Delivering Poor Banking Security

The DeliveryDemon has the rather naive expectation that banks who are entrusted with our money should operate reasonably secure procedures. Hang your heads in shame RBS and Barclays.

The DeliveryDemon has had cause to complain to both banks recently. In each case the complaint was about their processes, not anything specific to the account. In both cases an idiot from their customer ‘service’ team phoned up and demanded to know secure account access details before they would consider listening to the complaint. Do they really think it is sensible for someone to give out account password information to a random caller?

RBS, there is no need to access my account in order to hear that it does not constitute ‘faster payment’ if you take details of a payment on Friday and can’t process it till Tuesday unless the I ring again on Monday.

In fact there is no need for your customer ‘service’ to access my account at all. The default action should NEVER be to access the customer account. Basic security is that this should only be done if the customer raises a matter specific to the account, i.e. if there is a genuine need to access the account.

Banks are piling on nuisance value processes to make it more difficult for the customer to access their own money, all in the name of security. It’s about time they got their own house in order, introduced secure internal processes and gave their customer contact staff some basic security training.

Delivering Support for Scammers at Taxpayers’ Expense

The DeliveryDemon has been analysing the lifecycle of the common bureaucratic organisation. It is very obvious that bodies set up to deal with offences against consumers very quickly morph into something very different and much less useful. Being a bureaucratic organisation, they discourage individual responsibility in favour of box ticking and remote decision making. They quickly avoid dealing with the individual consumer, preferring to collect statistics via paperwork and cosy chats with representative organisations. This of course leaves the individual consumer dealing with layers of obfuscating bureaucracy on top of the original problem. And of course, all this bureaucracy is being paid for by the taxpayer.

These thoughts were prompted by the DeliveryDemon’s recent dealings with phone scammers. It’s common knowledge that these cold callers represent companies who profit from the sale of dubious products. They are known to target the elderly and vulnerable, timing calls for when these people are most likely to be home. The scammers frequently try to give the impression of legitimacy by using wording which conveys the impression that they are some sort of government body, and that they have the callee’s details from some official source. Recent scams include solar heating and payment protection insurance claims.

The DeliveryDemon registered with the Telephone Preference Service a long time ago, but this doesn’t stop the calls. First they exclude ‘market research’. Of course this is handing a ‘get out of jail free’ card to the scammers. All they have to do is ask a few questions to claim they are carrying out market research. Each time the DeliveryDemon looks at the TPS website, the list of things they don’t cover has grown longer, but TPS is still being touted as the best way to avoid scam calls.

The DirectGov website is promoting a new bureaucratic setup which enables simultaneous signup to TPS and MPS which supposedly stops junk mail. Guess what! The signup site brings up a warning message – ‘The security certificate presented by this website has expired or is not yet valid. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.’

A mere few months ago, the DeliveryDemon became aware of the National Fraud Authority’s Action Fraud line 0300 123 2040. At the time the DeliveryDemon’s household was being plagued by multiple daily autodial calls from the solar heating scammers. After a couple of calls to Action Fraud, the scammers stopped calling. Great. But in a few short months it appears that Action Fraud has been quick to take the path of bureaucratic decline. The DeliveryDemon received a series of calls from PPI Claims scammers implying they had something to do with the Ministry of Justice and that they had some knowledge of a claim the DeliveryDemon was entitled to make. So the DeliveryDemon traced the callers and reported them to Action Fraud, only to be told that this was probably just their sales line. So that’s OK then? No it’s NOT. A dishonest sales line is a scam, that is and attempt to use deception to part the callee from cash. In other words it’s attempted fraud. The DeliveryDemon is nothing if not persistent and eventually Action Fraud grudgingly agreed to record the scam details for their records, but announced that TPS and the Information Commissioner were the correct complaint route.

The ICO does give advice on dealing with scam callers. ‘If you receive an automated marketing call or live marketing call which you think breaches the Regulations you should write to or email the organisation concerned (remembering to keep a copy of all correspondence). Tell them about the problem and allow them time to put things right. If you continue to receive marketing calls despite registering with TPS, or asking the organisation to stop, we may be able to help.’

Seriously, the ICO will only consider dealing with a complaint once the callee has actively engaged with the scammers. In other words, the caller has to provide the scammer with sufficient information to allow the scammer to validate the nature of the number they have been calling – and, like email address lists, phone lists can be sold for more if it has been validated that there’s a real private individual at the end of the line. This is common knowledge for anyone advising on personal security matters.

So that’s four taxpayer funded organisations all claiming to deal with phone scams, and all getting less and less effective, dropping responsibilities and passing the buck. The StayPrivate one has sprung into existence in a time of so-called austerity, and appears to bring no benefits to the table. What’s the point of politician’s airy persiflage when cutbacks in extravagance are promised on one hand, and money tossed away with the other? The DeliveryDemon despairs!

Surprise, surprise – Risk Management

The DeliveryDemon was interested to see some risk management being discussed in the US Treasury.

The US bank bailout includes the setting up of a public-private partnership to buy up toxic assets. As this Reuters article http://tinyurl.com/carurp explains:

• The cost risk to taxpayers outweighs the potential for benefits
• Conflicts of interest have been identified and recognised as a source of risk
• The scheme is inherently vulnerable to fraud, money laundering and other forms of abuse
• The ‘public’ element of the public-private partnership dilutes the risk for the private element, increasing the likelihood of a high risk approach to managing the overall funds

What is surprising is that these risks are being so publicly and simply stated. The early days of most public-private partnerships are normally wreathed in a mist of bonhomie as each party strives to protect and enhance its relationship with the other party. Reservations are rarely made public.

The DeliveryDemon will be interested to see how strongly this risk management and transparency is followed through. And whether the UK takes a lead from the US when it comes to acknowledging and managing the risks associated with the UK government’s bank bailouts.