staff working on a weekend, therefore it is HIGHLY likely that the fraudster came thru to the same operator, who probably recognised him from the first security check, which would mean that they were in a way 'less suspicious'

[nannamoon1]

just a wee point on this-

Call centres have small numbers staff working on a weekend, therefore it is HIGHLY likely that the fraudster came thru to the same operator, who probably recognised him from the first security check, which would mean that they were in a way 'less suspicious'

 

missm,

 

The attachment that was sent to us in error, clearly confirms that the call in which the fraudster spoke to the same operator twice within 2 hours was NOT a weekend.