Bank of Ireland Credit Card Security: FAIL
Posted 10 Apr 2009 in Activate | 13 Comments
I woke up this morning to a text message that had been sent just after midnight. It was sent from a UK number and read
Bank of Ireland CreditCard Security – Please call us asap@ 01 488 5466
Classic phishing scam I thought. I phoned the number to investigate further. The Dublin number transferred me through to a UK call centre, where a lady on the end of the phone wanted to take my credit card numbers. I told her that I was not giving them, that it was an irregular way of contacting people and not secure. I then phoned the telephone number on the back of my credit card to report this scam. I thought it was clever timing , hit people over Easter, Banks will be closed on Monday and phone-lines closed for an extended period, meaning customers can’t double check or phone their local branches.
However, the person I spoke to in Bank of Ireland told me that that’s how the Security Department contact people out of hours – they text them. I was pretty incredulous.
ME: “They text customers, and ask them to phone a number that is not published anywhere, that diverts them to a UK number whereby they are asked to give all their credit card details over the phone”
BOI: “Yes”
ME: “Is that not exactly how phishing scams operate, is that not exactly the sort of communication you are forever impressing upon customers not to respond to?”
BOI: “You could always phone the number on the back of your card”
ME: “It was an unpublished number given in the text”
BOI: “You can mention that to the security dept if you have concerns”
And there you have it. That is how the Bank of Ireland Credit Card Security team operates. Would be really hard for a scammer to emulate that don’t you think.
Tags: Bank of Ireland, Credit Card Security, Fail, Ineffective, linkedin
[...] Bad security from Bank of Ireland security. [...]
This exact same thing happened to me a few weeks ago.
I called the number and felt uncomfortable giving my CC info to a person who had just texted me, so I gave them my name and asked them to validate some more info before I’d talk to them. They read out the last few transactions on my credit card to prove that they were with the bank… so I gave out to them for disclosing my transaction history without confirming my identity.
The phone call then just ended with confusion.
[...] on from Active Growth’s post on Bank of Ireland security, I didn’t want AIB to feel left [...]
One word sums it up – IDIOTS!!
I just hope my lot (AIB) are a bit more clued in
My Mum got a call saying she had to cancel her laser card because a business that had one of her receipt thingies with her number on had been burgled. The call was from someone at BoI security in Ireland. Both my mother and I were thinking perhaps it was a scam though. She rang her branch and it seems it was genuine.
BOI aren’t the only ones with retarded security policies.
http://verbo.se/tesco-credit-card-security/
adam
Following on from other examples illustrated above, I am disappointed, but not surprised that this is common practice for Irish banks. Sloppy and lazy – simply no need for it.
AIB have the “charming” habit of calling from an “unknown number” which always freaks me out.
Sending me texts though would be seriously dumb.
This site comes up first page in google for “bank of ireland credit card” Looks like BOI messed with the wrong person
Hi,
Well they’re still doing it.
This morning I woke up to the same message on my phone from a British number. Without thinking I dialed the number, got through and went through my account details confirming some transactions. It was only having got off the phone and woken up slightly that I began thinking it was very strange. I’ve just spent the last 15 minutes trying to find information but couldn’t find a match to the number I dialed.
I then came across this website and was very happy to discover that this is ‘normal practice’ for BoI security services.
Thanks for posting.
I got the text at 5am this morning, I instantly thought it was a scam, I phoned it and got through to the UK. I thought it was suspicious so rang the Bank Of Ireland hotline to check it out and it’s legitimate.
Why are they using a UK text number? That’s what made me suspicious. I googled the number and it’s not out there.
I am soooooo relieved to have found this website!.. I received a letter today about possibly fraudulent charges on my card and a request to call the above number. After actually finding some strange charge on my card which I haven’t used for months, I was so worried I call the number immediately and answered all security questions they asked — only to realise after hanging up that this could be any random number I just called. This is the only place I could find this number!! Thank you for the post!!
I also thought this was a phishing scam at first but it was genuine. I called the 24 hour lost/stolen number on the back of the card, just to be safe, and would suggest any others who receive this text do the same.
The reason the text came through late at night is because the fraudsters who cloned the card had just made bogus transactions in America (where no PIN is required, just a signature), several hours behind us in Ireland. The text came from a UK number because the BoI credit card security team is based there.
Hope this helps any others who receive this strange text.