Simple fraud

[Arborbridge]

The solution I use to not losing my phone is not to take it with me. I just use my watch to pay - far harder to lose that. Although as the watch has a sim card and can make and receive calls, then is it a phone...

I don't know how secure watch straps are. I had a watch taken from my wrist in Germany and felt only the slightest sensation - by the time I had turned round, the assailant had gone. Slightly less able was a young Romanian (?) lady on the Paris Metro. I caught her just about to pull my wallet out and grabbed it. My goodness, she gave me such a fierce look as though I had no right to stop her. In other circumstances....she was real stunner.

Arb

[AF62]

The solution I use to not losing my phone is not to take it with me. I just use my watch to pay - far harder to lose that. Although as the watch has a sim card and can make and receive calls, then is it a phone...

I don't know how secure watch straps are. I had a watch taken from my wrist in Germany and felt only the slightest sensation - by the time I had turned round, the assailant had gone. Slightly less able was a young Romanian (?) lady on the Paris Metro. I caught her just about to pull my wallet out and grabbed it. My goodness, she gave me such a fierce look as though I had no right to stop her. In other circumstances....she was real stunner.

Arb

Fortunately Apple Watches lock themselves whenever they are removed from your wrist, whether by the wearer or young ladies on the metro(!) and you need to enter a PIN to unlock them (or unlock it by unlocking your phone).

[Arborbridge]

I do nor like the idea of spraying banking apps all over the place and certainly not on my phone where there is absolutely no need for it. If I wanted to I could access my bank via safari just as I do on my desktop or ipad but I never do as I find it too fiddly. Why anyone wants to use their phone for paying anything I know not. A credit card works fine.

I will though warn a female friend because she keeps credit cards in the same wallet as her phone and if she has an app on the phone...........so thanks.

Yes, the fact that people here who obviously know a great deal about phones are disagreeing with each other in their assessment of the risks of using phones for financial transactions does not inspire confidence in me that I should change what has successfully and safely worked for me for decades - using cards (and even the odd cheque, still).

I have twice had my card used by a thief - once when they had the physical card and another time when they evidently had the digits. Both times the bank reimbursed me in full with no question or delay. Works for me.

I'm with you there. I have never had a banking app on the phone until this summer. As I explained, I needed it for a cc to check the PIN. I've left it on as it is quite convenient and as I mention, for purchases they always send an OTP which is quite a good system - I thought, until today! I really have no idea how to handle online purchases (tickets etc) now if they need to send this OTP and I don't have the app.

Arb.

[Stompa]

Frankly this sounds like a poorly researched piece by the BBC who are just taking guesses about what may or may not have happened.

Other banks' security may vary, but with Santander if you click "forgotten details" you can get a reminder of your user id if you know name/address/DoB plus credit card numbers.

In my experience Santander by default set 'Personal ID' to be your card number. You can subsequently change it to a 10 digit number of your choice, but I wonder how many people simply don't bother? When you do change it they helpfully say "Your Personal ID has been changed. Please use your new Personal ID each time you use Online and Mobile Banking. Feel free to write it down as no-one can access your account details with just this information".

[Urbandreamer]

Frankly this sounds like a poorly researched piece by the BBC who are just taking guesses about what may or may not have happened.

Other banks' security may vary, but with Santander if you click "forgotten details" you can get a reminder of your user id if you know name/address/DoB plus credit card numbers.

According to the Santander website you need all of those items.

This may be available within a handbag.

They might be, but most likely are not.

Really?

Some of us use cards, so card details would be there wouldn't they?
How about your photo-ID, sorry driving license? Isn't the rest there? Some of us do drive and as officially legally required do carry it when driving.
Finally, you need a phone to receive a SMS. Of course you could have one of those mega encrypted Iphones, which would not protect you if the SIM was simply moved to another phone to receive the text.

The problem isn't the phone or any security it has. It's the need to carry all this, then to leave it in a gym locker.

Personally I have made the same mistake, but got away with it. I won't be leaving such things in the locker when skiing and if swimming will leave the phone in the glove compartment of the car.

So does anyone agree as the cause? Why didn't the journalists point out that we should avoid these risks, rather than seek a technical solution? Sure, we shouldn't "blame" the victim, but as I said, I have learned from her mistake.

[Dod101]

I do nor like the idea of spraying banking apps all over the place and certainly not on my phone where there is absolutely no need for it. If I wanted to I could access my bank via safari just as I do on my desktop or ipad but I never do as I find it too fiddly. Why anyone wants to use their phone for paying anything I know not. A credit card works fine.

I will though warn a female friend because she keeps credit cards in the same wallet as her phone and if she has an app on the phone...........so thanks.

Yes, the fact that people here who obviously know a great deal about phones are disagreeing with each other in their assessment of the risks of using phones for financial transactions does not inspire confidence in me that I should change what has successfully and safely worked for me for decades - using cards (and even the odd cheque, still).

I have twice had my card used by a thief - once when they had the physical card and another time when they evidently had the digits. Both times the bank reimbursed me in full with no question or delay. Works for me.

Yes. Not for the first time we are in agreement. I never use my phone for banking transactions, mainly because I like to keep them out of the public domain. I too use cheques sometimes but I often revert to old fashioned cash. Untraceable, easy and no fuss.

Dod

[AF62]

I do nor like the idea of spraying banking apps all over the place and certainly not on my phone where there is absolutely no need for it.
If I wanted to I could access my bank via safari just as I do on my desktop or ipad but I never do as I find it too fiddly.

If you trust using a web browser on a phone or a desktop pc, then not trusting a dedicated banking app makes little sense.

As for the need, well not everyone banks with a private bank that has a dedicated representative to answer the phone immediately, and so they do need a quick, easy, and secure way to access their account when away from home.

Why anyone wants to use their phone for paying anything I know not. A credit card works fine.

One less thing to carry - the card, as most people will always have their phone.

An immediate notification of that transaction, or any other transaction, on the phone.

The ability to carry a range of cards for different purposes.

Single use virtual cards for online transactions.

How about your photo-ID, sorry driving license? Isn't the rest there? Some of us do drive and as officially legally required do carry it when driving.

Not in the UK you aren’t.

https://www.gov.uk/legal-obligations-drivers-riders

Finally, you need a phone to receive a SMS. Of course you could have one of those mega encrypted Iphones, which would not protect you if the SIM was simply moved to another phone to receive the text.

Take the sim out of my phone and it won’t work in another phone because I have the sim PIN set. In fact turn my phone off and back on again and the sim won’t work until you enter the sim PIN.

If you haven’t done this then I seriously recommend doing so as it stops anyone doing anything with it. A well known risk, particularly a risk when on holiday, is someone stealing your phone then putting the sim in their phone and then running up a huge phone bill calling overseas or premium rate numbers.

https://www.samsung.com/sg/support/mobi ... le-device/

https://support.apple.com/en-gb/HT201529

The problem isn't the phone or any security it has. It's the need to carry all this, then to leave it in a gym locker.

Personally I have made the same mistake, but got away with it. I won't be leaving such things in the locker when skiing and if swimming will leave the phone in the glove compartment of the car.

Which is why I prefer a cellular watch when I go to the gym - nothing of value needs to be left in a locker as phone and payment cards are kept on my wrist - and I can listen to music and podcasts from it on earphones whilst I exercise..

So does anyone agree as the cause? Why didn't the journalists point out that we should avoid these risks, rather than seek a technical solution? Sure, we shouldn't "blame" the victim, but as I said, I have learned from her mistake.

From the website article and the radio article nobody knows how the fraud happened - although as I mentioned before the interviewer decided not to ask some questions of the victim about the most likely way the thieves accessed her phone.

As a result there seemed to be a whole lot of assumption from the journalists about what might have happened with the most convoluted explanation decided as the likely answer because it makes a good story.

[Urbandreamer]

How about your photo-ID, sorry driving license? Isn't the rest there? Some of us do drive and as officially legally required do carry it when driving.

Not in the UK you aren’t.

https://www.gov.uk/legal-obligations-drivers-riders

Sorry I was misinformed, by the police.

As for your comments about SIM codes,
EVERYONE PAY ATTENTION!

My SIM was NOT coded. I suspect that this is not uncommon with sim only contracts or sim's that you can buy over the counter.
I managed to lock my phone trying to set it up, so find out how first. But PAY ATTENTION TO AF62 on this.

It's an extra operation, but may stop SIM swap attacks.

[Dod101]

I do nor like the idea of spraying banking apps all over the place and certainly not on my phone where there is absolutely no need for it.
If I wanted to I could access my bank via safari just as I do on my desktop or ipad but I never do as I find it too fiddly.

If you trust using a web browser on a phone or a desktop pc, then not trusting a dedicated banking app makes little sense.

As for the need, well not everyone banks with a private bank that has a dedicated representative to answer the phone immediately, and so they do need a quick, easy, and secure way to access their account when away from home.

Why anyone wants to use their phone for paying anything I know not. A credit card works fine.

One less thing to carry - the card, as most people will always have their phone.

An immediate notification of that transaction, or any other transaction, on the phone.

The ability to carry a range of cards for different purposes.

Single use virtual cards for online transactions.

How about your photo-ID, sorry driving license? Isn't the rest there? Some of us do drive and as officially legally required do carry it when driving.

Not in the UK you aren’t.

https://www.gov.uk/legal-obligations-drivers-riders

I carry a credit/debit card in priority to a phone. It works fine on that basis. I have no idea really about a banking app on my phone because I do not have one except the general Safari which seems to me to be pretty foolproof. I do not bank with a private bank that has a dedicated representative to answer the phone immediately. Total waste of money. I am perfectly happy and able to access my bank from my Ipad when travelling, and that mostly just to check on my state of affairs.

Dod

Finally, you need a phone to receive a SMS. Of course you could have one of those mega encrypted Iphones, which would not protect you if the SIM was simply moved to another phone to receive the text.

Take the sim out of my phone and it won’t work in another phone because I have the sim PIN set. In fact turn my phone off and back on again and the sim won’t work until you enter the sim PIN.

If you haven’t done this then I seriously recommend doing so as it stops anyone doing anything with it. A well known risk, particularly a risk when on holiday, is someone stealing your phone then putting the sim in their phone and then running up a huge phone bill calling overseas or premium rate numbers.

https://www.samsung.com/sg/support/mobi ... le-device/

https://support.apple.com/en-gb/HT201529

The problem isn't the phone or any security it has. It's the need to carry all this, then to leave it in a gym locker.

Personally I have made the same mistake, but got away with it. I won't be leaving such things in the locker when skiing and if swimming will leave the phone in the glove compartment of the car.

Which is why I prefer a cellular watch when I go to the gym - nothing of value needs to be left in a locker as phone and payment cards are kept on my wrist - and I can listen to music and podcasts from it on earphones whilst I exercise..

So does anyone agree as the cause? Why didn't the journalists point out that we should avoid these risks, rather than seek a technical solution? Sure, we shouldn't "blame" the victim, but as I said, I have learned from her mistake.

From the website article and the radio article nobody knows how the fraud happened - although as I mentioned before the interviewer decided not to ask some questions of the victim about the most likely way the thieves accessed her phone.

As a result there seemed to be a whole lot of assumption from the journalists about what might have happened with the most convoluted explanation decided as the likely answer because it makes a good story.

[Arborbridge]

I've never kept a banking app on my phone until this summer. It was the only way I could get a PIN reminder when I was on holiday, without which I could not use my credit card, because they won't email it and there was no way I could get home to pick up the post.

I don't do any financial business on my phone, simply because I cannot predict all the ways that it could potentially be compromised.

Forgetting PINs is a problem so I do have a written list of them all on a piece of paper, carefully disquised in case it falls into the wrong hands. Again, kept very separate from my cards!

The incident about my PIN was quite frustrating, because I did not forget it - at least not initial. I got the PIN right but there was very bad lighting and I couldn't see the keyboard properly, so it was keyed in wrongly. Then, thinking I had miss-rememebered it, I then chased down the wrong combinations, thinking I must have got it wrong in the first place. The right notes, but in the wrong order, so to speak.

I still manage to have a collection of cards, all with different PINs which I do not have to write down - but these days I find I am more hesitant recalling them. The writing is on the wall!

Arb.

[AF62]

As for your comments about SIM codes,
EVERYONE PAY ATTENTION!

My SIM was NOT coded. I suspect that this is not uncommon with sim only contracts or sim's that you can buy over the counter.
I managed to lock my phone trying to set it up, so find out how first. But PAY ATTENTION TO AF62 on this.

It's an extra operation, but may stop SIM swap attacks.

Thank you.

Stealing a phone and putting it in another to make high value calls was a 'big thing' about 10 years ago before roaming was free in Europe, when the telecoms operators would allow people to run up huge bills claiming that they couldn't possibly know how someone was using the phone for days or weeks afterwards until the overseas operators bills turned up, despite the fact that the overseas operator was frequently them...

Whether such a fraud will reappear now roaming charges are back, who knows, but anyway putting a sim PIN on stops any potential mischief.

https://ee.co.uk/help/help-new/getting- ... 0is%201111.
https://support.vodafone.co.uk/SIM/1488 ... my-SIM.htm
https://www.o2.co.uk/business/support/d ... pin/device
https://support.three.co.uk/SRVS/CGI-BI ... XT(EM84993)

Be careful doing it though, since if you enter the PIN wrong three times it locks the sim.

I still manage to have a collection of cards, all with different PINs which I do not have to write down - but these days I find I am more hesitant recalling them. The writing is on the wall!

A lot of people are unaware that UK banks and card companies are obliged to offer Chip & Signature cards to those who cannot use PIN cards (although unfortunately not all bank staff are well trained and either deny their existence or attempt to enter into discussions about *why* such a card is needed - they are not medical professionals so their view about need is irrelevant).

When the card is used for a transaction that would require a PIN, when the card is inserted in the terminal then the terminal will automatically spit out a piece of paper for signature - just like it did in the old days before PINs.

However retailers who rarely see such cards unfortunately frequently refuse to take them making up spurious reasons for their refusal, even though it is illegal for the retailer to do so - https://www.theguardian.com/money/2019/ ... ing-impact

[UncleEbenezer]

BTW, I don't think notifications appear in full like that on my phone, but they do on my wife's. On mine, you need to log in to open the message and the notification is just an icon.

Ps, if I turn my SMS notifications off then I never know that I get ANY txt, which means that I'll get no communications from my kids.

That's a phone setting. I (usually) keep notifications on so I know there's a new message, but never display the actual message without unlocking.

If you trust using a web browser on a phone or a desktop pc, then not trusting a dedicated banking app makes little sense.

On the contrary! Web browsers, being open source, get lots of scrutiny. Including government-sponsored and bigco-sponsored audits, and bug bounties. Banking apps are not. So the risk of a banking app having a serious flaw that passes unnoticed is thousands of times higher than a web browser.

[pje16]

As per You & Yours on radio 4, be careful if you allow notifications to appear on your phone screen when locked.

If a theif gets hold of your credit card and your phone (by stealing a handbag or something), all they need to do is:

1. Install your bank's app on another phone.

falls over at step 1 with First Direct
you have to call them when the app is installed on your mobile and go through security questions

[Arborbridge]

As per You & Yours on radio 4, be careful if you allow notifications to appear on your phone screen when locked.

If a theif gets hold of your credit card and your phone (by stealing a handbag or something), all they need to do is:

1. Install your bank's app on another phone.

falls over at step 1 with First Direct
you have to call them when the app is installed on your mobile and go through security questions

That's nice to know, but in the example she was with Santander.

[Arborbridge]

On the contrary! Web browsers, being open source, get lots of scrutiny. Including government-sponsored and bigco-sponsored audits, and bug bounties. Banking apps are not. So the risk of a banking app having a serious flaw that passes unnoticed is thousands of times higher than a web browser.

Probably correct. Not only that, but banks have this imperious attitude where nothing is their fault: their first shot is that it is the victim's fault. Then we as consumers are put on the back foot to start with, and have to push back to prove some fault in their system - and that is almost impossible, since they are (at least initially)judge and jury and have the inside technical know how.

Look at the scandal of ATMs when they insisted absolutely nothing could go wrong - it took years to prove they were wrong.

Arb.

[pje16]

That's nice to know, but in the example she was with Santander.

Yes I can read
I was just pointing out one that was safe

[Arborbridge]

Incidentally, apropo of ladies and their handbags....

Just this morning we took the car in for service. As we walked away to go down to the shops, my wife realised there was something missing - our rucksac, inside which was her phone and credit cards, all together. DOH!


Arb.

[Arborbridge]

That's nice to know, but in the example she was with Santander.

Yes I can read
I was just pointing out one that was safe

I find I read, but not necessarily in the right order

[pje16]

That's nice to know, but in the example she was with Santander.

Yes I can read
I was just pointing out one that was safe

I find I read, but not necessarily in the right order

somewhat like this then
https://www.youtube.com/watch?v=uMPEUcVyJsc

[GeoffF100]

Ps, if I turn my SMS notifications off then I never know that I get ANY txt, which means that I'll get no communications from my kids.

You turn off notifications from the lock screen. The notification will still sound. If you unlock the phone, you can view it (by swiping down from the top of the screen on Android).