Bank card security and a little rant on the ludicrous.
Because my mum is in a care home, I have power of attorney for her account. I have a debit card, so I can shop for her and I get statements etc. I tried to use the card today and it was declined, i didn't notice why at the machine, I thought I was using the wrong number but later saw that it was out of date.
So, I've just been on the phone to the bank to arrange a new card and was told that one was sent out in december, which I haven't received or at least don't recall having received.
I'm being sent a new card which will arrive in 3ish working days and a new pin to arrive in perhaps 8 working days. BUT the card can be used contactless immediately!!
I was stunned by this and pointed out to the nice chap at the bank that it was a MAJOR security problem because anyone receiving that card in error could use it. It used to be that the first use of the card had to be using the PIN, but apparently they've changed that because the PIN takes so long to be sent out 😲.
It's even possible for someone at the sorting office to take the entire envelope, use the card at a contactless terminal and then return the envelope back into the system to complete it's journey. There'd be no way of proving the fraud.
Incredible.
The older I get, the better I was.
Comments
-
That's a ridiculous system.
0 -
In that case the letter should be a tracked delivery and a signature should be required at the receipt.
0 -
Just a thought - if you use their banking app, could you put a temporary freeze on the new card till it arrives?
0 -
Still a stupid system though, as you say. Anyone could just hold the envelope to the contactless machine.
0 -
I'm sure they've done the maths and found this costs less in fraud than sending everything recorded and signed for etc
- Genesis Croix de Fer
- Dolan Tuono0 -
Halifax have recently added a feature to their app which lets you see your PIN for the card within the app. Not sure what the point of this is....unless you're waiting for a PIN in the post.
You can also see all the card details in the app which is apparently for online shopping so you don't have to have your card to hand. Which is fine if you're on a laptop/desktop but doesn't work if you're using your phone because if you swap from the banking app to the shopping site it logs you out of the banking app before you can see the second page of card details 😂
0 -
I don't think they do the temporary freeze thing. Some banks do, some don't.
I've since found out that 'My' card was sent to my mum in the care home. As we have the same initials on our names, she didn't notice and thought the bank had sent her another card and so didn't think to mention t to me.
The chap i spoke to on the phone did agree that the system was flawed, and said he will pass on the feedback.
I think it's worth a letter to the bank to make sure this gets known to someone in charge. As pangolin points out, it probably costs less in fraud, but the bank wouldn't necessarily be the ones paying as you'd have a hard task proving YOU didn't receive the card.
The older I get, the better I was.0 -
That's really odd - whenever I am sent a new card, it ALWAYS retains the previous pin, but then as you say, the card can not be used for touch payments until the PIN has been entered for the first transaction.
Did you ask why they have decided to change the PIN without you requesting it?
Sounds like a bureaucratic mistake somewhere.
Felt F70 05 (Turbo)
Marin Palisades Trail 91 and 06
Scott CR1 SL 12
Cannondale Synapse Adventure 15 & 16 Di2
Scott Foil 180 -
Was just thinking that this is the kind of thing I'd probably post a Tweet on the bank's feed to publicly poke them into having a better system.
0 -
I had further dealings with my mums bank other day (Co-op by the way, in case you're wanting to know who to avoid).
I had to log-on to the online service. So..
Put in username, put in password, and a dialogue box comes up saying that it will send me a text mssg with a one-time access code. This code arrives and I put the code into the dialogue box and...
Fail. It says I've done something wrong and I'm back to the start.
It turned out that I had put in the wrong password, just a mistype as there's no way of seeing what you've written on their system. What I find bizarre about this is why it bothered with the message to my phone IF I'd put in a wrong password, what was the point?. It makes no sense to me.
The older I get, the better I was.0 -
To thwart down brute force attempts to guess passwords.
1985 Mercian King of Mercia - work in progress (Hah! Who am I kidding?)
Pinnacle Monzonite
Part of the anti-growth coalition0 -
This one's actually reasonable, it prevents anyone from knowing if they have your correct password or not and also notifies you any time someone tries to log in to your account. Lots of people reuse the same few passwords (or the same one) for everything and there's been plenty of leaks of password data. If there's 5 possible passwords a hacker thinks you use and only one of them goes to the next step of sending the verification code, they immediately know which one's correct, and if you suddenly start getting verification codes through when you're not trying to log in, you know that someone is.
1
