Advertisement
UK markets close in 7 hours 13 minutes
  • FTSE 100

    7,718.99
    -3.56 (-0.05%)
     
  • FTSE 250

    19,468.98
    -17.55 (-0.09%)
     
  • AIM

    736.63
    0.00 (0.00%)
     
  • GBP/EUR

    1.1696
    -0.0008 (-0.07%)
     
  • GBP/USD

    1.2687
    -0.0041 (-0.32%)
     
  • Bitcoin GBP

    50,243.64
    -3,175.37 (-5.94%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     
  • S&P 500

    5,149.42
    +32.33 (+0.63%)
     
  • DOW

    38,790.43
    +75.63 (+0.20%)
     
  • CRUDE OIL

    82.62
    -0.10 (-0.12%)
     
  • GOLD FUTURES

    2,156.10
    -8.20 (-0.38%)
     
  • NIKKEI 225

    40,003.60
    +263.20 (+0.66%)
     
  • HANG SENG

    16,529.48
    -207.62 (-1.24%)
     
  • DAX

    17,960.60
    +27.92 (+0.16%)
     
  • CAC 40

    8,156.52
    +8.38 (+0.10%)
     

New banking scam sees fraudsters open 'twin' account next to your real one

A fraudster was able to open an additional current account with the wrong salary details - Clara Molden for The Telegraph
A fraudster was able to open an additional current account with the wrong salary details - Clara Molden for The Telegraph

A startling case of bank fraud has exposed the routine failure of current account providers to check applicants’ information.

Halifax customer Mark Mansfield discovered a criminal had opened another Halifax current account online in his name, despite the fraudster providing fabricated information about his salary and employment details.

Halifax since admitted to Telegraph Money that these details are not always double-checked. Security experts say a failure to conduct such verification lays the bank – and its customers – open to a range of financial crimes.

If anything, banks should be asking more questions when customers try and open secondary accounts

ADVERTISEMENT

John Marsden, Equifax

What was all the more extraordinary in this case was that Mr Mansfield, as an existing current account customer, had already lodged the correct information with the bank. Halifax failed even to run a basic check against this.

The ruse is one of several where criminals’ intimate knowledge of banks’ procedures enables them to navigate security checks and open accounts or perform transactions.

In another example, fraudsters were able to exploit a weakness in NatWest’s system which enabled them to lock Telegraph Money reader Annette Jefferys out of her online account. They used this as a trigger to then obtain an “activation code” to unlock it again.

The criminals had gleaned enough information about Ms Jefferys, almost certainly from social media sites and open source directories, to access her online banking.

It was the criminals’ close knowledge of NatWest’s procedures that enabled them to succeed in draining her account of all but 10p.

In Mr Mansfield’s case no money was stolen from him – although other businesses fell victim. In this case it was Vodafone, because the criminals obtained two phones from a Vodafone store in Portsmouth.

Mark Mansfield - Credit: Clara Molden
Mr Mansfield discovered a fraudster had opened a second Halifax current account using the wrong security informationCredit: Clara Molden

It is not clear whether the fact that Mr Mansfield already had a Halifax current account played a part in the ability of the criminal to open their own, fraudulent account. What is clear, however, is that the criminal provided adequate information to satisfy Halifax.

Mr Mansfield, 30, who works in public transport, discovered the fraud on May 3 when he telephoned Halifax to find out why his debit card had been blocked, and bank staff asked “which account the issue related to”.

Later that week Mr Mansfield received a new card and Pin number for the fraudulently-opened account.

On the same day he also received an invoice from Vodafone for two business phone contracts.

Mr Mansfield is now having to keep a close eye on his credit report to make sure the fraudsters are not using his details to apply for any other contracts.

Mr Mansfield said he “couldn’t believe” Halifax did not check the details given by the criminal.

Data threat | Five tricks hackers use to steal your bank details

He said: “How can a bank of that scale have such lax security? How do I know that this can’t happen again?

“What’s the point in having a system in place, which requires the provision of detailed information, if you’re not going to follow it?

“I don’t understand how a bank in this day and age can get away with this.”

Halifax told Telegraph Money that not all the information sought at the time of account opening was used to verify customers’ identity.

It said the fraudster in this case provided “sufficient customer information” to pass its account opening checks.

It said while some incorrect responses to questions were provided, not all would have been used for “verification purposes”.

Halifax insisted its procedures were robust. A spokesman said: “Information required will vary depending on if it is an existing customer whose information we already have, or a new customer.

“We would not share details of exactly what these are or how this information is verified.”

How great is the danger of ‘twinned’ account opening?

John Marsden, head of ID and fraud at Equifax, the credit reference agency, said each bank will have a different set of processes when customers open accounts, but fraudsters appear to have identified a “vulnerability” that could make it easier for fraudsters to open secondary accounts.

This could then give them access to the rest of the victim’s banking or allow them to use the details to sign up to contracts, such as for mobile phones or credit cards.

Mr Marsden said this type of fraud is relatively new but is fast becoming a “well known practice”.

He said: “If anything, banks should be asking more questions when customers try and open secondary accounts. I’d be very suspicious.”

Mr Marsden said banks need to be “raising the bar” when it comes to verifying the applications of additional accounts.

The four ways your bank lays you open to fraud

He said: “Every bank has its flaws but the authentication process should be taken to a higher level. Banks shouldn’t be lowering their defences.”

This latest disclosure comes as Telegraph Money continues to campaign for banks to take greater responsibility for the accounts and services they provide to fraudsters, who then rob other, innocent customers.

Where victims are tricked into paying money into fraudsters’ accounts, the receiving bank is able to shrug off all liability.

Trade body the British Bankers’ Association admitted that much of the information asked for at account opening is to check their suitability, rather than to enhance security.

A spokesman said: “Banks try to balance security and convenience and may also ask for information to ensure products meet their customers’ needs.”

Sign up to our emailsRegisterLog incommenting policy