Stolen laptops - bord gais

Kine said:
What information IS needed to withdraw money, cash a cheque etc from an account?
Click to expand...
Proof that you're you or that you have something that only you can legitimately have.

As has been pointed out, any number of persons could legitimately have the details on the Bord Gais laptop.

You could initiate a Direct Debit using those details, but I can't think of any situation were an impostor could do this and get away with it.
 
Kine said:
What information IS needed to withdraw money, cash a cheque etc from an account?
Click to expand...

According to you just the details that are on the bord gais laptop. As you said "Simply put, they have EVERYTHING they need to access my joint a/c ".
 
Got the letter yesterday myself - I'll be keeping an eye on the joint account (for now and for months and months to come -if I was a dodgy crim in possession of these laptops, I'm pretty sure I'd have the intelligent enough not to use the info until it was long forgotten by the press and account holders).

I'm not too worried to be honest, but like others I'm pretty peeved that this could be allowed to happen in the first place.

I had a situation last year whereby an account I opened in my student days and hadn't used for 8+years had a 'paperless' direct debit set up against it by a UK based charity.
I only found out about this when I received my first peice of correspondence from same bank in years, stating that my account was overdrawn! I was shunted back and forth between charity and bank, both claiming the other was responsible and this DD couldn't be cancelled without the authority of the other, despite them being able to SET UP THE DAMN THING IN THE FIRST PLACE without my authority!
Turned out that someone had hit the wrong number on the keypad - and the person who had 'really' set up the DD had an almost identical a/c number as me, bar one number.
So, its that easy!

Needless to say, as a result, I will never do business for same bank again, particularly given the absolute derision I was subject to from the bank manager.
 
I had a situation last year whereby an account I opened in my student days and hadn't used for 8+years had a 'paperless' direct debit set up against it by a UK based charity.
I only found out about this when I received my first peice of correspondence from same bank in years, stating that my account was overdrawn! I was shunted back and forth between charity and bank, both claiming the other was responsible and this DD couldn't be cancelled without the authority of the other, despite them being able to SET UP THE DAMN THING IN THE FIRST PLACE without my authority!
Turned out that someone had hit the wrong number on the keypad - and the person who had 'really' set up the DD had an almost identical a/c number as me, bar one number.
So, its that easy!
Click to expand...
See why people should be worried. The banks allow this to happen.
 
aristotle25 said:
According to you just the details that are on the bord gais laptop. As you said "Simply put, they have EVERYTHING they need to access my joint a/c ".
Click to expand...

Well excuse me for not knowing the exact details needed for accessing my account, I do everything on-line so am unaware of what is/is not used when using bank account details. I'll now go to the "Letting of Steam" forum to vent my frustrations...oh wait....
 
bond-007 said:
See why people should be worried. The banks allow this to happen.
Click to expand...

Well not quite, because as explained it turned out that someone entered a wrong account number by mistake. It was human error rather than a failure in the process\authorisation.
 
I'm pretty staggered to read about this. I work in IT for a public agency and I just can't figure out how this kind of shoddy practise is allowed to develop. There are a lot of unanswered questions (that we are unlikely to ever get answers to) but we should be asking.

1. Why were the details in question on a laptop which is obviously easier to steal than a desktop?

2. If the laptop was needed for mobility then why was the laptop not encrypted? This is neither difficult nor expensive to do. Nor is your hard drive a write-off if you wrong guess the password a couple of times but it can only then be unlocked by a systems administrator. Hard drive encryption is not necessarily infallible but it makes the job of extracting the data incredible difficult - to the point of it simply not being worthwhile.

3. Why is such important data even being stored locally at all? Apart from consistency problems if there are changes to customer details, very few employees should need access to what appears to be their entire customer database.

It is also immediately clear that apart from this particular security breach, neither IT nor management have any "control" of data in the organisation. They do not know who is looking at what items of data and when and what they are doing with them. I'm not entirely sure because it's not my area but is there a potential breach of data protection laws here, since every organisation should be able to tell you not only what data they hold about you but what changes were made to it, who accessed it and when?

It also raises the question of whether the data is adequately secure from tampering within the organisation? I mean is the "master list" of customers just a password-locked excel spreadsheet on a share drive somewhere, or is there a genuine enterprise level database with all the necessary replication, redundancy, integrity and disaster recovery capabilities we might expect?

If there is, then again I ask - why is all this sensitive data being stored locally by users in such a haphazard fashion?

Incidentally, these details are more than enough to move money out of your bank account. Jeremy Clarkson had to eat humble pie after he published his bank a/c details as a backlash to scare-mongering over a similar scandal in the UK. A user signed him up to a monthly donation to a UK charity. Hopefully, he kept the direct debit as a monthly reminder that data is valuable and should be treated with care.
 
room305 said:
Jeremy Clarkson had to eat humble pie after he published his bank a/c details as a backlash to scare-mongering over a similar scandal in the UK. A user signed him up to a monthly donation to a UK charity. Hopefully, he kept the direct debit as a monthly reminder that data is valuable and should be treated with care.
Click to expand...
That is interesting. It seems to confirm that DDs are the only possibility for misuse of these details. The safeguard would seem to be that DDs can only be set up to companies who supply services to the named person and address, such as utilities and, for example, credit card accounts.

Except it also seems that charities can also avail of DDs. There is of course no gain to the originator of such a DD but this is a tad less convincing protection. Banks should really confirm in writing very time a DD is originated.
 
It is not possible to originate a DD without an Originators Authorisation Code issued by your bank.

These are very difficult to obtain and most cretainly would not be issued to any individual without provision of details of their business, previous banking history etc.
 
callybags said:
It is not possible to originate a DD without an Originators Authorisation Code issued by your bank.

These are very difficult to obtain and most cretainly would not be issued to any individual without provision of details of their business, previous banking history etc.
Click to expand...

what does this mean ? I just filled in a DD slip last week with my bank a/c details and i could have filled anyones in on it. How is that difficult to obtain ?
 
It is the utility company who has to initiate the DD to take money from your account.

The DD slip you filled out is only of use if the company has an Originators Authorisation Code.

If you gave the signed slip to me there is nothing I could do with it to get money from your account as I am not authorised to initiate direct debits.
 
callybags said:
If you gave the signed slip to me there is nothing I could do with it to get money from your account as I am not authorised to initiate direct debits.
Click to expand...

What if you set up a legitimate charity and then applied for one?
 
You must log in or register to reply here.
Back
Top