More information about the Underscore mailing list

[_] OT: Security flaw of Direct Debits?

Jason Nevin jason_nevin at
Fri Nov 21 11:08:44 GMT 2008

+1 find the whole thing very concerning 

Which bank?

----- Original Message ----
From: Keir Moffatt <hello at>
To: Underscore <underscore at>
Sent: Friday, 21 November, 2008 11:04:28
Subject: [_] OT: Security flaw of Direct Debits?

Hi all,

I recently had the pleasure of the AA taking £78 from one of my bank
accounts via a Direct Debit that I neither set up nor authorised - I've no
AA membership and don't even have a car (and I'm not an alcoholic...)

After a great deal of phone calls and growling, I found out that, during the
process of setting up the DD over the phone for one of their legit
customers, the AA staff member enter a digit wrong... which turned out to
match my account.

I found the whole thing very concerning as:

1) I thought a signature was required to setup a DD
2) I'd hope that, when entering bank details, companies would have some way
of checking that all the details match up (in this case full name and
account did not)
3) What's to stop anyone setting up a DD with your bank account details??
4) I was fortunate it was only £78 - it could have been someone paying off
their £2000 credit card bill

I guess the chances of someone inputting an incorrect digit and it being
another legit account is quite rare, but it can't be that hard to get
someone's bank account number and sort code...

I didn't realise the DD system was so relaxed - does anyone know anymore
info on this?

Yours concerned,

underscore_ list info/archive ->