|
Post by chris1881 on May 8, 2017 12:22:20 GMT
Fyi, a fraudulent withdrawal (equal to the amount available for withdrawal) was taken from my R/S account this morning.
R/S tell me the change to the bank account details was made in March.
I saw on this board mention that R/S had been affected by hackers so changed my password then. It would seem the hackers have have my new log in details as there have been several amounts available for transfer out since March which have been untouched.
This prompts several q's about R/S's security.
How were my details changed? I thought bank a/c changes could only be made by phone.
Why wasn't there an email flagging the changes to my bank details?
Why can't I see the bank a/c details online? In the absence of withdrawable funds, this doesn't appear to be possible. If so, the accounts of my wife & son, & potentially all of yours, are sitting ducks. The hacker will know the details. You won't.
The R/S customer service has been thusfar poor. The agent was ignorant of basic information about the site & all capable staff were either 'at lunch break' or 'off ill'.
|
|
dermot
Member of DD Central
Posts: 862
Likes: 517
|
Post by dermot on May 8, 2017 13:14:28 GMT
Yes, I believe I was the first to raise this issue on Feb 25th.
The problem is that the leak had been running for some months, so they had all that time to gather data and change your bank details - presumably, they phoned in impersonating you using the security details they had gathered from the leak.
What is not clear is how they only now logged in to extract money - perhaps they harvested some more data *after* you changed password but *before* the security fix was installed?
I hope you can trace the bank details to see where your money went - one hopes it was a UK bank.
I've made several withdrawals since then with no problems - but perhaps I'll change my password once again.
Since your bank details are not visible, this is an unusual hack - the crook changes your bank details and then waits for *you* to send him money.
Problem is, I'd have thought that RS would twig if a large number of accounts were changed to the same bank account.
I guess you may have suffered an entirely different security breach?
|
|
amphoria
Member of DD Central
Posts: 156
Likes: 124
|
Post by amphoria on May 8, 2017 14:06:18 GMT
Ratesetter do show you the bank details on the confirmation screen when you withdraw money, although the account number is partially masked.
|
|
beh
Member of DD Central
Posts: 175
Likes: 77
|
Post by beh on May 8, 2017 14:14:51 GMT
R/S tell me the change to the bank account details was made in March. ... Why can't I see the bank a/c details online? In the absence of withdrawable funds, this doesn't appear to be possible. If so, the accounts of my wife & son, & potentially all of yours, are sitting ducks. The hacker will know the details. You won't. This is curious, I haven't made a withdrawal since mid-march. I was looking at setting up auto withdrawal recently but it tells "Before you can set up the Auto Withdraw function you need to make at least one successful standard withdrawal." which might suggest that my bank details aren't the same as those used previously. As you say, that you can't even view partial bank account details online is very poor. EDIT: Ratesetter do show you the bank details on the confirmation screen when you withdraw money, although the account number is partially masked. You can indeed see them before hitting confirm and they don't appear to have been changed, must just be a bug.
|
|
iren
Member of DD Central
Posts: 302
Likes: 300
|
Post by iren on May 8, 2017 14:18:21 GMT
I called RateSetter after seeing this thread, as funds I withdrew on Friday hadn't yet been credited to my bank account and I thought it was best to check my correct bank details are still held. They've confirmed there has been no change, and that the Monday credits often arrive later than on other days. They've also told me that they wouldn't accept any request to change my bank details without seeing a bank statement.
My call was answered quickly by a capable operator. I'm sympathetic that Chris's wasn't, as any financial institution should always have people rostered to deal with this kind of emergency matter.
|
|
|
Post by chris1881 on May 8, 2017 15:48:19 GMT
I am delighted to say that my issue has been resolved.
The new bank account was in fact R/S's own.
For some reason tied in with the sell out, it became linked to my R/S account (which I have kept active) & something triggered a withdrawal into it today.
Whilst my first call to R/S was with an inexperienced agent, R/s swiftly diagnosed the issue & returned my funds.
I suggested they set up an automatic email alert for when bank details are changed which they are considering.
Most impressive, the CEO called me a few hours later to apologise & have a very open discussion about the business.
My sense is of a business in decent shape run by decent people who could be more proactive in building trust amongst us retail types.
|
|
shimself
Member of DD Central
Posts: 2,560
Likes: 1,169
|
Post by shimself on May 8, 2017 19:06:06 GMT
Chris I suggest out of decency you put an edit in caps on the first post something to say SECURITY NOT COMPROMISED AFTER ALL
|
|
Greenwood2
Member of DD Central
Posts: 4,241
Likes: 2,686
|
Post by Greenwood2 on May 8, 2017 19:37:01 GMT
I am delighted to say that my issue has been resolved. The new bank account was in fact R/S's own. For some reason tied in with the sell out, it became linked to my R/S account (which I have kept active) & something triggered a withdrawal into it today. Whilst my first call to R/S was with an inexperienced agent, R/s swiftly diagnosed the issue & returned my funds. I suggested they set up an automatic email alert for when bank details are changed which they are considering. Most impressive, the CEO called me a few hours later to apologise & have a very open discussion about the business. My sense is of a business in decent shape run by decent people who could be more proactive in building trust amongst us retail types. Is this likely to happen to other lenders who participated in the sell out?
|
|