David Raymond Amos @DavidRayAmos
Replying to @DavidRayAmos @Kathryn98967631 and 47 others
Methinks if the Crown won't prosecute the crook then the lady could sue them all N'esy Pas?
https://davidraymondamos3.blogspot.com/2019/05/rbc-customer-out-of-pocket-after-fraud.html
https://www.cbc.ca/news/business/rbc-customer-out-of-pocket-after-e-transfer-fraud-1.5128114
RBC customer out of pocket after fraud: what you need to know if you e-transfer money
635 Comments
David R. Amos
Methinks the cops should visit the crook and ask a few questions. If he does not wish to give he money back they should make a report and ask the Crown to decide as to whether or not to prosecute him. If the Crown goes forward I am certain it will cost the crook more than what he stole to pay a lawyer to defend him N'esy Pas?
"The women called RBC's fraud department and a bank employee provided the name of the fraudster, his email, and says he'd transferred the money to a TD Bank account."
Alex Tomev
Reply to @David R. Amos: It’s an email transfer so there’s likely no point getting involved. The funds were sent to an email address unlike cheque fraud that is sent to a person. An email address often doesn’t have a verified owner unless it was provided by an ISP like Rogers/bell/corporate email. So if the cops confront the “theif/opportunist” what’s to stop him/her from saying that’s his email since he has the password, and what’s to stop him from saying the funds were intact meant for him since he knew the transfers password due to the senders stupidity of including it in the question. Plenty of plausible stores that will never hold up in court where guilt is determined beyond a reasonable doubt. For $1000 it’s just a huge waste of time for everyone involved.
David R. Amos
Reply to @Alex Tomev: If the Crown won't prosecute the lady could sue them all.
Jim Redmond
First of all, it was only $1,734 --- who goes to the media over such a small amount. Secondly, I 100% support RBC on this matter. It's not the bank's fault someone had hacked her email account and it's not the bank's fault she used a weak security question. I wouldn't have paid her anything.
David R. Amos
Reply to @Jim Redmond: "only $1,734" ???
Methinks if it was your $1,734 you would at least demand that the cops do their job N'esy Pas?
Methinks if it was your $1,734 you would at least demand that the cops do their job N'esy Pas?
Jim
Redmond
Reply to @David R.
Amos: I don't consider $1,734 worth my time --- that's less than a half
day's work. And the cops shouldn't bother with such small amounts.
David R.
Amos
Content disabled
Reply to @Jim Redmond: I strongly disagree. I am a Senior and that amount is more than a month''s' income. However the point is a crook is a crook and a cop is a cop. Methinks if the cop won't do his job then he is assisting crooks N'esy Pas?
Al Zwikke
Reply to @Jim Redmond: Then I say you are committing fraud on whoever pays you $1734 for 1/2 days "work"
David R.
Amos
Reply to @Al Zwikker: My reply was blocked
Andy Norbet
Reply to @Jim
Redmond: Sounds like BS to me coming from someone who needs a walker to
get into town for food and lives in a trailer park.
Stan Vincent
"the fraudster figured out the answer for the security question necessary to deposit the money, and then redirected it to a different bank account."
"Hoover filed a report with Peterborough police, but an officer told her that it's difficult to clamp down on online fraud and her fight to recoup the money could take ages and would likely be fruitless."
Given that they have the bank account #, it should probably have been easy for the police to track down and catch the culprit, and return the money to the victim, if the police had acted on the matter right away instead of making lame excuses. Why the police are not going after online scammers and thieves is beyond me. A lot of crime these days is via the internet in one way or another. The police need to be keeping up with this trend and should already have considerable resources focusing on going after online fraudsters. The fact that police departments are not doing this at this point is way out of wack with the current trends.
David
Amos
Reply to @Stan Vincent: I agree and made the same argument earlier
RBC customer out of pocket after fraud: what you need to know if you e-transfer money
'Transferring money by email is much more risky than people realize,' warns cybersecurity expert
A system to transfer money online
— used over a million times a day in Canada — is not as safe as it
advertises, says a Royal Bank customer who had $1,734 stolen during an
e-transfer.
The theft occurred after Anne Hoover of Peterborough, Ont., e-transferred money from her RBC account to her friend Fran Fearnley, only to have a fraudster intercept the transaction and divert the money to his own account at another bank.
"I always use e-transfer," says Hoover. "I thought it was a safe way to send money."
An RBC manager says an internal investigation indicated that Fearnley's email account had been hacked, and when Hoover sent the e-transfer, the fraudster figured out the answer for the security question necessary to deposit the money, and then redirected it to a different bank account.
Anne
Hoover is angry RBC acknowledged a stranger redirected her e-transfer,
but won't fully compensate her claiming her security question and
password were too weak. (John Badcock/CBC)
An
expert in online privacy protection and security says financial
institutions have opted for convenience over security, which makes
strong email passwords and equally strong e-transfer questions and
passwords essential.
"How you manage those passwords is very important," says Claudiu Popa, author of The Canadian Cyberfraud Handbook and a cybersecurity expert who advises government and companies.
"Banks and financial institutions have made it very easy to transfer money via email. Unfortunately, with convenience, comes lack of security."
Hoover and Fearnley had just returned from a trip to Mexico on March 18, when Hoover went online and used her bank's Interac e-transfer system to reimburse her pal for trip expenses.
It
wasn't the sun on this Mexican holiday that burned Anne Hoover, centre,
and Fran Fearnley, right, the women say, after a $1,734 e-transfer
between them was intercepted by a fraudster. (Submitted by Anne Hoover)
But
when Fearnley opened the email and tried to accept the payment, she got
a message saying the e-transfer had already been deposited.
The women called RBC's fraud department and a bank employee provided the name of the fraudster, his email, and says he'd transferred the money to a TD Bank account.
"This is clearly a complete stranger," says Fearnley. "How could that possibly have happened?"
The two friends headed to their local RBC branch, where they are both customers — Hoover, for more than 30 years.
The bank blamed the theft on Fearnley's email security.
Hoover's security question to her friend was: "Who is my favourite Beatle?"
The fraudster would have had a one in four chance of getting it right — John, Paul, George or Ringo. In a test of RBC's Interac system, Go Public was given four chances to answer the security question correctly.
Hoover says she is disappointed by her local RBC branch in Peterborough, Ont., where she'd been a customer for 30 years. (John Badcock/CBC)
"The manager continued to insist ... that it wasn't really their problem. It was now our problem," Hoover says.
Eventually, the manager offered Hoover half the missing funds as a "gesture of goodwill."
Hoover filed a report with Peterborough police, but an officer told her that it's difficult to clamp down on online fraud and her fight to recoup the money could take ages and would likely be fruitless.
Hoover says she feels misled by the bank's website.
A webpage about RBC's digital security tells customers they're "fully protected" and will be reimbursed "for any unauthorized transactions."
But when Hoover pointed that out to bank officials, she was told customers aren't protected if they use weak passwords when transferring funds online.
RBC's
website suggests in large font that customers are protected against
fraud. Buried deep in the fine print are exclusions that prevented
Hoover from claiming compensation. (RBC)
RBC declined an interview request from Go Public.
In a statement, AJ Goodman, RBC's director of external communications wrote: "As part of our electronic access agreement, clients commit to using passwords and security questions that are unique and cannot be easily guessed or obtained by others."
That information is on the bank's website, but only if a customer reading RBC's "Security Guarantee" clicks on a few different links to get to a clause in the fine print of a section called "Security."
Interac makes the same security promises online as RBC, telling customers in bold print that they are "protected from fraud losses."
No one from Interac would agree to an interview with Go Public, directing questions to RBC.
In a statement, the company's senior manager of external communications, Adrienne Vaughan, wrote that Canadians must "protect their email and passwords so they do not fall victim to cybercrime and they can safely transact online."
In another, similar case, Dr. Sylvia Veith of Prince Albert, Sask., lost $7,000 when she used Interac to e-transfer money to her son's hockey league in June 2017.
That money was intercepted and her bank — RBC — blamed a weak password to a security question and told the physician there was nothing that could be done.
"This idea of transferring money by email is much more risky than people realize," says Popa.
"Companies don't report [incidents] because they don't want an investigation from the privacy commissioner, from other regulatory bodies."
Popa says people have been desensitized to the risk of email transfers "very quickly, almost too quickly" because they use email all the time, so they figure it's safe.
Cybersecurity
expert Claudiu Popa says consumers need to demand better security
features from their financial institutions, and switch if they won't
provide them. (John Badcock/CBC)
What
banks and other financial institutions have done, he says, is sacrifice
security to get a high number of people using the system.
Last year in Canada, there were more than 371 million e-transfers worth more than $132 billion, according to Interac Corp., the biggest online funds transfer service in the country.
The Canadian Anti-Fraud Centre told Go Public that it received 163 reports in 2018 involving e-transfers that were compromised, resulting in money being transferred to fraudsters.
Popa did a quick search of Fearnley's email on www.haveibeenpwned.com, a website that tracks data breaches and reports almost eight billion occasions when personal accounts have been exposed. The same email address could be acquired from several different sources.
Popa found her email was compromised on two sites when hackers attacked LinkedIn and Verification.io
"That means people have found those e-mail lists. They have sold them to others," says Popa.
"Different people have taken what they've needed from those lists, and that's how they got compromised, very likely."
The cybersecurity expert says financial institutions and Interac need to require something called "two-factor authentication" to better protect people's accounts.
"Every time you log into an account you need to use a second factor," explains Popa. "A code that arrives as a text message or as a separate email to a different email address that is only valid for a few seconds or a few minutes after it's received."
He says the financial industry knows more security is needed, but is more concerned about getting customers to use the e-transfer system.
Some financial institutions offer two-factor authentication as an option, not a requirement.
Go Public asked RBC and Interac why they don't require two-factor authentication. Both declined to address the question.
Hoover says she's learned the hard way that strong security questions and passwords are crucial.
She's escalating her case to the RBC Ombudsman, hoping to prompt the bank to better warn customers they could be liable for losses even if they're victims of fraud.
She's also closing her business account at RBC, after decades of loyalty.
"How can I feel confident [in RBC] when, in fact, I've had money stolen from me — clearly stolen," says Hoover.
"This isn't secure, and people need to know."
(CBC)
Submit your story ideas
Go Public is an investigative news segment on CBC-TV, radio and the web.
We tell your stories and hold the powers that be accountable.
We want to hear from people across the country with stories you want to make public.
Submit your story ideas to gopublic@cbc.ca.
The theft occurred after Anne Hoover of Peterborough, Ont., e-transferred money from her RBC account to her friend Fran Fearnley, only to have a fraudster intercept the transaction and divert the money to his own account at another bank.
"I always use e-transfer," says Hoover. "I thought it was a safe way to send money."
An RBC manager says an internal investigation indicated that Fearnley's email account had been hacked, and when Hoover sent the e-transfer, the fraudster figured out the answer for the security question necessary to deposit the money, and then redirected it to a different bank account.
"How you manage those passwords is very important," says Claudiu Popa, author of The Canadian Cyberfraud Handbook and a cybersecurity expert who advises government and companies.
"Banks and financial institutions have made it very easy to transfer money via email. Unfortunately, with convenience, comes lack of security."
How it happened
Hoover and Fearnley had just returned from a trip to Mexico on March 18, when Hoover went online and used her bank's Interac e-transfer system to reimburse her pal for trip expenses.
The women called RBC's fraud department and a bank employee provided the name of the fraudster, his email, and says he'd transferred the money to a TD Bank account.
"This is clearly a complete stranger," says Fearnley. "How could that possibly have happened?"
The two friends headed to their local RBC branch, where they are both customers — Hoover, for more than 30 years.
The bank blamed the theft on Fearnley's email security.
Hoover's security question to her friend was: "Who is my favourite Beatle?"
The fraudster would have had a one in four chance of getting it right — John, Paul, George or Ringo. In a test of RBC's Interac system, Go Public was given four chances to answer the security question correctly.
Eventually, the manager offered Hoover half the missing funds as a "gesture of goodwill."
Contacts police
Hoover filed a report with Peterborough police, but an officer told her that it's difficult to clamp down on online fraud and her fight to recoup the money could take ages and would likely be fruitless.
Hoover says she feels misled by the bank's website.
A webpage about RBC's digital security tells customers they're "fully protected" and will be reimbursed "for any unauthorized transactions."
But when Hoover pointed that out to bank officials, she was told customers aren't protected if they use weak passwords when transferring funds online.
In a statement, AJ Goodman, RBC's director of external communications wrote: "As part of our electronic access agreement, clients commit to using passwords and security questions that are unique and cannot be easily guessed or obtained by others."
That information is on the bank's website, but only if a customer reading RBC's "Security Guarantee" clicks on a few different links to get to a clause in the fine print of a section called "Security."
Interac makes the same security promises online as RBC, telling customers in bold print that they are "protected from fraud losses."
No one from Interac would agree to an interview with Go Public, directing questions to RBC.
In a statement, the company's senior manager of external communications, Adrienne Vaughan, wrote that Canadians must "protect their email and passwords so they do not fall victim to cybercrime and they can safely transact online."
Woman loses $7,000 in e-transfer
In another, similar case, Dr. Sylvia Veith of Prince Albert, Sask., lost $7,000 when she used Interac to e-transfer money to her son's hockey league in June 2017.
That money was intercepted and her bank — RBC — blamed a weak password to a security question and told the physician there was nothing that could be done.
- Been wronged? Contact Erica and the Go Public team
Security sacrificed for convenience
"This idea of transferring money by email is much more risky than people realize," says Popa.
"Companies don't report [incidents] because they don't want an investigation from the privacy commissioner, from other regulatory bodies."
Popa says people have been desensitized to the risk of email transfers "very quickly, almost too quickly" because they use email all the time, so they figure it's safe.
Last year in Canada, there were more than 371 million e-transfers worth more than $132 billion, according to Interac Corp., the biggest online funds transfer service in the country.
The Canadian Anti-Fraud Centre told Go Public that it received 163 reports in 2018 involving e-transfers that were compromised, resulting in money being transferred to fraudsters.
Popa did a quick search of Fearnley's email on www.haveibeenpwned.com, a website that tracks data breaches and reports almost eight billion occasions when personal accounts have been exposed. The same email address could be acquired from several different sources.
Popa found her email was compromised on two sites when hackers attacked LinkedIn and Verification.io
"That means people have found those e-mail lists. They have sold them to others," says Popa.
"Different people have taken what they've needed from those lists, and that's how they got compromised, very likely."
Financial institutions resist solutions
The cybersecurity expert says financial institutions and Interac need to require something called "two-factor authentication" to better protect people's accounts.
"Every time you log into an account you need to use a second factor," explains Popa. "A code that arrives as a text message or as a separate email to a different email address that is only valid for a few seconds or a few minutes after it's received."
He says the financial industry knows more security is needed, but is more concerned about getting customers to use the e-transfer system.
Some financial institutions offer two-factor authentication as an option, not a requirement.
Go Public asked RBC and Interac why they don't require two-factor authentication. Both declined to address the question.
Leaving RBC
Hoover says she's learned the hard way that strong security questions and passwords are crucial.
She's escalating her case to the RBC Ombudsman, hoping to prompt the bank to better warn customers they could be liable for losses even if they're victims of fraud.
She's also closing her business account at RBC, after decades of loyalty.
"How can I feel confident [in RBC] when, in fact, I've had money stolen from me — clearly stolen," says Hoover.
"This isn't secure, and people need to know."
Submit your story ideas
Go Public is an investigative news segment on CBC-TV, radio and the web.
We tell your stories and hold the powers that be accountable.
We want to hear from people across the country with stories you want to make public.
Submit your story ideas to gopublic@cbc.ca.
Follow @CBCGoPublic on Twitter.
About the Author
With files from Enza Uda
CBC's Journalistic Standards and Practices
No comments:
Post a Comment