# "Bank customers should save themselves from scams"



## Brendan Burgess (16 Aug 2020)

I agree with this opinion piece by Niall Brady









						Niall Brady: Bank customers should save themselves from scams
					

Moral hazard is as much a part of banking as cheesy advertising, endless cost-cutting, and indifferent service. Banks know that they can lend recklessly and wit




					www.thetimes.co.uk
				




If someone gives their pin in response to a text or email or cold call, they should not be reimbursed by the bank.

Brendan


----------



## Saavy99 (16 Aug 2020)

Brendan Burgess said:


> I agree with this opinion piece by Niall Brady
> 
> 
> 
> ...



For years now we are constantly being warned and warned against this practise, yet people are not listening or they just being plain stupid.


----------



## NoRegretsCoyote (16 Aug 2020)

I once worked in a shop beside an ATM.

A customer came in one time to ask me to help her use the ATM. She had the card and the PIN together in the same wallet and was asking a complete stranger to operate the machine for her.

My point is that a lot of people are not very clever. It's very hard to design a system that is resistant to ignorance.

Should people have to pay for their stupidity?


----------



## Brendan Burgess (16 Aug 2020)

NoRegretsCoyote said:


> Should people have to pay for their stupidity?



Yes.  I am tired bailing them out.

If someone can't use an ATM, then they should not have a  card. 

If someone is defrauded in this way, they should have their card cancelled.

Brendan


----------



## Saavy99 (16 Aug 2020)

Brendan Burgess said:


> Yes.  I am tired bailing them out.
> 
> If someone can't use an ATM, then they should not have a  card.
> 
> ...



Some people would be better off not having internet banking for their own protection. However, there is less and less of an alternative as society moves towards a cashless society and scammers become increasingly more sophisticated.  In another thread there is mention of post office savings  books for children maybe a retrieval of these for some less capable internet savvy adults is required.


----------



## Thirsty (16 Aug 2020)

Elderly people are particularly vulnerable to telephone scams.

There's numerous newspaper accounts in recent years of an elderly person being brought to an ATM and made to take out money.

Its grossly unfair to exclude them from financial facilities on grounds of their age.

Edit to add: modern day systems are incredibly difficult for elderly people to navigate and there's little alternative offered to them.

Banks have to answer for this as well.  I've had calls from my own bank & CC providers and the first question I was asked was to verify my security information.  

I declined of course and rang my bank from a different phone and to a different number.  The call I received was genuine and had been recorded. 

A 6 digit pin (with random selection)  could be put in place for ATMs but banks decline to do so on grounds of cost.

So we can't just blame the punters here.


----------



## NoRegretsCoyote (16 Aug 2020)

Thirsty said:


> Banks have to answer for this as well.



Indeed.

I don't bank with AIB anymore but when I did my user ID was my date of birth followed by (I presume) two random digits.

Knowing my DOB and a guess would get the user ID right 1% of the time.


----------



## PMU (16 Aug 2020)

No.  The issue concerns a lax attitude to customer protection by some banks.  Here's a summary of consumer rights in the EU in relation to bank payments: https://ec.europa.eu/info/sites/inf...uments/leaflet-your-rights-payments-eu_en.pdf .  It clearly states that “Your liability in case of an unauthorised payment – for instance if your credit card is stolen – is limited to a maximum of €50 (except in cases of gross negligence).”   But it is arguable if falling for a sophisticated fraud is a “case of gross negligence”.   It's not the same as a negligent activity such as handing your card to someone in a nightclub.

Under EU Payment Services Directive 2 (PSD2) banks should have in place systems to validate customer identity where a transaction is taking place.  Well, do they?  (I know my bank – which is not the Bank of Ireland - does so, because I get texts asking me to validate transactions.  So if a bank is not compliant with EU payment directives is it not negligent?

By any reasonable standard and considering the requirements of PSD2, a bank should not allow transactions to empty a customer's a/c or make significant withdrawals, without providing for the customer to (a) authenticate the transaction and (b) validate their identity.  And if a bank can't do this, should they not warn their customers accordingly?


----------



## NoRegretsCoyote (16 Aug 2020)

I've never been successfully scammed, but I've grown up with online banking and digital services in general.

I would never claim that there is no scam too sophisticated for me.

Current a/c fees are in one sense a form of compulsory insurance against being scammed.


----------



## odyssey06 (16 Aug 2020)

Thirsty said:


> Banks have to answer for this as well.  I've had calls from my own bank & CC providers and the first question I was asked was to verify my security information. I declined of course and rang my bank from a different phone and to a different number.  The call I received was genuine and had been recorded.



I had the same experience with Bank of Ireland. I logged a formal complaint which went nowhere. They were so clueless they could not see the issue with phoning me from a random number, saying they were from BOI and asking me to verify my identity with my personally identifiable information.


----------



## Zebedee (16 Aug 2020)

I keep getting emails from “my financial adviser” in BOI asking me to get in contact. I’ve never had a financial adviser but suspect this is probably a genuine email looking to sell me something. So these emails are being sent and yet they are warning about unsolicited contacts....


----------



## joer (16 Aug 2020)

After listening to the people who lost money to this scam , on liveline last week, I think that the comments here are quite harsh. If it was their own fault then why did the bank admit that their customers were to be refunded ?


----------



## gianni (16 Aug 2020)

I heard a few of the liveline calls about the BOI scam. The main thrust of the argument was that BOI texted them a link from a BOI number which had previously, legitimately, contacted them.

However, this wasn't BOI contacting them. The scammers made it look like they were contacting from the BOI number. 

It was a clever scam but I don't see how it's BOI's fault. Someone pretended to be BOI and some customers fell for it. 

Similar to the phone scam where you get a phonecall to a landline from a male bank official telling you that your card is compromised. You're instructed to hang up and call the phone number for Card Services, as printed on your debit card. You do this. A female bank official answers and gets your details before cancelling the card.

The scam is that the original caller never hung up, just handed the phone to female accomplice. You think you've initiated a new call to Card Services but you're trying to dial while the line is still active with the scammers. Again, not the banks fault.


----------



## joer (16 Aug 2020)

I agree with some of what you are saying gianni but the bank say that they never ask people for details by text but they also admitted that they actually do , at times, contact people by text. That is why they agreed to refund all the people who were scammed. They also admitted that their system had been hacked.


----------



## tomdublin (17 Aug 2020)

Most banks in the UK are now legally obliged to execute transfer orders only if these also specify the recipient's name (not just the IBAN).  It's a simple way of cracking down on a huge percentage of fraud, and I wonder why Ireland hasn't followed suit.  Perhaps the usual behind-the-scenes lobbying by banks that don't want the additional work load.


----------



## DublinHead54 (17 Aug 2020)

Did PSD2 regulation not move the fraud risk responsibility from the consumer or company back to the bank? 

It is really surprising how successful these social phishing scams are.


----------



## Romulan (17 Aug 2020)

A couple of people have explained to me how BOI systems were compromised and the texts came from BOI systems.

I have been unable to convince them otherwise, inc.  Mrs Romulan, even though she knows I deal with this stuff for a living.


----------



## roker (17 Aug 2020)

The banks are forcing us to do everything electronically, they have reduce the number of teller spaces in the branches so they must take responsibility for people being conned.
I recently had a call from a very professional person say he was from my bank, saying that my mail was being returned to them and they  needed to update my details, (very clever)
When I asked where was he sending it he said he could not give details for security reasons, so I said likewise from me.


----------



## Brendan Burgess (17 Aug 2020)

I have just made a payment of £15 from my Ulster Bank account. 

I have had to click and click and click to acknowledge that I had read warning notices. 

I don't blame Ulster Bank.  I blame the people who carelessly or stupidly give out their pins or pay people as a result of a cold call.

Brendan


----------



## Ceist Beag (17 Aug 2020)

Brendan I think you are being very unfair on the people scammed in the recent BOI case. In that case the text was coming from the BOI number and the link brought people to a website that looked identical to the BOI online banking site. BOI themselves had previously sent links to their site in their own texts from that number.
So the people were not being careless or stupid in giving "out their pins or pay people as a result of a cold call ". In this case the people genuinely believed they were on the BOI website and were logging in to their own account.
BOI were very much at fault here imho for a number of reasons.
1. It seems wide open to abuse to ever send texts with a link to their online banking site - in all my years with UB I have never received such a text.
2. The very minute the first customer raised this with BOI they should have immediately got on top of this alerted all other customers of the scam.
3. As PMU stated above, surely in this day and age "a bank should not allow transactions to empty a customer's a/c or make significant withdrawals, without providing for the customer to (a) authenticate the transaction and (b) validate their identity ".

Certainly I think those people affected by this should learn the lesson to *never ever* click on a link in a text, instead go to the site themselves and log in that way, but in this case I think BOI have certainly to accept blame as well.


----------



## Thirsty (17 Aug 2020)

Until you've been there, I don't think you can fully understand the extreme difficulty modern day customer systems place on our elderly people.

Call centres, not branches, multi-menu systems when you are hard of hearing, advice to use their website or email when you don't own a computer and have no idea how to use one, you talk to a different person every time you ring, diverse accents exacerbate your hearing difficulties, the operator has had zero training in the difficulties elderly people face.  Every time the call is transferred, the entire range of security questions is asked again.

I have been on one of these calls, as a support, where there was suspected fraud (thankfully stopped) with an elderly family member and could have wept for the way they were treated.


----------



## Zenith63 (17 Aug 2020)

I think there needs to be some level of personal responsibility, but the reality is the retail financial sector has a long history of not taking security seriously.

Until they put properly designed systems in-place that do not leave end-users as vulnerable, they should bare the cost of fraud.  In-fact I'd go a step further and say that instead of just refunding your few quid and forgetting about it, they should be fined in the same way they would for credit card information loss or personal data breaches under PCI-DSS/GDPR, to put a bigger cost on improperly designed systems.

There is utterly no need for the systems to leave people as exposed as they do, it's simply a problem of the incentives not being setup correctly to encourage banks to take it seriously.  Hopefully PSD2 and future iterations will go some way to improving this.


----------



## PMU (17 Aug 2020)

On PSD2, I note that the Central Bank says it has given additional time, until 31 Dec 2020, for compliance with PSD2 for card-based transactions. https://www.centralbank.ie/regulation/psd2-overview. So it would appear a bank is currently not delinquent if it does not authenticate transactions in the way envisaged the directive.


----------



## joer (17 Aug 2020)

I agree with you Ceist Beag. And some people actually clicked on the link to unsubscribe and it still brought up their details. Other people contacted their bank when this happened to them and two days later the money was taken from their accounts. This is surely not the fault of the customer...


----------



## JMJR (19 Aug 2020)

I was nearly caught by this scam. Was not fully thinking and was preoccupied as I needed access to 365 for some upcoming transactions. As you can see there's a good facsimile of the 365online web page including the secure padlock icon. I copped on while inputting details.
As I thought it quite sophisticated I took screen grabs and sent to BOI 365 Security on 22 Feb last. Got no response. See the attached for a screen grabs (Apple Phone)


----------



## EmmDee (19 Aug 2020)

JMJR said:


> I was nearly caught by this scam. Was not fully thinking and was preoccupied as I needed access to 365 for some upcoming transactions. As you can see there's a good facsimile of the 365online web page including the secure padlock icon. I copped on while inputting details.
> As I thought it quite sophisticated I took screen grabs and sent to BOI 365 Security on 22 Feb last. Got no response. See the attached for a screen grabs (Apple Phone)



I know for people less used to tech (e.g. older customers and mentioned above), the examples you gave might work. But the examples do highlight basic rules / indicators; poor grammar in the text, dodgy website address which isn't the original and never click a link - always go to the site you want independently (or use the app).

The facsimile of the website is the easiest thing to do - so nobody would be able to tell by looking at the website. And BOI security probably can do little about it other than continue to warn people not to click links or input details when they haven't initiated the website. The can't easily take down the website


----------



## EO2020 (19 Aug 2020)

That text could not look more like a phishing scam if it tried!  And surely if you online bank with BOI, you now what the name of the website is? 

There has to be an element of personal responsibility. If you don't know how to use phone or online banking, you shouldn't be on it.


----------



## Sunny (19 Aug 2020)

EO2020 said:


> That text could not look more like a phishing scam if it tried!  And surely if you online bank with BOI, you now what the name of the website is?
> 
> There has to be an element of personal responsibility. If you don't know how to use phone or online banking, you shouldn't be on it.



Good for you. Must be great for you and others to be intellectually superior. Banks are pusing their customers more and more on to online and digital channels. This includes people like the elderly and other vunerable groups. There are plenty of people who love to take your advice and get off online banking but the banks have made it all but impossible to avoid it.

The scam was extremely sophisticated. These scams are not deisgned to catch out 100 people. They are designed to catch out one person not paying attention or not full au fait with the internet. Do you want to explain to my 75 year old mother why the URL in that screenshot is not a link to BOI? They also managed to get their scam text inserted so that it appeared as if it came from the same place as other genuine texts from BOI. This was actually one of the most sophisticated scams I have seen in a while. 

I still see people and I bet there are people here including myself who blindly give out card details over the phone to hotels, shops and other companies....I have seen people leave their cards behind the bar for a tab. People shop online and allow shops to store their card details to 'speed up' their next purchase....We previously heard how chip and pin was completely safe until it wasn't. I know someone who let never changed their address with the bank and allowed correspondance go to a rental house and got scammed. That person worked in IT security. Scams, fraud, theft can affect anyone. Yes, personal responsibility does play a part and no the banks can't be held responsible every time there is a scam but reading the posts above, I have to say that I hope you never get to say 'I told you so' or ask why 'you were so stupid' to an elderly relative.


----------



## Brendan Burgess (19 Aug 2020)

So Sunny

Do you make any distinction between your 75 year old mother and a 40 year old who is IT literate and fell for the scam? 

Your mother and others who don't want to use 21st century technology can go to the Credit Union or Post Office. 

The banks are right to encourage people to go online.  If people don't want to go online, then they should stop using the banks. 

We have reached a crazy situation in Ireland where people are no longer responsible for their own actions or errors. 

I feel sorry for people who are scammed. I feel sorry for people whose bicycles are stolen. I feel sorry for people whose houses are burgled. But I don't see why the bank should compensate them. 

And if you do persuade me that the bank should compensate them, then they absolutely must lose access to online banking. 

Brendan


----------



## Sunny (19 Aug 2020)

Was there a 40 year old who was computer literate person taken in by that scam?

Credit Unions and Post Offices use 21st century technology too Brendan and are just as easy to scam or defraud or do you think that people just go around with savings books? That's modern banking

If you are a BOI customer and you feel so strongly about them compensating victims of this scam and the fact that you will somehow have to pay for it (although I don't really understand your argument), then why don't you leave BOI or any other bank with such a business practice since you feel so strongly about it. 

I don't actually believe that banks should automatically compensate people for scams. And they don't. I am unaware of any other large scams that banks have compensated customers for apart from this one. And even this, I have no idea how many people were impacted and how exactly the scam worked. Where were mobile numbers got? How did they manage to drop the scam texts into genuine marketing texts from BOI? Despite what the bank says, that is not a common occurrence for these scams. So maybe the bank had a weakness somewhere that they are not willing to publicise. Or there was a weakness in a marketing company or telecommunications company that they use and got exploited. 

Maybe banks need to learn a lesson. There is no need to send marketing texts or e-mails. Make it default to no advertising to people unless they actually state they want to want to hear from the bank using text or e-mail method of communication. Every person over the age of 60 should be targeted for a marketing campaign to stress that they should never respond to e-mails or texts or give any information. And I mean a proper marketing campaign. Not online or on social media but through post and in branch.  They should be encouraged to contact their local branch if they receive any sort of text or email from the bank looking for information. They should be offered in branch support to learn how to use online banking safely if they want to use it. They should be asked to confirm that they are comfortable with online banking and the risks before being allowed to use it. 

We spend an awful of money and time protecting people when it comes to things like investments. Even though a lot of us would never invest in some of the junk that we see offered. Maybe we should spend a fraction of that money making sure that any vulnerable groups are protected using these 21st Century bank channels rather than be told they are shouldn't be allowed to be customers if they are stupid enough to get caught out.


----------



## joer (19 Aug 2020)

I have heard many times about people who were "persuaded" to give their personal details and I always said "how stupid these people were to give their details" but this came from a recognised BOI number. When they clicked on the link all their details were presented before them . Everyone who I heard speak about this last week , even one person who was trained to watch out for this kind of behavior got caught by this scam. It was not stupid people at all.


----------



## WolfeTone (19 Aug 2020)

Ceist Beag said:


> I think you are being very unfair on the people scammed



I would be in general agreement with this sentiment. 
I would be of the view that most people are careful with their details, but the very nature of fraud is deception, and good fraudsters are good are deceiving people from time to time. Regardless of how careful people are invariably they drop their guard from time to time. My understanding is that most of these scams are pitched far and wide in the hope that a few people will have dropped their guard or unintentionally provide personal info and thus get scammed.
I'm not sure what the level of this fraud is but I would hazard a guess that banks hold insurance policies to cover it?


----------



## Ceist Beag (19 Aug 2020)

Brendan Burgess said:


> Your mother and others who don't want to use 21st century technology can go to the Credit Union or Post Office.
> 
> The banks are right to encourage people to go online.  If people don't want to go online, then they should stop using the banks.
> 
> ...


Brendan I feel you have a blind spot in this one. In this particular BOI scam do you accept that BOI have a responsibility here to their customers? BOI have admitted themselves that they were at fault here but you still seem to think this was a case of customers being stupid.


----------



## Brendan Burgess (19 Aug 2020)

Hi Ceist

My general principle would be that people should be careful and should not be compensated for giving out their details to a website or cold caller.

However, I was not aware that BoI had admitted that they were in the wrong.  If they were in the wrong and if the customer was not careless , then the customer should not be paying. 

Brendan


----------



## Sunny (19 Aug 2020)

Brendan Burgess said:


> Hi Ceist
> 
> My general principle would be that people should be careful and should not be compensated for giving out their details to a website or cold caller.
> 
> ...



I don't think BOI have admitted they were wrong. Doesn't mean that there wasn't a weakness on their side that was exploited to allow the texts to be sent in the first place.


----------



## cremeegg (19 Aug 2020)

Thirsty said:


> Elderly people are particularly vulnerable to telephone scams.



Just a tad condescending ?


----------



## joer (19 Aug 2020)

I was also thinking that you were been very harsh but  now I understand  your comments Brendan.


----------



## cremeegg (19 Aug 2020)

This scam was first reported on AAM on 22 July,  more than 3 weeks before the times article.

https://www.askaboutmoney.com/threads/boi-suspicious-activity.218823/

The aspect of this that strikes me as most significant is that the scammers used a genuine BOI text to contact customers.

There is no clear line, only degrees of difference,  between stupid careless customers who cannot mind their details and people who fall victim to sophisticated scams believing that they are dealing with the bank.

[ I made a similar point previously about there being no clear line between people who couldn't pay their mortgage and those who could but wouldn't.]


----------



## Sunny (19 Aug 2020)

cremeegg said:


> This scam was first reported on AAM on 22 July,  more than 3 weeks before the times article.
> 
> https://www.askaboutmoney.com/threads/boi-suspicious-activity.218823/
> 
> ...



And yet you clicked the link because you thought it came from a genuine source so were curious even after checking your account and therefore could have infected your phone with malware or even worse....Even though you know BOI will never send a link

You might not have given your account details but according to Brendan and co, you are now too stupid to own a phone. Please give it back.


----------



## cremeegg (19 Aug 2020)

Sunny said:


> And yet you clicked the link because you thought it came from a genuine source




Yes I clicked the link because I thought it came from a genuine source. It did come from a genuine source, the BOI text number, being used by scammers.




Sunny said:


> Even though you know BOI will never send a link



That wasnt something I was aware of.



Sunny said:


> You might not have given your account details but according to Brendan and co, you are now too stupid to own a phone. Please give it back.



Where should I send it ?


----------



## Early Riser (19 Aug 2020)

BOI very recently sent an email warning about fraud and the various things a customer should not do - very bold lettering. No doubt this was a follow up to the recent scam. My neighbour also got it - but refused to open it or read it. He had been listening to the saga on Joe Duffy and he was convinced that this email was an attempt to scam him.

As an aside, I have certainly got emails and correspondence from BOI over the years regarding scamming. To be honest I generally view it now as junk correspondence and ignore it. As I expect others do.


----------



## EmmDee (19 Aug 2020)

cremeegg said:


> .... It did come from a genuine source, the BOI text number, being used by scammers.



I know it's a technical point but the scammers didn't "use" the BOI number. What they did was fake the "from" number in the text. Your phone then read that and included it in any existing text list from the same number (or identified as BOI on your phone if you have the number saved in contacts). The exact same thing can be done with emails - the "from" address can be easily spoofed and then your email app will include it in the email chain from that address.

BOI didn't lose access to the number or get hacked. There's not a lot they can do. Nobody should assume a text or email is coming from the source your phone claims. And therefore treat it as any random text or email asking you to click a link


----------



## Sunny (19 Aug 2020)

cremeegg said:


> Yes I clicked the link because I thought it came from a genuine source. It did come from a genuine source, the BOI text number, being used by scammers.



These scams work to fool your phone to think it came from the BOI number so your phone will group it with genuine texts from BOI.



cremeegg said:


> That wasnt something I was aware of.



Doubt many people are to be honest. So imagine you are an elderly person getting a text from what appears to be a genuine number linking to a website that appears identical to the banking website you have used previously....And then have people call them stupid.....



cremeegg said:


> Where should I send it ?



I will send you details on where to send it through private message. Also, if you could e-mail me through your PIN that would be great as well to make things easier....Trust me. My name is Sunny.


----------



## Monbretia (19 Aug 2020)

I listened to days of that Joe Duffy topic and have to say I could understand how some were caught, they were far from all elderly, one was quite young as in a college student who should be well up with technology.

I listened to many of the stories and especially the fact that the txts were dropped into the existing BOI thread of messages on phones, also BOIs t&c for online had a portion read out by one woman where it actually says they will contact you by txt if they suspect fraud on your account so in fairness no one reads the t&cs probably but the bank can hardly say now they don't send anything of importance on txt messages. 

As an ex banker myself I was not on the bank's side in this one even though when the discussion started I presumed the people involved had all been careless but there was more to it than that, BOI knew the problem was going on for months and there was too much information available to the scammers, in some cases they had info on the accounts you would not expect them to have gained before actually getting to talk/txt customer.   To be honest I actually really thought the scammers had some 'in' to BoI systems or info, now probably not and I presume we just have very smart scammers but it really sounded like a very insecure system.

I use online banking myself but never on a phone but then again I'm more old school and am working on a computer every day so it's handier to use it.    Telling older people go to Post Office or CU is neither here nor there, not all are able to do this so online access is handy if they are able to use it, however it should be a bit more secure than having any scammer able to drop txts into a legitimate thread of txts from a bank or being able to make a call look like it's coming from any number they want.   It it can't be made more secure then txt system should not be used for important stuff in my opinion.   BOI in their statement to JD show (I think or statement to someone anyway) said they don't put anything of importance in the txt messaging system which contradicts the t&cs read out but if it's that unimportant why bother using it at all when it's a pathway for this stuff.


----------



## Ceist Beag (19 Aug 2020)

Brendan Burgess said:


> Hi Ceist
> 
> My general principle would be that people should be careful and should not be compensated for giving out their details to a website or cold caller.
> 
> ...


As per , from the CEO Retail Ireland, Bank of Ireland in relation to this issue, 


> "We know that Bank of Ireland can do more to build awareness around fraud and we are committed to doing that. "



That's the closest thing to an admission that they were wrong that you will get from a bank!


----------



## Brendan Burgess (19 Aug 2020)

Ceist Beag said:


> That's the closest thing to an admission that they were wrong that you will get from a bank!



That might be the closes, but it's not admitting that they did anything wrong in this case.  From reading through this thread, it seems that BoI did not do anything wrong.  

Brendan


----------



## Ceist Beag (19 Aug 2020)

I disagree Brendan. BOI failed to adequately deal with the issue when it was first reported to them. They did not take enough measures to protect customers. By refunding the customers the bank have accepted that the customers were not at fault here and they have admitted that their own processes were not adequate for protecting customers from such fraud.


----------



## Early Riser (19 Aug 2020)

Ceist Beag said:


> By refunding the customers the bank have accepted that the customers were not at fault here



Surely that puts the bank in a lose-lose situation. If they didn't offer refunds they would have been condemned in the court of public opinion and on the Joe Duffy show (if there is a difference between these). And offering refunds is being interpreted as "admitting" guilt. 

It seems to me this was a very sophisticated fraud, operated by very sophisticated fraudsters. I am pleased for the customers involved that they will not be losing out. But I find it hard to see that the the bank has responsibility.  No doubt we will see as scams as sophisticated in the future - or even more sophisticated. What then ?


----------



## Thirsty (19 Aug 2020)

cremeegg said:


> Just a tad condescending ?


On the contrary it comes from someone with personal knowledge of family members.


----------



## Thirsty (19 Aug 2020)

> Your mother and others who don't want to use 21st century technology can go to the Credit Union or Post Office.


That's neither reasonable nor fair.


----------



## cremeegg (19 Aug 2020)

Brendan Burgess said:


> From reading through this thread, it seems that BoI did not do anything wrong.
> 
> Brendan



??

They allowed their text number to be used by scammers !



Brendan Burgess said:


> If someone gives their pin in response to a text or email or cold call, they should not be reimbursed by the bank.



If the bank allows their text number to be used by scammers, ?


----------



## NoRegretsCoyote (19 Aug 2020)

Brendan Burgess said:


> Your mother and others who don't want to use 21st century technology can go to the Credit Union or Post Office.



My grandmother has been a BoI customer since the 1940s! She is also a nice source of zero-cost deposit funding for them.

Why on earth should *she* have to move her business?

BoI (to my knowledge) do not insist on use of physical card readers by current account customers. This is expensive and difficult to roll out of course but makes this kind of fraud *much* more difficult.


----------



## Brendan Burgess (20 Aug 2020)

cremeegg said:


> They allowed their text number to be used by scammers !



Hi cremeegg

I don't think that this is correct based on Romulan's post


Romulan said:


> A couple of people have explained to me how BOI systems were compromised and the texts came from BOI systems.
> 
> I have been unable to convince them otherwise, inc.  Mrs Romulan, even though she knows I deal with this stuff for a living.


----------



## EmmDee (20 Aug 2020)

Monbretia said:


> I use online banking myself but never on a phone but then again I'm more old school and am working on a computer every day so it's handier to use it.    Telling older people go to Post Office or CU is neither here nor there, not all are able to do this so online access is handy if they are able to use it, however it should be a bit more secure than having any scammer able to drop txts into a legitimate thread of txts from a bank or being able to make a call look like it's coming from any number they want.   It it can't be made more secure then txt system should not be used for important stuff in my opinion.   BOI in their statement to JD show (I think or statement to someone anyway) said they don't put anything of importance in the txt messaging system which contradicts the t&cs read out but if it's that unimportant why bother using it at all when it's a pathway for this stuff.



First off - the online banking app is probably more secure than the web. Less chance of redirection or spoofing. But that's by-the-by

They realise texts are not secure. That's why they specifically say never click a link in texts. They also say that they will use texts for notifications or warnings (as a one way push notification) or on questionable transactions you can respond BY TEXT to confirm a transaction. But they also point out that if there's a problem you should log in separately to online banking or call them and NOT CLICK ANY LINKS. They do use texts for important things like notifications - but not exclusively and not as a route for web links

Even using texts for two factor authentication is not secure and banks are moving away from them generally.




Ceist Beag said:


> As per , from the CEO Retail Ireland, Bank of Ireland in relation to this issue,
> 
> That's the closest thing to an admission that they were wrong that you will get from a bank!





Ceist Beag said:


> By refunding the customers the bank have accepted that the customers were not at fault here and they have admitted that their own processes were not adequate for protecting customers from such fraud.



I can pretty much guarantee you the funds were returned with no admission of liability at all - a goodwill gesture. The quote, as I read it, was closer to "ok ok - we'll tell people AGAIN to not click on links". I didn't read it as an admission or even close



cremeegg said:


> They allowed their text number to be used by scammers !
> ...
> If the bank allows their text number to be used by scammers, ?



They didn't allow their text number be used by scammers. Read what was said above. They had nothing to do with it. It's pretty easy to send a text or email that appears to come from another number / email


----------



## joer (20 Aug 2020)

They might not have allowed their number to be used by scammers but it was used . When people clicked on the link it brought up all their personel details exactly like their bank account would. So it seemed legit to them.


----------



## Sunny (20 Aug 2020)

I am still not sure why Brendan and others have such an issue with the Bank Of Ireland doing this. It is not like every victim of a scam is compensated every time by a bank. BOI obviously looked at the sophistication of this scam and realised that the people involved weren't completely stupid and had being caught out by a sophisticated scam. The bank decided to make a goodwill gesture to compensate customers while admitting their warning campaign about a threat that had been flagged for weeks could have been better. Sending texts and emails and having online campaigns about the treat of text, email and online scams is worthless and they know that. People are going on about creating moral hazard or something similar. Yes, because those people got their money back this time, they won't care if they get scammed again and I am going to share my details with people because I know the bank will compensate me if I lose money. It's nonsense.

If people have such an issue with what BOI did and feel as a more intelligent type of customer that they have been let down, then maybe they should take Brendan's advice and join the credit union or post office where apparently the issue won't arise.


----------



## EmmDee (20 Aug 2020)

joer said:


> They might not have allowed their number to be used by scammers but it was used . When people clicked on the link it brought up all their personel details exactly like their bank account would. So it seemed legit to them.



Just as your number or email could be used - or any number or email. It is not a security failure by the bank

When people clicked, did they not get a false login page (per the screenshot above). I've looked at reports and haven't seen any indication that clicking on the link brought up personal details - do you have other information or examples?


----------



## joer (20 Aug 2020)

But listening to the callers on Liveline all last week it did happen. One person said that she clicked on the link to unsubscribe and it brought up all her details. And as far as I can remember when a statement was read out saying that the bank actually do contact customers be text . That was when the bank agreed to reimburse their customers.


----------



## EmmDee (20 Aug 2020)

joer said:


> But listening to the callers on Liveline all last week it did happen. One person said that she clicked on the link to unsubscribe and it brought up all her details. And as far as I can remember when a statement was read out saying that the bank actually do contact customers be text . That was when the bank agreed to reimburse their customers.



I know there is a lot of "I heard someone on Joe who said when they clicked saw all their details" but I've failed to actually find any specifics. I haven't seen anyone actually confirm that is what happened to them with specifics.

The closest I can find is someone who received a text saying a payment was about to be made and to click a link to halt it - essentially a form of phising were a generic payment/transaction is quoted with the hope that somebody will click.

But are there any examples of people's actual details appearing either in the text or on the page when they click? It's an important distinction because if that actually happened it would indicate access to BOI data. But if it didn't happen, people should stop claiming the bank was hacked without evidence


----------



## EO2020 (20 Aug 2020)

Sunny said:


> Do you want to explain to my 75 year old mother why the URL in that screenshot is not a link to BOI



I could get my 79 year old mother to explain it to yours if you like? This idea that all elderly people are unable to use technology or have some sense is offensive. If you haven't helped your elderly mother to do these things, then you should have helped to her use a simpler form of banking, which contrary to your statements is easily available.


----------



## joer (20 Aug 2020)

Yes EmmDee but everyone had the same story , not just one or two. Also after people contacted the bank and told them after they clicked on the link and warned them of their suspicions and asked them to watch their Account , even days later there was money taken from their account They then got the letter from the bank saying that it was their own fault. Did you listen to Liveline?


----------



## Sunny (20 Aug 2020)

EO2020 said:


> I could get my 79 year old mother to explain it to yours if you like? This idea that all elderly people are unable to use technology or have some sense is offensive. If you haven't helped your elderly mother to do these things, then you should have helped to her use a simpler form of banking, which contrary to your statements is easily available.



Did I say every elderly person? So save your fake outrage. Good for your 79 year old mother. But not every 35 year old is the same and not every 79 year old is the same. Technology and the use of it comes easier to some people than others for numerous reasons. Doesn't mean one is more stupid than another or one lacks 'sense'.


----------



## EmmDee (20 Aug 2020)

joer said:


> Yes EmmDee but everyone had the same story , not just one or two. Also after people contacted the bank and told them after they clicked on the link and warned them of their suspicions and asked them to watch their Account , even days later there was money taken from their account They then got the letter from the bank saying that it was their own fault. Did you listen to Liveline?



No I don't. I've quickly looked at the reports of various callers and none of them report they clicked a link and it showed their account details. Nor do any of them say there was private information in the texts. They do recount generic phising wording ("You have a payment being actioned") but not accurate personal data. So (unless shown otherwise) I'm assuming the "hackers had access to BOI data" folk are misinterpreting what was said - but open to correction.

If people contacted the bank, they should have been advised to change their details - passwords, PIN numbers, personal access numbers etc. If they weren't advised this, it is an error on the bank's side. It could be argued the bank should have forced changes if they can. But as it didn't involve cards these couldn't have been locked.


----------



## Thirsty (20 Aug 2020)

EO2020 said:


> ...a simpler form of banking...


See my earlier post on trying to make a phone call to a bank and tell me how that is 'simple'


----------



## Brendan Burgess (20 Aug 2020)

joer said:


> But listening to the callers on Liveline all last week it did happen.



Ah sorry. I hadn't realised that. If a caller on Liveline said it happened, then that proves it's true.

Brendan


----------



## Brendan Burgess (20 Aug 2020)

EO2020 said:


> This idea that all elderly people are unable to use technology or have some sense is offensive.



Let's not go off topic here.

The majority of people who are demanding that bank branches be kept open because they do not like or do not have access to the internet are older people. 

But, of course, anyone of any age can fall for a scam.

Brendan


----------



## EO2020 (20 Aug 2020)

Sunny said:


> Technology and the use of it comes easier to some people than others for numerous reasons. Doesn't mean one is more stupid than another or one lacks 'sense'.



Banks have been saying for years and years never to click on a link in a text. Literally everyone should know that by now, its as basic as don't give anyone your pin. We can't absolve responsibility for people who don't even try to keep their account safe. 



Thirsty said:


> See my earlier post on trying to make a phone call to a bank and tell me how that is 'simple'



Then go in to the bank and speak to a real life person. There are still plenty of branches.


----------



## Brendan Burgess (20 Aug 2020)

I was just on AIB online banking now.  This message has been there since 11th August, but I didn't notice it as there are so many such warnings.

*Security alert 11th August 2020*
AIB will never ask you to click on a link via EMAIL or TEXT message to review or block transactions, reactivate or log in to your account.
AIB will never contact you requesting codes from your Card Reader, Card Details or log in information for any reason.
If you have provided any of this information, please contact us immediately


----------



## Thirsty (20 Aug 2020)

> Then go in to the bank and speak to a real life person. There are still plenty of branches.


Ha!  
1. You make an appointment through the call centre (see earlier post on the barriers there).
2. If you have mobility or transport issues getting to a branch quickly isn't as straightforward as you might imagine; particularly if you live in a rural area.
3. If you are looking at fraud or possible fraud, then you can't afford to wait.

I will say it again; we have no idea of the barriers faced by elderly people in the use of modern day customer service systems - and don't get me started on eir....


----------



## joer (20 Aug 2020)

There were very many callers to Liveline, so much so that it was covered for the week. People who did not hear it cannot really comment. By the way Brendan only for Liveline the Bank would have got away without having to refund their customers.


----------



## Jim2007 (20 Aug 2020)

Thirsty said:


> Ha!
> 1. You make an appointment through the call centre (see earlier post on the barriers there).
> 2. If you have mobility or transport issues getting to a branch quickly isn't as straightforward as you might imagine; particularly if you live in a rural area.
> 3. If you are looking at fraud or possible fraud, then you can't afford to wait.
> ...



So how much are you will to pay for this service?  Because that is what it comes down to at the end of the day.  Say a annual charge of €100 per account for all account holders under 65?


----------



## Thirsty (20 Aug 2020)

By the time a customer has reached their 80s, they have likely paid 6 decades of bank fees.

Companies move to these service models to save money and for no other reason; the least they can do is make their systems easier to use for customers who were children at a time when even TVs were unknown, never mind computers.


----------



## cremeegg (21 Aug 2020)

I said that BOI text number was used by scammers because I received the scam text from the BOI number.



Brendan Burgess said:


> Hi cremeegg
> 
> I don't think that this is correct based on Romulan's post



Romulans post seems to disagree with this but makes no effort to explain. It’s no wonder even his wife doesn’t believe him.


----------



## jpd (21 Aug 2020)

It is quite easy for a hacker, or, indeed, anyone with some technical knowledge of IT, to insert a number into the text message header so that it appears that the text came from a different number to the number used to send the text.


----------



## Early Riser (21 Aug 2020)

cremeegg said:


> I said that BOI text number was used by scammers because I received the scam text from the BOI number.



Not quite. I recall you said that BOI *allowed* their text number to be used by scammers.



cremeegg said:


> They *allowed* their text number to be used by scammers !
> 
> If the bank *allows* their text number to be used by scammers, ?


----------



## DublinHead54 (21 Aug 2020)

EO2020 said:


> I could get my 79 year old mother to explain it to yours if you like? This idea that all elderly people are unable to use technology or have some sense is offensive. If you haven't helped your elderly mother to do these things, then you should have helped to her use a simpler form of banking, which contrary to your statements is easily available.



I agree it is offensive. I actually think the older generation / elderly are less trusting of technology which is confused with not understanding technology. The younger generations (myself included) are far more trusting and accepting of technology.

My view is that Bank customers should save themselves from scams and that Banks should support them in doing so. Banks can take care of the technical aspects of cyber security / fraud. However, many of these scams are just variations of social engineering / phishing and will always require a conscious decision which is heard to systematically protect.

I am also of the opinion that If I get a speeding ticket, I can't say that the car manufacturer is to blame for making a car that lets me speed. 

I could also argue that the government should be running campaigns to educate people on cybersecurity.


----------



## EmmDee (21 Aug 2020)

joer said:


> There were very many callers to Liveline, so much so that it was covered for the week. People who did not here it cannot really comment.



Absolutely I can comment - I can also spell correctly. 

It doesn't matter how much Joe talked about it on Liveline. The initial premise was that hackers had personal details of customers and therefore the customers weren't at fault because when they clicked, they saw information that only the bank should have and reasonably assumed they were connected to the bank. I'm only saying that there has been no evidence to support that claim that I have seen and that was has been reported to date looks like a general phising campaign that is seen regularly and the basic advice stands - don't click on links from unsolicited emails or texts. Initiate your own connection to a bank website.

Joe can talk about it for a month - doesn't change the situation. If there is actual evidence or even a claim that personal data was included in the texts or via the link in the text, then it is a serious breach of BOI security. If not, these folk were victims of an impersonation scam


----------



## EmmDee (21 Aug 2020)

cremeegg said:


> I said that BOI text number was used by scammers because I received the scam text from the BOI number.



You actually didn't - you received the scam text from another source but it was packaged up to look like it came from the BOI number.

If people really want a windmill to tilt at, their ire would be better aimed at telecoms who can presumably see widespread "marketing" texts being sent across their networks and might be able to identify where a sender number has been altered or is not the same as the actual sender (not sure about the second part of that)


----------



## cremeegg (21 Aug 2020)

EmmDee said:


> If there is actual evidence or even a claim that personal data was included in the texts or via the link in the text, then it is a serious breach of BOI security. If not, these folk were victims of an impersonation scam



How did the scammers use the banks text number to send the messages. If they were able to get the banks details to do so that is a serious breach of BOI security. 

Some posters suggest that it is a simple matter to send a text from one number that appears to come from another.



jpd said:


> It is quite easy for a hacker, or, indeed, anyone with some technical knowledge of IT, to insert a number into the text message header so that it appears that the text came from a different number to the number used to send the text.



I don't find this convincing, if it were a simple matter that could be done without access to the banks details, surely it would happen more often.


----------



## odyssey06 (21 Aug 2020)

cremeegg said:


> How did the scammers use the banks text number to send the messages. If they were able to get the banks details to do so that is a serious breach of BOI security.
> Some posters suggest that it is a simple matter to send a text from one number that appears to come from another.
> I don't find this convincing, if it were a simple matter that could be done without access to the banks details, surely it would happen more often.



It's very easy to imitate the sending number - it seems more a flaw in SMS system than anything re: banks in particular.

And even easier to spoof a the sending email address. I have done that myself easily enough.
I remember ructions in a previous employer when a colleague 'pranked' another colleague by sending an email pretending to be from HR...


----------



## jpd (21 Aug 2020)

cremeegg said:


> How did the scammers use the banks text number to send the messages. If they were able to get the banks details to do so that is a serious breach of BOI security.
> 
> Some posters suggest that it is a simple matter to send a text from one number that appears to come from another.
> 
> ...


I didn't say easy to access bank details - that was obviously something deeper. I merely said spoofing the number the text came from - a quick google search will show you how it is done


----------



## joer (21 Aug 2020)

The bottom line is that the bank have agreed to refund all the money , all because of Liveline. End of story..


----------



## Sunny (21 Aug 2020)

Dublinbay12 said:


> I agree it is offensive. I actually think the older generation / elderly are less trusting of technology which is confused with not understanding technology. The younger generations (myself included) are far more trusting and accepting of technology.
> 
> My view is that Bank customers should save themselves from scams and that Banks should support them in doing so. Banks can take care of the technical aspects of cyber security / fraud. However, many of these scams are just variations of social engineering / phishing and will always require a conscious decision which is heard to systematically protect.
> 
> ...




Banks spend vast amounts of money every single year to ensure that their own employees are educated on IT security and especially around phishing scams and the dangers of social media. There is a regulatory requirement that every single bank employee at every single level of the organisation is told how to identify spoof URL's, dangers of opening links, password security and even putting personal information on social media. And they need to do it EVERY SINGLE YEAR. The banks do that not because they think that their employees are too stupid to understand basic security, it is because people get complacent around these things. They click and open things they shouldn't. They don't check internet site addresses properly. They don't check e-mail addresses properly. 
So banks and other financial institutions are forced to spend time and money on making sure they have done all they can to ensure that their employees understand the risks. After that and an employee opens an e-mail from a porn site that infects his PC or acts on an instruction from a dodgy e-mail, then they can't say they weren't told. Every single employee is made to sign off that they have done the course and passed a basic test.

Meanwhile banks are closing physical branches and forcing all customers into other banking channels like online and phone banking. There is nothing wrong with this business model but it does introduce increased risk of fraud. The fact of the matter is that some people of all ages are better with technology than others. Banks have customers that have banked with them for 40-50 years and might barely own an old style nokia phone. They have younger customers who are uncomfortable with technology for a number of reasons. It is well established that banks have a duty of care to their customers. Online banking and other channels are great but they have a responsibility to ensure that the people who use them understand the risks and how they need to be used. Just like they would with any investment. Sending out text warnings or email warnings or putting warnings on twitter is useless as they don't reach the people that most need to hear the warnings or help on using the system. 

Even BOI have admitted that they have work to do in this regard but people here seem to think it is offensive that a bank would admit that and that all the 'stupid' people should just run off to 'simpler' banking with their savings books and cash lodgements and withdrawals. 

If this leads to BOI and the other banks taking a more proactive stance in warning people about these scams and helping them understand the risks, then I certainly don't know why anyone on a so called consumer website would have an issue with it.


----------



## Early Riser (21 Aug 2020)

Sunny said:


> Online banking and other channels are great but they have a responsibility to ensure that the people who use them understand the risks and how they need to be used. Just like they would with any investment. Sending out text warnings or email warnings or putting warnings on twitter is useless as they don't reach the people that most need to hear the warnings or help on using the system.



But how ? 
Do you think people read and absorb more from a generic warning sent to the post? I may be wrong but I believe these are sometimes included with normal correspondence from banks (eg, when getting a new card). I suspect lots of people don't read these and of those who do the details are forgotten after a month or so. People absorb the message "don't fall for scammers on the internet" and "don't give your details" but it does not protect them from very clever scammers who convince them they are legit. Confidence trickers and fraudsters have always existed but technology gives them a whole new reach. As you say, scammers target everyone they can reach and anyone can be scammed.


----------



## EmmDee (21 Aug 2020)

cremeegg said:


> How did the scammers use the banks text number to send the messages. If they were able to get the banks details to do so that is a serious breach of BOI security.



It's really quite easy. It's not a breach of BOI security at all. It's a "feature" of SMS and emails - virtually no security about them at all.



cremeegg said:


> Some posters suggest that it is a simple matter to send a text from one number that appears to come from another.
> 
> I don't find this convincing, if it were a simple matter that could be done without access to the banks details, surely it would happen more often.



It happens a lot. And if you don't find it convincing, wait till you hear what else can be done with texts and text traffic - this is actually the most basic straightforward scam


----------



## Sunny (21 Aug 2020)

Early Riser said:


> But how ?
> Do you think people read and absorb more from a generic warning sent to the post? I may be wrong but I believe these are sometimes included with normal correspondence from banks (eg, when getting a new card). I suspect lots of people don't read these and of those who do the details are forgotten after a month or so. People absorb the message "don't fall for scammers on the internet" and "don't give your details" but it does not protect them from very clever scammers who convince them they are legit. Confidence trickers and fraudsters have always existed but technology gives them a whole new reach. As you say, scammers target everyone they can reach and anyone can be scammed.



Post is a waste of time as well. You have Banks that still suffer from fraud every single year through employees not doing doing what they should. No system is foolproof. However, if go on to BOI and decide to join BOI online because the bank wants me to, they tell me I can be set up in 5 minutes which is great but they offer nothing else. They have this great section here in another great section around internet security. I had to go looking for it though which is fine for me. I know where to look. Is it that much trouble for banks to ensure that people are given this information when they sign up? That they given a security awareness course that they can do once a year if they like. Is it too much trouble to have people in branches to help show people how to use the system? Have a demo version that people can get used to? Especially people that don't feel as comfortable as other people. Banks do a good job in trying to protect people but I think there is always room for improvement. 









						Help For Older People - Bank of Ireland Group Website
					

For those of us that didn’t grow up using computers every day they can sometimes seem confusing and more than a little scary, but that’s no reason not to use them. Computers and the internet open up a world of information and experiences to all age groups, allowing us to…




					www.bankofireland.com


----------



## cremeegg (21 Aug 2020)

EmmDee said:


> It's really quite easy. It's not a breach of BOI security at all. It's a "feature" of SMS and emails - virtually no security about them at all.



If sms and email is really so insecure, and I have no knowledge to the contrary, then it is a serious fault of the banks that they use them for what should be secure communication.

BOI send transaction verification codes via text message.


----------



## EO2020 (21 Aug 2020)

This idea that huge amounts of education is needed re cybersecurity is insane. It's the exact same advice it has always been, which is constantly repeated, that even my small children and aged relatives can tell you.....you never click on a link in a text, especially from a bank. Ever. It doesn't take a degree in IT, it doesn't need an advertising campaign. 
If you don't know this basic thing by now then you will never know it. Some people can't be taught.


----------



## Sunny (21 Aug 2020)

EO2020 said:


> This idea that huge amounts of education is needed re cybersecurity is insane. It's the exact same advice it has always been, which is constantly repeated, that even my small children and aged relatives can tell you.....you never click on a link in a text, especially from a bank. Ever. It doesn't take a degree in IT, it doesn't need an advertising campaign.
> If you don't know this basic thing by now then you will never know it. Some people can't be taught.



Tell that to the financial regulator then..... The banks will be delighted to reduce their compliance burden. They will be especially delighted to know that clicking on a link is the only scam out there. 

In the meantime, don't let yourself or your super intelligent small children fall off that moral high ground you are currently occupying....


----------



## EmmDee (21 Aug 2020)

cremeegg said:


> If sms and email is really so insecure, and I have no knowledge to the contrary, then it is a serious fault of the banks that they use them for what should be secure communication.
> 
> BOI send transaction verification codes via text message.



Banks (and other services) have historically used SMS as a second factor security but it has long been seen as flawed. Banks are moving away from them and most other services are moving to alternatives - ideally you should remove texts as a second factor for everything and use an alternative second factor.

Banks don't use texts for secure communication (i.e. two way). They don't use them to initiate interaction (i.e. links). They use them for push notifications only. But they are flawed.


----------



## DublinHead54 (21 Aug 2020)

EmmDee said:


> Banks (and other services) have historically used SMS as a second factor security but it has long been seen as flawed. Banks are moving away from them and most other services are moving to alternatives - ideally you should remove texts as a second factor for everything and use an alternative second factor.
> 
> Banks don't use texts for secure communication (i.e. two way). They don't use them to initiate interaction (i.e. links). They use them for push notifications only. But they are flawed.



EmmDee, 

Under SCA (Strong Customer Authentication) I have noticed that banks like KBC are using texts to verify transactions. This is a relatively new introduction to my knowledge is this just a case of them lacking a better infrastructure to have implemented something better under SCA?


----------



## DublinHead54 (21 Aug 2020)

Sunny said:


> Banks spend vast amounts of money every single year to ensure that their own employees are educated on IT security and especially around phishing scams and the dangers of social media. There is a regulatory requirement that every single bank employee at every single level of the organisation is told how to identify spoof URL's, dangers of opening links, password security and even putting personal information on social media. And they need to do it EVERY SINGLE YEAR. The banks do that not because they think that their employees are too stupid to understand basic security, it is because people get complacent around these things. They click and open things they shouldn't. They don't check internet site addresses properly. They don't check e-mail addresses properly.
> So banks and other financial institutions are forced to spend time and money on making sure they have done all they can to ensure that their employees understand the risks. After that and an employee opens an e-mail from a porn site that infects his PC or acts on an instruction from a dodgy e-mail, then they can't say they weren't told. Every single employee is made to sign off that they have done the course and passed a basic test.
> 
> Meanwhile banks are closing physical branches and forcing all customers into other banking channels like online and phone banking. There is nothing wrong with this business model but it does introduce increased risk of fraud. The fact of the matter is that some people of all ages are better with technology than others. Banks have customers that have banked with them for 40-50 years and might barely own an old style nokia phone. They have younger customers who are uncomfortable with technology for a number of reasons. It is well established that banks have a duty of care to their customers. Online banking and other channels are great but they have a responsibility to ensure that the people who use them understand the risks and how they need to be used. Just like they would with any investment. Sending out text warnings or email warnings or putting warnings on twitter is useless as they don't reach the people that most need to hear the warnings or help on using the system.
> ...



I think you need to understand the rapid evolution of these frauds, that comment on regarding opening a porn website. Many of those trojan virus like the one that impacted the NHS only started appearing in the 2010s. 

In my exeprience 'phishing and email' fraud training only came in 2 years ago in my employer.


----------



## EmmDee (21 Aug 2020)

Dublinbay12 said:


> EmmDee,
> 
> Under SCA (Strong Customer Authentication) I have noticed that banks like KBC are using texts to verify transactions. This is a relatively new introduction to my knowledge is this just a case of them lacking a better infrastructure to have implemented something better under SCA?



Sending a code by text that you have to input onto the screen is actually quite old - though KBC might have only introduced it recently. Either way, it will be phased out soon and the challenge will be sent a different way - probably using notifications from the app rather than a text message which makes it a lot more secure. App notifications can't be intercepted while text messages can. But there is also likely to be a lot of behind the scenes verification happening - location of purchase being the same as location of phone... that type of thing


----------



## Jim2007 (21 Aug 2020)

Thirsty said:


> By the time a customer has reached their 80s, they have likely paid 6 decades of bank fees.
> 
> Companies move to these service models to save money and for no other reason; the least they can do is make their systems easier to use for customers who were children at a time when even TVs were unknown, never mind computers.



This is just total nonsense!  Customers paid for a service that they used and just like the newsagents are not obligated to give you free newspapers after you bought your paper from every day for 20 years, neither are banks nor any other business required to give you stuff for free.  Your sense of entitlement is just unbelievable.


----------



## Brendan Burgess (21 Aug 2020)

Jim2007 said:


> Your sense of entitlement is just unbelievable.



Jim it's totally believable. It's widespread in this country.

"I paid my taxes for years and now I want a very high pension whether or not we can afford it."

"30 years working for that company and I have nothing to show for it?"  To which I always reply: "Were you not paid every week?" 

So it's not unusual for someone to say I have paid bank charges for 30 years so they should keep their local branch open for me or compensate me if someone tricks me into parting with my money.

Brendan


----------



## Thirsty (21 Aug 2020)

*My* sense of entitlement!?

I'm delighted to tell you that I'm not yet of retirement age, never mind being considered of an older age group, nor yet of a generation for whom, as children,  TVs were unknown.

I trust that by the time ye find yourself hard of hearing, with limited mobility, poor eyesight, failing memory and possibly limited means, that you find more human decency from other people than is being shown here.

Or maybe we'll just put ye on a flight to Switzerland and not have the burden of ye any more.


----------



## roker (31 Aug 2020)

joer said:


> I have heard many times about people who were "persuaded" to give their personal details and I always said "how stupid these people were to give their details" but this came from a recognised BOI number. When they clicked on the link all their details were presented before them . Everyone who I heard speak about this last week , even one person who was trained to watch out for this kind of behavior got caught by this scam. It was not stupid people at all.


can I add it is not just online banking, the scams come via the phone as well


Jim2007 said:


> So how much are you will to pay for this service?  Because that is what it comes down to at the end of the day.  Say a annual charge of €100 per account for all account holders under 65?


isn't the whole point of online banking to make the whole process cheaper, but now there is ever more charges


----------

