Bank scams security

[kiora]

Just had a cold call on my mobile from someone saying they are from NZ Assist

They stated they call on behalf of staircase NZ

https://www.staircase.co.nz/?utm_sou...d=GBP_Auckland

Any one else had a call or am I the lucky one???

[stoploss]

Just had a cold call on my mobile from someone saying they are from NZ Assist

They stated they call on behalf of staircase NZ

https://www.staircase.co.nz/?utm_sou...d=GBP_Auckland



Any one else had a call or am I the lucky one???

Staircase are legitimate check out the FSPR register if in doubt about anyone ...( prob trying to sell you an investment property)

https://fsp-app.companiesoffice.govt...33111710446516

[Entrep]

What I don't get about these bank scams, is how the money is usually unrecoverable. Everyone with a bank account, globally, should have KYC done, so what's the issue? Especially with large amounts, it makes sense to chase it...

At least with blockchain, the finality of a transaction is by design. With banks, if you make a mistake or are scammed, there is no protection.

[Perky]

I’ve always wondered why the bank holds all the security codes and security questions which they use to identify a legitimate customer but the customer has nothing to identify the bank?

With all the phone and internet scams I wonder if a solution is that a customer has a unique code or security question attached to their accounts.

When the bank wants to contacts a customer…the first thing the customer asks the person on the phone for is the code or security question. If they can’t answer it’s obviously a scam.

Probably not perfect but you’d think this would nip a lot of the scams in the Bud?

Just an idea flopping around in my head.

[Grimy]

Knowing human nature the scammers would then probably still phone and say something along the lines of 'We think your account has been compromised. To verify your identity so we can unlock your account, please provide the answer to the security question identifying us as your bank, and your password". I bet they'd still get people divulging the answers.......

[warthog]

I’ve always wondered why the bank holds all the security codes and security questions which they use to identify a legitimate customer but the customer has nothing to identify the bank?

Because banks are inherently self-trusting i.e. internally trust is assumed to almost be 100% but the world outside is 0%.

Another reflection of this is banks, weary of their customers having their phone number (imagine that! Your customer being able to contact you! Crazy idea, right?), they almost always call from a withheld number.

With all the phone and internet scams I wonder if a solution is that a customer has a unique code or security question attached to their accounts.

When the bank wants to contacts a customer…the first thing the customer asks the person on the phone for is the code or security question. If they can’t answer it’s obviously a scam.

Some security-minded businesses do this. Those who do not either do not care, are incompetent, or don't want to deal with the customer issues that can arise (or some combination).

Probably not perfect but you’d think this would nip a lot of the scams in the Bud?

Broadly, the hog agrees. Simple security is good security, but this is contingent on smart security people and a business that cares about actual results as opposed to just enough to cover their collective arses.

[warthog]

Knowing human nature the scammers would then probably still phone and say something along the lines of 'We think your account has been compromised. To verify your identity so we can unlock your account, please provide the answer to the security question identifying us as your bank, and your password". I bet they'd still get people divulging the answers.......

Yes but this isn't how to look at security in the hog's view. You can't dismiss a layer of security that would add to overall security simply by saying it could potentially fail in the same way as the current situation.

[warthog]

What I don't get about these bank scams, is how the money is usually unrecoverable. Everyone with a bank account, globally, should have KYC done, so what's the issue? Especially with large amounts, it makes sense to chase it...

At least with blockchain, the finality of a transaction is by design. With banks, if you make a mistake or are scammed, there is no protection.

It is unrecoverable in many cases because the destinations are compromised accounts with cards associated with them. USD100k hits a compromised account that has two associated cards and immediately those cards are used to withdraw cash and spend all over town, as well as transfer lots of USD10-20k to yet more compromised accounts, which are of course burned once the money is gone.

Blockchain is essentially a data structure. It has no inherent security, finality or any other quality other than its structure.

[Grimy]

Yes but this isn't how to look at security in the hog's view. You can't dismiss a layer of security that would add to overall security simply by saying it could potentially fail in the same way as the current situation.

I agree. The more measures in place the better-I wasn't dismissing the idea-just saying a lot of people would probably still hand over the information without thinking......
I like Rabobank's digipass that generates a second random number that you input after first getting into your account with a password as the 2 factor authentication. Takes a few extra seconds, but pretty secure I would have thought and that's just to get into your account, you then have to use it again for another code for any withdrawal. If people get scammed through that procedure then they probably shouldn't be allowed to handle their own finances....

[Jay]

Most banks have something similar to Rabobank, whether it is a token, a text to the phone etc.
The scammers just ask something along the lines of we will need the code being sent to your phone to unlock your account.
Trouble is, I believe, most of the people scammed don't know what the code is for, they only know they have to enter it all the time and of course it is the "bank" ringing me trying to protect my money, catch a staff an errant member etc!