Chase UK Chat (Part 1)

Insomuch that it gives the illusion a transfer is safe as it’s going to the “right person”, but that “right person” can still be a scammer?

ditto

there is a few banks which show that name of the account holder held by the bank when adding as a payee. That can easily be abused by testing account numbers and then trying to find a matching name on social media.

This is one of the worst conspiracies I’ve ever seen.

So you think someone will guess numbers, find out it matches to John Smith and then somehow find them on Twitter?

What are you going to do with my bank account and sort code anyway? Set up a direct debit for me?

In fairness this apparently happened to Jeremy Clarkson once when he insisted nothing could be done with them so he published them and someone set up a direct debit

I remember that!

But I’d be notified of anything that is set up and can cancel it on the day too. Not have to wait until the statement rolls in like the olden days!

Which banks? The way it works is you’re supposed to enter the name with the account details, and then it checks the recipient name against what you’ve entered.

Modulr?

And yeah, it can, or has done for me, shown me the full correct name if my entry isn’t too far off a match.

If it’s completely wrong I believe it rejects fully. But half match etc it can say as above.

FirstDirect was doing it the other day. It was showing me my middle name from my Monzo account when I tried add it as a payee.
Just tried it now and its not doing it despite no app update

edit: I used my name as my initials (2 characters) and it returned my full name inc middle name

I’ve no idea on the variables seems too lax though if there’s so much different, unless you’ve sent to that account before and the bank can match up what you meant because you’ve had a successful match prior.

I mean it would be trivial to rate limit these sorts of requests to make it a hugely slow process.

It would be wildly unlikely for someone to not only guess your sort code and account number but also have at least two letters that match your name as well.

agree… But offline you can prepare a list of sortcodes/accounts numbers to test as not every bank account number can be paired with a sortcode. There is some kind of algorithm that creates the pair. What it is idk and not too fussed to look it up.

Would be similar to card numbers which is validated via the luhn algorithm.

edit: seems this answers how they are checked:

I mean offline or online it doesnt matter, if the banks have no security it would but god if they get found not talking proper care with exponential back off or at least flagging these types of probes they could easily get into GDPR territory of breaches.

Its not that its impossible it just requires a lot of luck and a really really poor bank that didnt consider this when they implemented in the last couple of years.

If you consider yourself to be a celebrity or named enough that someone would be probing every bank and branch sort code trying to find your account let alone looking for a swathe of peoples names.
My old RBS account uses the sort code of the branch not like say Monzo where most are under a few, they would need to find account numbers on those sort codes along with a very very weak bank to try and probe for celeb names.

I guess if people sleep better then it doesnt matter but it does weaken the whole point of the protection and give scammers exactly what they would want.

agreed. just don’t know if the issue with FD (or Modulr?) how close you need to be for it to display the correct name.

Is BS close enough to Bob Smith to be shown Bob Smith. Checking FD now, it just says the name is wrong rather / mismatch rather than what it should be.

Yeah it just seems nuts any random can opt out of it, its exactly what scammers would want in the first place so its basically worthless because of that.

There are four responses to inputting a name:

So, just to experiment with this with my Algbra account (which uses Modulr).

Just putting in my initials - just a basic ‘Nope - doesn’t match, do you want to continue anyway or go back and try again’

Going with first initial and a mispelt surname (changed an ‘o’ for an ‘a’ in my surname) and it did pop up and say ‘Did you mean’ and gave my full correct name.

I’m so used to Starling custom dates statements on–demand that waiting for one to be produced for me, for just a month, seems very backwards.

Another reason Chase is a trad bank playing at fintech.

I think I’ve said this before but, since you’ve brought it up, I always found it quite annoying how Chase broke the feed into different months. I can’t think when this would ever be useful.

Anyone having issues with chase or just me? Keeps saying try again every time I try to click into an account.