Starling Bank Chat (Part 2)

Then those people should take the blame and be told to stop whining.

I agree. Warning is clearly shown and customer still gave the code

It’s not usually me that’s on the side of people!

I bet the customer gets this back. “You gave out the code” is not really any different to giving out any critical data/pin/login etc. This basically means nobody ever gets paid back?

Sure.
You give your password away? Your fault. You give your PIN to someone else? Your fault.
It’s simple really, we are not teaching an advanced cyber security course here. It’s really simple and really obvious advice that is given on every single leaflet and email you get from your bank, and now on every single popup message you see before making a transfer etc.

I agree, but that’s not how it currently works.

Isn’t it?
I thought, for example, if the bank knows/can show you gave your PIN away, it will class this as gross negligence and will not refund you according to standard T&Cs… is that not the case?

I agree this is the customers ignorance and negligence.

Screenshot_20221028-0947371440×3120 131 KB

This is the message Starling gives before providing the codes for online purchases.

People really need to get with the times, people are out there to be reckless, the banks also need to grow a pair and the FCA need to do one.

Customers can only be protected so much before it is just put down to stupidity.

PIN I’m not sure.

But lots of people forward the login email from Monzo, despite the huge warnings, and still get the money back.

Well they absolutely shouldn’t get any money back.

I wouldn’t say lots of people. It depends on the complexity of the scam I guess.

Never worked fraud so hard to gauge.

The banks shouldn’t be covering these things. A hard lesson to be had, but it needs to be had.

Banks also shouldn’t have to be soft or give any money back tbf. Look at crypto. You lose it, tough shite. What’s gone is gone. Move on.

My opinion is shouldn’t of been so stupid, however when people are pushed then psychologically the mind takes over and doesn’t always engage brain.

Maybe worth a follow up visit if they post again once taking it to the ombudsman, to see what the official take on this is.

From Reddit

Not only had they called me, they already had my card details stolen and had personal information about me. They identified themselves as a member of Staling staff and could generate transactions at will, indicating to me each time it was happening, this is very convincing!

I feel for the guy really. To me this isn’t any different to “Your account is compromised and you need to move your funds to this account” and you skip by all the confirmation of payee etc.

“Your Bank” phone, they know your name, details etc, they know you’ve said no to payments, because it’s them, you’re already worried because of said payments, you’re not thinking straight.

It’s very easy to sit here and say “I wouldn’t ever ignore the error” and maybe you wouldn’t, but thousands of people do and will continue to do so. I do agree you can’t baby everyone and at some point you have to take responsibility, and I’m usually all for “Tough.” but in this case I do feel sorry for them.

Which is why people need to understand the rule to follow 100% of the time - never ever move money upon anyone’s telephone instruction. Full stop. No ifs no buts no exceptions.

Same with this case, the warning is clear, never give this code to anyone on the phone, no exceptions.

Or worse still.

“Your money is already gone - your account is locked, somebody has been trying to access it.

I’m ringing from the bank to help get your money back as quickly as possible. If we don’t act now, there may be no chance of recovering it.”

Now imagine being jetlagged, recently bereaved, not tech savvy (we’re talking the elderly too - people 80 years old). And people that have been told they’ve lost so much, their life will be turned upside down.

Next the scammer is going to say something to dismiss the warnings.

“Yep - don’t worry about those, they’re for if someone is trying to scam you, I’m from the bank so it’s safe to give it to me”.

It’s not hard to comprehend how it’d happen.

It might not happen to you, and that’s great, but there are vulnerable people, through no fault of their own, that are at the rough end of this.

And even if everybody was as smart as you, I still believe the bank should refund people.

This problem only exists because banks lack the technology to ACTUALLY verify somebodies identity.

Every innovation in banking is around convenience for both sides and to encouraging spending. Think cheques: who wants to carry around £10,000 to pay for that car in cash. You might get robbed, it’s heavy, it’s more dispensing from the banks too, which is expensive. Cheques opened an avenue for fraud, but banks still loved them. They obviously wanted to reduce fraud, but they accepted that’s the cost of business to increase spending, and to reduce other costs.

And then comes the debit card, same deal again. Banks have chosen to implement these methods that have unverifiable aspects because it benefits them (and their customers, of course).

Paying online is where we’re at now, and it’s the same deal.

A bank had paid out because it failed to verify that the owner was the one spending. It could ask for the person to go to a post office with their passport, it could ask them to go to a branch, or speak to customer services every time to card is used. It doesn’t because that’s inconvenient and expensive. So banks push some of that responsibility onto you - don’t share this code, don’t forward this on.

It’s realistic to have some responsibility as customers, but for those that unfortunately cannot follow through on that responsibility - saying yep, you lose your life savings then, carry on. Is incredibly harsh and unfair. This problem just shouldn’t exist in the first place.

Sry end of rant/ramble.

Hmm. You need to put your password into lots of banking apps and websites. Some banks have a telephone password that you are meant to use to authenticate on phone calls. Others just ask for a couple of characters from the password. I enter my PIN into banking apps, and I’ve typed it into machines of all shapes and sizes to make card payments and withdraw cash. The idea that you should never give these secrets away is clearly false.

Agreed, the Starling 6 digit code shouldn’t be shared and, yes, they show a warning about this. Other services, however, text codes to me that I need to type into websites to login, or give to the customer service agent on the phone to verify my identity, which is the exact opposite of the Starling process.

In the heat of the moment, when someone has already stolen some of your details and is using those to appear legitimate, while money is leaving your account through unauthorised transactions in front of your eyes, and someone is actively trying to deceive you, to trick you into sharing one particular code… it’s not quite so crazy to think that you might end up typing your PIN somewhere you shouldn’t, sharing the login password rather than telephone password, or sharing a 6 digit code that was meant not to be shared.

How hard do you think this lesson should be? Your life savings? Your pension?

Fwiw, I suspect some kind of shared liability is the way forward in these cases. Putting the risk entirely on the customer means banks can skimp on security. Putting it entirely on the bank may encourage reckless behaviour by customers.

Well that’s all fraudsters and thieves doing the deeds.

I guess the customer can also go claim the £6k from their mobile provider for letting the call come through.

Oh wait, the customer answered that call
The customer also ignored the advice in black and white telling them not to give out these codes

This is really the customers issue and shouldn’t have ignored the warnings on screen.

You’d think so, but the amount of times people fall for it/choose to ignore simple notices.

It’s not uncommon for banks to refer to other banks for a better service and account handling, same goes for exiting customers who continue to land up in the same scenarios week in week out.

Sad really.

Can’t help everyone.

I do agree. If the phone rings and it’s your local double glazing company saying your windows have all run away in the wind and that you need a replacement today and it will cost £10,000 it’s easy to realise it’s a scam.

When “your bank” calls, you’ve already had suspicions, they know about those (because of course they do, it was them), then you’re going to believe them.

We’re nerds that spend our days on a banking forum, we understand how it all works, we understand how these scams are set up and how they are manoeuvring to trick you, but that isn’t the case for everyone.

But in those moments of absolute panic, you’re rushing. People barely read these messages on a good day, but when you’ve been told seconds make the difference, you might just click continue, or just not read it all together.

Only if the customer reads it, then says they’re uncomfortable on the phone, then the scammer might try and work their way around it.

I would bet many just don’t read it out of panic.

It’s technically quite different. Like I built up a picture of how things have changed over the years, the fundamentals are the same, but the technology has changed.

The reason banks are liable to begin with is because of the core function of a bank.

They hold your money for you, and only you, and you can withdraw it when you wish.

In this scenario, a bank has accepted an instruction from somebody else to withdraw your money, and you didn’t want that money withdrawing. The instruction didn’t originate with you. The bank tried to verify it was you who requested this withdrawal, but like I mentioned earlier, they compromise and they use a method they know doesn’t work 100% of the time, but they accept that the convenience is worth the risk.

Modern airports with modern passports have very little mistaken identities. All I’m saying is some solutions exist, and for the ones that don’t yet - don’t you think the banks should be working on them?

Why should the customer accept the responsibility, when the root problem is a bank not being able to verify their own customers properly?

The customer authorised this and chose to ignore the advice given in the app.

Regardless of whatever else was happening, the bank authorised the transaction as the customer authorised themselves into the app, and then provided said code to authorise the funds movement.

The bank did their part (securing the app and explained not to ever give the codes to anyone), otherwise we may as well scrap all apps as they are today and have our passports to hand every time we need to log in to check our balance or send other half the lunch split.

The banks can’t be held accountable for everything. I see your point somewhat, but the onus is customer blame here.

To add further, it’s not uncommon for customer remorse, IE gambling and you wouldn’t believe how many try it on for their gambling addiction and the banks never refund those.

We haven’t seen its eBay or whatever else was mentioned merchant end, could be a stupid purchase and no refund policy and now regret - which is very common.