Aardvark DailyNew Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.
Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk
Please visit the sponsor!
The internet and banking are uncomfortable bedmates.
Sure, being able to whip out our phone, check your accounts, transfer money around and do all sorts of things that may previously have required you to deal with "a real personTM" is hellish convenient but it's also wickedly risky.
When you use internet banking, your phone or your computer become an open door to your accounts. All your liquid wealth is just a few keystrokes away and although that's a huge risk.
As Team New Zealand and many others have discovered to their cost.
According to this RNZ story, Team New Zealand lost an undisclosed amount of money by falling victim to one of the most popular scams on the internet.
Apparently, somewhere along the line, the bank account into which they were supposed to be depositing a sizeable chunk of change was altered and those funds ended up going into the wrong account.
Most often, this occurs when scammers have installed spyware on a computer and thus become privy to a transaction that is about to be settled by way of direct funds transfer. Those scammers then fake an email which appears to be from the company or individual that is about to be paid. In that email they advise that the account number has been changed and that the funds should be deposited into the "new" (aka wrong) account.
Sadly, far too many people don't bother to double-check with a simple phone call, just to confirm that the new account is legit, and thus the scammers end up with the money.
We don't know if that's what happened in the case of Team NZ but unless there was someone on the inside who deliberately changed the account number in favour of another party, I'd wager it was that simple.
So here's my concern...
Why is there only "one factor" authentication in internet banking payments?
When I make a payment to someone via my online banking facility, I'm only asked for the account number.
Sure, I can input extra info that will appear on the recipient's statement and on my own statement but there is no requirement to enter an account name or anything else that would serve as a second tier of authentication that the money will be going to the correct party.
It's this lack of two-factor authentication that makes these scams possible and it would be so very easy to fix.
Why the hell isn't it fixed?
Not only is the present system open to exploitation by scammers but it's also a right royal pain in the posterior for someone who accidentally transposes a couple of digits or mis-types an account number. Dyslexics beware!
And, if you do accidentally get it wrong, the bank wont do much to help you... after all, they simply did exactly what you asked them to: transfer x$ from your account to the account number you typed in. "Not our fault, not our problem" seems to have been their response in some cases.
Let's not forget also that our privacy laws can make it impossible for you to even find out who actually may have accidentally received a windfall if you make a mistake -- the bank certainly won't tell you. If the inwitting recipient doesn't report the mistake to the bank then what are you going to do?
So come on banks... get your act together!
How hard can it be to ask not only for the account number but the name of the account and then make sure that both bits of data match before transferring the money?
In the case of these scams, the money is often redirected to a "mule" account belonging to some unwitting dupe who has been told that they are part of a business arrangement that pays them a commission for "clearing" funds. The names of those accounts will never match the actual intended recipient so this simple matching system would stop a lot of the fraud that currently goes on.
In the case of Aunt Maude sending $100 do her nephew on his birthday it would save much anxiety and disappointment when the money never turned up because an arthritic old finger hit the wrong key when typing in a long series of digits.
So readers, have you ever had any problems with money going into the wrong account?
Do you do what I do with *very* large transfers... transfer a single dollar first and confirm with the recipient by phone that they have received it, before tranferring the full amount.
Or am I just paranoid? :-)
Please visit the sponsor!
Have your say in the Aardvark Forums.