That happens almost every time a newspaper picks up on a story regardless of which bank is involved.
(On another note, was this story ‘ripped from the forum’? Certain parts of it sounded very familiar, as if I’d read them before.)
1 Like
“They had information such as my mother’s maiden name, they had my postcode, they had my date of birth, they had my last four digits of my bank account number…They proceeded to state that I had three savings pots, and a current account. I don’t know how they would know that”
Oh Harriet. They had hacked your email – they were actually in your bank account.
5 Likes
Yes - the only thing they did not have was the PIN to move the money themselves it seems.
2 Likes
I’ve always wondered about who is liable once your email is hacked, surely that’s no longer a Monzo issue.
Or did Monzo take on that liability when they use email as away to communicate with you
But they don’t use email to communicate with you, they use the app.
If you mean “Why did Monzo pay out”, this is probably why:
But in terms of your email being hacked, that’s nothing to do with Monzo. In 99% of cases, that’s on the user not securing their account properly.
3 Likes
I mean more the use of email and magic links
1 Like
Yeah really its ease of targetting and value really
1 Like
Good Education would solve many of these problems
EDIT: That’s what banks should be working on how to educate their customers well( Not just banks, family, friends etc.)
1 Like
Easier said than done, apparently:
Lloyds told the Observer that Ross did not take sufficient steps to verify that the text message was genuine and ignored a fraud warning about spoofed numbers’ “safe” accounts.
Ross only recalls a generic fraud alert which the scammers told her was a default message sent before every transaction.
These scams are the online equivalent of someone approaching you on the street with the bank’s name tag and claiming that your money is at risk and you should go to the ATM, withdraw it and give it to them.
We all agree that someone falling for this in the physical world is quite stupid, so why are we tolerating it online, and even worse, trying to blame the banks for it? Can I also go withdraw all my cash at the ATM, throw it all in the wind and then blame the bank for not refunding my stupidity?
2 Likes
The email interception cases seem to be the fault of the business and the bank - they’re the ones I have most sympathy for. The business for not securing their email and the bank(s) for not implementing payee name checks. Although I still think there should be better ways for businesses to accept payments other than sending an email with an account name and number.
The code some of the banks have signed up to is way too vague and pretty worthless when it has to be put into action. Plus, there’s really no incentive for the banks to actually improve their ability to combat fraud. The payee name check thing is probably still quite distant in the horizon for most banks.
1 Like
I agree, the email cases should be the fault of the business. As far as the customer is concerned the business has invoiced them. They have no way to tell whether the bank account details they are given on the (fake) invoice are legitimate. The business should eat the cost in this case (I’d argue that for a lot of businesses the impact of an email compromise is much bigger than stolen funds, as there could be also confidential data coming through the same email address).
But I was talking more about the conventional “your money is at risk, you need to move it to this safe account” scam. There’s really no excuse for falling for one of those and I don’t think the banks should be liable for it.
CoP is mandatory for the major UK banks by 31st March 2020: https://www.psr.org.uk/sites/default/files/media/PDF/PSR%20Specific%20Direction%2010%20Confirmation%20of%20Payee%20-%20February%202020.pdf
3 Likes
Is it the case they now meet it? It was meant to be July last year originally I think.
I don’t know if it’s still the case but it was only the top five banks that had to do it, the others were just if they could.
Barclays
RBS Group (RBS/NatWest/Ulster/Coutts)
Lloyds Group (Lloyds/Halifax)
Santander Group (Santander/Cater Allen)
HSBC (First Direct)
and
Nationwide building society
Positive clickbait 
9 Likes
Thats risky play by Marianna Hunt, isn’t that a sackable offence being positive about a fintech in the Torygraph.
3 Likes
Other providers have previously provided access to credit scores for their customers - so Monzo isn’t the first to think of this by a long way.
Though, I believe most, if not all, have discontinued it since there are now so many free services offering the same thing.
1 Like