BMO Fraud Cases | Page 2 | BMO | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
BMO Fraud Cases
May 4, 2024
7:59 pm
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

Alexandre said

I never used Western Union transfers with Scotiabank, being their client for decades. They have that feature to send funds through WU from Scotiabank account.

First time I tried to use WU to send funds, and it were small amount under $1,000, my web access to Scotiabank accounts was blocked and I had to call Scotiabank to confirm it was me.
I was annoyed as hell, but now I think that were the right action on their side.

Just an example.  

That’s quite different. You are authorizing WU to access ur Scotia bank account. That transaction is way more suspicious than a EMT or wire transfer initiated by someone logging into the bank account, with correct password, got 2FA verified, AND from the same IP address that the customer commonly uses. If I am doing EMT to someone new, I will be annoyed if my bank declined it every single time and call me for confirmation….

May 5, 2024
8:56 am
tanitype
Member
Members
Forum Posts: 4
Member Since:
March 20, 2024
sp_UserOfflineSmall Offline

savemoresaveoften said
While it may seem easy for the bank to blame the client, the evidence is such that all security measure in place has met the requirement, including 2FA AND matching IP. A client will still blame the bank even if physical RSA type dongle is used. As long as the transaction is not initiated by the client, client points finger at bank.

I would love to hear from those that side with the victim 100% regardless of evidence provided, what are the other security measures that are lacking that banks should deploy ? It better be a practical one…  

Security is a "dynamic situation" and therefore banks need to continually make adjustments. No matter what security measures banks put in place, it's only a matter of time for fraudsters to find a way to circumvent them. Blaming clients for security breaches is an indication of laziness and poor judgement and it will hurt a bank in the end. Just look at the very bad publicity the latest cases has caused BMO. Remediating the bad press will definitely cost them much more than the total $1.5 M loss reported by several clients. It's not safe to assume that clients are IT security experts, banks are the actual security experts! However, it boggles the mind that in this day and age BMO still uses email for 2FA. Clients who do not feel secure about this actually need to call BMO to request disabling email 2FA. Disabling can be done by the bank only by removing the client's email address from their client's profile. Following this, BMO cannot communicate with their client via email because they no longer have their email address!! Also, a client who tries to reduce their risk, e.g., by requesting from their bank to disable Global Money Transfer in their account or to at least cap it at a small amount, instead of the ~$100 K default cap, will be told by most banks that this is NOT possible!

May 5, 2024
10:59 am
savemoresaveoften
Member
Members
Forum Posts: 2994
Member Since:
March 30, 2017
sp_UserOfflineSmall Offline

tanitype said

Security is a "dynamic situation" and therefore banks need to continually make adjustments. No matter what security measures banks put in place, it's only a matter of time for fraudsters to find a way to circumvent them. Blaming clients for security breaches is an indication of laziness and poor judgement and it will hurt a bank in the end. Just look at the very bad publicity the latest cases has caused BMO. Remediating the bad press will definitely cost them much more than the total $1.5 M loss reported by several clients. It's not safe to assume that clients are IT security experts, banks are the actual security experts! However, it boggles the mind that in this day and age BMO still uses email for 2FA. Clients who do not feel secure about this actually need to call BMO to request disabling email 2FA. Disabling can be done by the bank only by removing the client's email address from their client's profile. Following this, BMO cannot communicate with their client via email because they no longer have their email address!! Also, a client who tries to reduce their risk, e.g., by requesting from their bank to disable Global Money Transfer in their account or to at least cap it at a small amount, instead of the ~$100 K default cap, will be told by most banks that this is NOT possible!  

Agree with you banks should allow customers to disable global money transfer completely.
A client using online banking takes responsible for their security, whether they are IT expert or not is not an excuse.
As for email 2FA, I exclusively use text 2FA to my phone only, even tho my email is with the bank as well. I believe text msg 2FA is the bank's preference as well, since its more secure, but some customers insist email cuz they dont want to pay for text message cost etc. I guess those customers can request the physical dongle...
Onec gain, if a login passes the password check, passes the 2FA, and also coming from a familiar IP customer uses, there is zero reason for the bank to "suspect" its a fraudster. A customer can not be protected like a bubble boy.... lets be real....

May 5, 2024
11:14 am
HermanH
Member
Members
Forum Posts: 1242
Member Since:
April 14, 2021
sp_UserOfflineSmall Offline

savemoresaveoften said

Agree with you banks should allow customers to disable global money transfer completely.

As a potential user-control, a registered letter to the bank president detailing the security concerns for your refusal to ever use service XXX (i.e. global money transfer) and for them to never allow this transaction may offer some protection. Even though the bank may refuse to disable the service, your notification can only help you on legal grounds.

Of course, the bank may simply not want your patronage, either, and just exercise its legal right to close your accounts. sf-smile

May 5, 2024
11:29 am
Norman1
Member
Members
Forum Posts: 7195
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

tanitype said

… Just look at the very bad publicity the latest cases has caused BMO. Remediating the bad press will definitely cost them much more than the total $1.5 M loss reported by several clients. …

No need to remedy the bad press when it is isn't the bank's fault. In fact, the press may be beneficial to all the financial institutions by causing more people to take their responsibility in securing their online banking access more seriously.

… Also, a client who tries to reduce their risk, e.g., by requesting from their bank to disable Global Money Transfer in their account or to at least cap it at a small amount, instead of the ~$100 K default cap, will be told by most banks that this is NOT possible!

Won't reduce risk. Anyone who can login with the correct account, correct password, correct one-time two-factor number, and from a regularly-used IP address by the client can do so and request that the feature be switched back on.

May 5, 2024
12:03 pm
InterestThis
Member
Members
Forum Posts: 379
Member Since:
November 5, 2022
sp_UserOfflineSmall Offline

For example, Simplii will not allow you to disable Global Money Transfer, even though it creates an open backdoor to your account. They literally will not allow you to turn it off, or even limit it.
If in fact you click on it, and ask to turn it off, then they start spamming you with auto-emails encouraging you to use it!

And when you file an official complaint with Simplii, 6 weeks after you filed the complaint and it's registered as a complaint, they have still not gotten around to addressing your complaint.
That is the reality of these banks, they do not care about your interest in security, they care about cutting their labour costs.
For Simplii the only thing to do is to limit the account as much as possible, and to not keep much money in it.
Bottom line, it's much cheaper for banks for some customers to get scammed, than to add much higher security. And they don't want to acknowledge there is a security problem, as Class Action lawsuits are in process.

No permission to create posts

Please write your comments in the forum.