"Bank customers should save themselves from scams"

Brendan Burgess

Founder
Messages
51,902
I agree with this opinion piece by Niall Brady


If someone gives their pin in response to a text or email or cold call, they should not be reimbursed by the bank.

Brendan
 
I agree with this opinion piece by Niall Brady


If someone gives their pin in response to a text or email or cold call, they should not be reimbursed by the bank.

Brendan

For years now we are constantly being warned and warned against this practise, yet people are not listening or they just being plain stupid.
 
I once worked in a shop beside an ATM.

A customer came in one time to ask me to help her use the ATM. She had the card and the PIN together in the same wallet and was asking a complete stranger to operate the machine for her.

My point is that a lot of people are not very clever. It's very hard to design a system that is resistant to ignorance.

Should people have to pay for their stupidity?
 
Yes. I am tired bailing them out.

If someone can't use an ATM, then they should not have a card.

If someone is defrauded in this way, they should have their card cancelled.

Brendan

Some people would be better off not having internet banking for their own protection. However, there is less and less of an alternative as society moves towards a cashless society and scammers become increasingly more sophisticated. In another thread there is mention of post office savings books for children maybe a retrieval of these for some less capable internet savvy adults is required.
 
Elderly people are particularly vulnerable to telephone scams.

There's numerous newspaper accounts in recent years of an elderly person being brought to an ATM and made to take out money.

Its grossly unfair to exclude them from financial facilities on grounds of their age.

Edit to add: modern day systems are incredibly difficult for elderly people to navigate and there's little alternative offered to them.

Banks have to answer for this as well. I've had calls from my own bank & CC providers and the first question I was asked was to verify my security information.

I declined of course and rang my bank from a different phone and to a different number. The call I received was genuine and had been recorded.

A 6 digit pin (with random selection) could be put in place for ATMs but banks decline to do so on grounds of cost.

So we can't just blame the punters here.
 
Last edited:
No. The issue concerns a lax attitude to customer protection by some banks. Here's a summary of consumer rights in the EU in relation to bank payments: https://ec.europa.eu/info/sites/inf...uments/leaflet-your-rights-payments-eu_en.pdf . It clearly states that “Your liability in case of an unauthorised payment – for instance if your credit card is stolen – is limited to a maximum of €50 (except in cases of gross negligence).” But it is arguable if falling for a sophisticated fraud is a “case of gross negligence”. It's not the same as a negligent activity such as handing your card to someone in a nightclub.

Under EU Payment Services Directive 2 (PSD2) banks should have in place systems to validate customer identity where a transaction is taking place. Well, do they? (I know my bank – which is not the Bank of Ireland - does so, because I get texts asking me to validate transactions. So if a bank is not compliant with EU payment directives is it not negligent?

By any reasonable standard and considering the requirements of PSD2, a bank should not allow transactions to empty a customer's a/c or make significant withdrawals, without providing for the customer to (a) authenticate the transaction and (b) validate their identity. And if a bank can't do this, should they not warn their customers accordingly?
 
I've never been successfully scammed, but I've grown up with online banking and digital services in general.

I would never claim that there is no scam too sophisticated for me.

Current a/c fees are in one sense a form of compulsory insurance against being scammed.
 
Banks have to answer for this as well. I've had calls from my own bank & CC providers and the first question I was asked was to verify my security information. I declined of course and rang my bank from a different phone and to a different number. The call I received was genuine and had been recorded.

I had the same experience with Bank of Ireland. I logged a formal complaint which went nowhere. They were so clueless they could not see the issue with phoning me from a random number, saying they were from BOI and asking me to verify my identity with my personally identifiable information.
 
I keep getting emails from “my financial adviser” in BOI asking me to get in contact. I’ve never had a financial adviser but suspect this is probably a genuine email looking to sell me something. So these emails are being sent and yet they are warning about unsolicited contacts....
 
After listening to the people who lost money to this scam , on liveline last week, I think that the comments here are quite harsh. If it was their own fault then why did the bank admit that their customers were to be refunded ?
 
I heard a few of the liveline calls about the BOI scam. The main thrust of the argument was that BOI texted them a link from a BOI number which had previously, legitimately, contacted them.

However, this wasn't BOI contacting them. The scammers made it look like they were contacting from the BOI number.

It was a clever scam but I don't see how it's BOI's fault. Someone pretended to be BOI and some customers fell for it.

Similar to the phone scam where you get a phonecall to a landline from a male bank official telling you that your card is compromised. You're instructed to hang up and call the phone number for Card Services, as printed on your debit card. You do this. A female bank official answers and gets your details before cancelling the card.

The scam is that the original caller never hung up, just handed the phone to female accomplice. You think you've initiated a new call to Card Services but you're trying to dial while the line is still active with the scammers. Again, not the banks fault.
 
I agree with some of what you are saying gianni but the bank say that they never ask people for details by text but they also admitted that they actually do , at times, contact people by text. That is why they agreed to refund all the people who were scammed. They also admitted that their system had been hacked.
 
Most banks in the UK are now legally obliged to execute transfer orders only if these also specify the recipient's name (not just the IBAN). It's a simple way of cracking down on a huge percentage of fraud, and I wonder why Ireland hasn't followed suit. Perhaps the usual behind-the-scenes lobbying by banks that don't want the additional work load.
 
Did PSD2 regulation not move the fraud risk responsibility from the consumer or company back to the bank?

It is really surprising how successful these social phishing scams are.
 
A couple of people have explained to me how BOI systems were compromised and the texts came from BOI systems.

I have been unable to convince them otherwise, inc. Mrs Romulan, even though she knows I deal with this stuff for a living.
 
The banks are forcing us to do everything electronically, they have reduce the number of teller spaces in the branches so they must take responsibility for people being conned.
I recently had a call from a very professional person say he was from my bank, saying that my mail was being returned to them and they needed to update my details, (very clever)
When I asked where was he sending it he said he could not give details for security reasons, so I said likewise from me.
 
Last edited:
  • Like
Reactions: jpd
I have just made a payment of £15 from my Ulster Bank account.

I have had to click and click and click to acknowledge that I had read warning notices.

I don't blame Ulster Bank. I blame the people who carelessly or stupidly give out their pins or pay people as a result of a cold call.

Brendan
 
Brendan I think you are being very unfair on the people scammed in the recent BOI case. In that case the text was coming from the BOI number and the link brought people to a website that looked identical to the BOI online banking site. BOI themselves had previously sent links to their site in their own texts from that number.
So the people were not being careless or stupid in giving "out their pins or pay people as a result of a cold call ". In this case the people genuinely believed they were on the BOI website and were logging in to their own account.
BOI were very much at fault here imho for a number of reasons.
1. It seems wide open to abuse to ever send texts with a link to their online banking site - in all my years with UB I have never received such a text.
2. The very minute the first customer raised this with BOI they should have immediately got on top of this alerted all other customers of the scam.
3. As PMU stated above, surely in this day and age "a bank should not allow transactions to empty a customer's a/c or make significant withdrawals, without providing for the customer to (a) authenticate the transaction and (b) validate their identity ".

Certainly I think those people affected by this should learn the lesson to never ever click on a link in a text, instead go to the site themselves and log in that way, but in this case I think BOI have certainly to accept blame as well.
 
Back
Top