HSBC Issues OTP Fraud Warning

HSBC has issued a warning to its customers after scammers have started using a new tactic to steal thousands of pounds by misusing the One-Time Password protection feature.

The bank has stated that fraud cases involving misuse of banking passcodes in this way have grown by 25 per cent in the last six months, which could leave thieves free to go on a shopping spree using customers’ money.

In June alone, the bank said that £400,000 of fraudulent payments were attempted using OTP codes, although it is not clear how many of these were successful.

How OTP Works

OTPs or One Time Passwords are so named because they are one-off codes sent to a customer’s smartphone when they are trying to make a purchase online.

Because customers are assumed to have their smartphone with them, it prevents someone from making purchases with only the consumer’s card data — they would also need the smartphone (and to have it unlocked, to access the code).

However, as part of this scam, fraudsters are finding ways of capturing customers’ card data — often through a fake website pretending to be from the customer’s bank or from a parcel delivery service asking for a small fee — and then will attempt to purchase items using those details.

Once the passcode is sent, they will then call the customer and pretend to be the bank, claiming that they are from the fraud prevention team and asking the customer to read out the number to them. This is despite banks warning that they will never ask for the passcode to be given to them and marking that it should not be shared with anyone.

As soon as the scammers have this code they can proceed with payment and steal the money from the victim. Because the code is only sent at the time of purchase, scammers are able to time their phone calls, which makes it all the more convincing, especially to vulnerable customers.

HSBC UK or any other bank will never ask you to divulge any of your banking passwords. If someone calls you out of the blue and asks for your one time passcode, hang up straightaway, it’s a scam.

Scam Victims Abandoned?

This latest update from HSBC comes after consumer group Which? said that banks were abandoning their customers who had fallen victim to fraud.

They said that banks have to take strong action to make sure they do more to protect consumers and treat them fairly and equally. This came after statistics showed that, since the introduction of new voluntary reimbursement codes, banks still found that victims were at least partially to blame in 77% of cases.

The Financial Ombudsman Service has said that the figures also show that banks are getting many of these decisions wrong — 73% of complaints made by consumers to the FOS about APP fraud were upheld in favour of the consumer.