Ian Murray uses Barclays . Here's what he reports, via Facebook (repeated here with his permission).
FULLER DETAILS OF HOW THE BARCLAYS HAS ENABLED FRAUD
Nine months ago I visited the IrfanView site and downloaded its free (and very good) picture editor. Yesterday Malwarebytes informed that the download had been infected with a stupendously pernicious backdoor programme. Though this has since been removed, what was uploaded remains unknown and my machine muct be assumed to be compromised.
As my friends know I have been subject to some nasty bank frauds.
However, as ther evidence I am about to present shows, the banks have enabled the fraudsters. ( To be fair ... they have been excellent in dealing with the consequences - but their systems INVITE fraud. ) If basic bio data about you is known: address, dob, phone etc then you are shafted.
1) On using a Barclaycard for the first time these days (if you are not already registered online ) you receive this email:
Thank you for registering to Barclaycard Secure services. This free service provides added safety when you shop online. Activation Details: Activation date: 25/12/13
Merchant at which activation took place: JLP Website Amount of purchase: 168.00 Login name: IANMURRAY22 The service is now active for your Barclaycard card ending with: XXXX-XXXX-XXXX-0000
If your email is compromised in any way, Barcalys has just told ANYONE how to use and raid your account.
2) Read the uploaded picture (mastercard) about PIN and cards. Provided basic bio data is validated on a new card Barclays will inform ANYONE over the phone (and online) your PIN.
3) The other uploaded Debit Card had NEVER BEEN USED. It was still attached to its original letter in the original envelope in a locked filing cabinet. Its associated PIN had nevere been scratch revealed. Fraudsters activated and used the debit card. How?? Inside job??
4) The PayPal fraud - possibly the worst security loophole. In the UK (in fact all over Europe due to money laundering legislation) it is a very slow and difficult process to open a new bank account.
To open a PayPal account is EASY - a few clicks. Your credit card and bank details can then be uploaded and linked to the PayPal account. Provided the two small credits to your uploaded details are verified ( here guesswork and multiple tries makes it easy ), then the link to your bank account/credit card is set up.
If the account was set up in your name ( with correct bio-details etc ), then effectively the fraudsters have used a dozen clicks to OWN your bank account. In my case they used a nonUK phone number - big mistake - they were over confident.
If you think your bank details are confidential - WRONG. they are written on every cheque and on your debit card. They are PUBLIC.
What was Barclays reactions to all this. To be fair they have been excellent in correcting the situation. But they have no intention of making their systems less of an open door. Unofficially I was told that it is cheaper to pay off the fraud than to implement new systems or lose customers because of stricter security. This is an agreement across ALL UK banks. In Europe particularly France and Germany two stage text message authentication is required. The UK banks have rejected this as bureaucratic. The UK banks have also rejected the French system (much much more secure) of pick and click character entry from the screen in favour of simple typing of login details: which ANY KEY LOGGER will detect. Their view (again) is that the European system will lose them customers and is too bureaucratic. The fact that it is far far more secure is considered irrelevant.
I apologise for this long posting - if you have read to the bottom, then you are fully up to date and informed.