[_] OT: Security flaw of Direct Debits?
jason_nevin at yahoo.co.uk
Fri Nov 21 11:08:44 GMT 2008
+1 find the whole thing very concerning Which bank? ----- Original Message ---- From: Keir Moffatt <hello at iamkeir.com> To: Underscore <underscore at under-score.org.uk> Sent: Friday, 21 November, 2008 11:04:28 Subject: [_] OT: Security flaw of Direct Debits? Hi all, I recently had the pleasure of the AA taking £78 from one of my bank accounts via a Direct Debit that I neither set up nor authorised - I've no AA membership and don't even have a car (and I'm not an alcoholic...) After a great deal of phone calls and growling, I found out that, during the process of setting up the DD over the phone for one of their legit customers, the AA staff member enter a digit wrong... which turned out to match my account. I found the whole thing very concerning as: 1) I thought a signature was required to setup a DD 2) I'd hope that, when entering bank details, companies would have some way of checking that all the details match up (in this case full name and account did not) 3) What's to stop anyone setting up a DD with your bank account details?? 4) I was fortunate it was only £78 - it could have been someone paying off their £2000 credit card bill I guess the chances of someone inputting an incorrect digit and it being another legit account is quite rare, but it can't be that hard to get someone's bank account number and sort code... I didn't realise the DD system was so relaxed - does anyone know anymore info on this? Yours concerned, Keir-now-no-longer-minus-78-quid -- http://iamkeir.com -- underscore_ list info/archive -> http://www.under-score.org.uk/mailman/listinfo/underscore