So, I had my bank account cleared out for the second time in less than two months………
Given I work in Information Security making this kind of admission is some what of a taboo! I made the decision to share this as both individuals and organisations continue to be at risk, especially give the increase in online transactions due to the pandemic.
The first time I wasn’t overly concerned about how my card details had been obtained. The card was over four years old, it was still in my possession and had been used numerous times across dozens of websites – and that was just in one last ditch rush during a lock downed, pandemic Christmas.
The thieves had purchased two cinema tickets, two rounds of drinks at ‘spoons and a chippy tea on the way home.
I am always careful! But no one is fully protected. I do accept that these things will happen, and this is why I check my bank balance on a regular basis. My bank issued a new card and refunded the charges within a few days. All was well with the world again.
The second time, six weeks later, was similar but very different. This time the card was used in the online gambling world, it is likely they laundered this money at the very good rate of 5%.
Once again, the bank refunded the charges within a few days, and another new card was issued. This time I didn’t feel so secure moving forward and with only such a short time between receiving my new card and the theft taking place it limited the sources that could have lost my details.
- It was me.
- The card was used three times online. One’s former boss has just gone to space another’s former boss has all but eradicated Polio and the third sells, gram for gram, the most expensive product besides saffron. All big names.
- The bank or their suppliers.
- Someone who had access to my card. There was only one and I have bigger problems if it was them.
- A device I used has been compromised.
There are larger consequences to be considered with all five options and with the ability to narrow things down I really needed to know.
So, I called the bank to see if they could shed any light on things. I am as confident as I can be that it wasn’t myself or someone who had access to my card. A compromised device concerned me but I have additional software installed on all of my devices that I use for online transactions, and this found nothing. This initially gave me some piece of mind, however…
So; The bank? Well, maybe but I doubt they would own up. When I called the bank and asked if they could help it was like I was the first to ever ask the question. A genuine disbelief that I was actually interested beyond getting my money back.
I had a quick check on their website and there is basic information about how to not become a victim. This month seems to be Romance Scam awareness month. Alas, still single.
That only left Amazon, Microsoft or HP. All out of my immediate control but if they had been losing customer data I really wanted it broadcast in the news! Data breaches are ten a penny these days but organisations should be held accountable beyond just refunding their customers.
So, what’s my point? I think financial institutions could do more to prevent this from happening, particularly when activity is out of the norm for that customer, I have never held an online gambling account! They have vastly improved their response to refund customers within a few days, this was weeks and months not so long ago!!
The focus is protecting the card, which websites you access and passwords, but I would doubt many would consider their device is the cause, or worse still if it had turned out to be someone they trusted had been stealing from them. All of these will lead the crime being repeated and ultimately the bank no longer refunding their customers.
To me the bank has done the bare minimum to meet its responsibilities, but this is not enough, everyone would benefit from them doing more including the bank themselves as I am sure I am far from the only customer this has happened to this week!
Now, the shameless plug…..
This type of crime is not limited to individuals, in fact targeting organisations is far more profitable for the thief! Are you meeting the bare minimum, do you want do more in both preventing fraud and reassuring your customers, then let Net-Defence know?
We have partnered with IASME to provide their new Counter Fraud Fundamentals certification, while also provided the more traditional PCI, which is the Payment Card Industry standard. At Net-Defence we take financial security very seriously, and we are here to help you.