There is only one problem. He is a fraudster who has “vished” (voice phishing via the phone to steal credit card numbers and other sensitive information) for the real NatWest customer’s login details and the money is destined for an account he has established.
The fraudster has initially approached the genuine customer in the guise of a pay-for TV service, asking for details of the customer’s online banking and card reader details in return for a £90 payment from the TV service. The customer did not use online banking, but unwittingly surrendered sufficient details of his account for it to be compromised.
RBS Group operates a huge anti-fraud operation to protect customers, covering mobile, online, credit card and branch banking. Fraud prevention measures range from the every day use of chip and pin to sophisticated software which the bank provides free of charge to customers to ensure their online banking cannot be breached.
It deals with about 7,000 credit card fraud prevention cases a week and monitors accounts so that if anything suspicious occurs the customers can be put in touch with the right team.
Colin Cowan, Head of Fraud, Operational Risk for RBS Retail, says: “Our controls are strong provided customers keep their details secure.”
However, if fraudsters manage to circumnavigate these measures, the Group employs four teams of people to take customer calls 24/7 relating to suspected fraud and security issues.
And if you lose money through fraud, it need not be a disaster. Cowan says: “We refund customers who are victims of banking fraud and where they are not at fault, but customers really must be vigilant too.”
In the case of the customer above, his account was recompensed, RBS alerts stopped further fraudulent payments going through, and the customer was asked to go into his local branch with photo ID to enable the account to be activated again with new security details.
In Greenock, Scotland, the 30 members of the mortgage fraud team check out applications that have been flagged up for further investigation. This happens either because an RBS Group mortgage underwriter has concerns or because details of the borrower, solicitor or mortgage broker involved match those filed by another lender on a database that lists people found to be or suspected of being fraudulent.
Patricia Horley, a member of the mortgage fraud team, is checking out an application made to NatWest after being rejected by another lender. It seems from the information on the database that someone has stolen the applicant’s identity, as two addresses in completely different locations exist for this person. The occupant of one address has all the normal paraphernalia of everyday life filed against his name - bill payments, a credit record and he is registered to vote. The other has nothing.
“We wrote to the customer asking for proof of identity and residence to be taken into his local branch. They have confirmed the customer is the person pictured on the ID, then scanned and sent it to us,” says Horley. She checks the ID – the customer’s passport – through an identity verification service and decides all is fine. The customer will get his remortgage after all.
RBS Group was the first banking organisation to provide downloadable software called Trusteer Rapport free of charge to customers. Trusteer Rapport is designed to prevent malicious software or malware from manipulating webpages, and works alongside anti-virus software and firewalls.
But Neil Fleming, a member of the RBS eCrime team, says while installing anti-virus software is a sensible measure, “banking trojans have become increasingly sophisticated, and the method which anti-virus uses to detect threats is not necessarily agile enough”.
Rapport works differently and is specifically dedicated to detecting banking trojans.
It prevents keystroke logging and screenshot capture, and locks down the browser. It checks that the banking site the customer is trying to logon to is genuine, stops the theft of login ID, passwords and other sensitive information, and prevents malware from tampering with customers’ transactions – even if the computer is infected with a trojan.
RBS Group customers have downloaded Rapport more than 8 million times since 2008.
But malware can arrive on your computer through a wide range of routes, including opening an attachment or file such as a video or picture message, through using software targeted by criminals such as Java, or by looking at the web pages of companies whose computers have been infected.
Fleming says: “They will often use the names of large name retailers or other household names and these messages may take the form of a bill for goods the customer never ordered. All part of the process to get the customer to open the file.”
However customers should not allow this to deter them from using a very convenient a secure service – provided it is used correctly. Fleming points out that several million people use RBS Group online services on a daily basis, and “the amount of fraud we see is actually incredibly low”.
“The precautions customers need to take are actually very simple, and if they take them, they’ll be absolutely fine,” he adds.
Fleming suggests the following actions to help protect your computer from infection and keep your accounts safe:
- Keep all the software on your computer up to date, especially Java, Flash and Adobe Acrobat.
- Do not automatically open unsolicited attachments. Attacks have become much more sophisticated, so don’t assume that if a message with an attachment is correctly spelt and grammatical that it must be genuine.
- Keep passwords unique for each service you use. This is particularly critical for email - if a fraudster gets access to your email, they have access to your life.
- Download Rapport. It’s free, easy and quick to install and use, and could save you endless problems.
- Do not give your login details, PINs, card reader details or any other sensitive information in response to unsolicited calls or emails. A bank would never ask for information in this way.
To find out more about the measures RBS Group takes to protect customers, visit Fraud prevention.