NatWest is tightening its online security precautions after it emerged criminals were able to get access to accounts and transfer money without using any login details
The bank is being blamed for lax security protection that put users at risk of having their account details bypassed after criminals were able to take control of a victim’s phone number to redirect SMS messages and gain access to personal information.
Criminals are able to carry out the scam by first reporting a victim’s handset as lost or stolen to their mobile network, before requesting that the victim’s phone number be swapped over to one of their own SIM cards, allowing them to be able to receive SMS messages sent to the victim’s number.
The criminals can then call NatWest and claim they’ve forgotten their online login details, such as customer ID number, password, or PIN.
NatWest is not able to give this out straight away, but instead, following its Two-Factor Authentication policy, sends a code via text to the victim’s number, which can then be used by the criminals on its site to reset and change the password and PIN, and gain control of the bank account.
NatWest, whose parent company Royal Bank of Scotland (RBS) Group says it will also step up its security following the investigation, has admitted that its security needs improving, and says it is set to release a number of new regulations to do so.
“We’re implementing a number of new measures to further protect customers, including communicating with them using all of their registered methods of contacts with us, such as via email and text, to alert them any time a change is made to their contact details on online banking, in a similar way to Apple and Google,” a a community manager on NatWest’s official forum stated.
“We are also introducing a ‘cooling off period’ of three days, which prevents payments being made via the mobile app when a reactivation has taken place.”
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…