Some banks text security details when customers forget their details.
The activation codes sent by text to mobile phones also allow payments to be made from an account.
The scam works by blocking the genuine phone. The owner is unaware of why the phone has been blocked and allows the criminal – who now has control of their phone – to syphon money from their bank account.
You and Yours has been contacted by dozens of people affected by the scam. All say they have never revealed their security details to anyone, and the that first they knew something was wrong was their mobile phone going dead.
We decided to investigate. You and Yours producer Natalie Ms Donovan is a NatWest customer, so I used her bank account as an experiment. I was able to break to her account without knowing her banking customer number, PIN or any passwords.
I did not know her mother’s maiden name, her pet’s name or her first school, and yet I was still able to change her PIN and password to lock her out of her own account.
That allowed me to transfer £1.50 to my own bank account, all because I had control of Natalie’s mobile phone.
NatWest, owned by Royal Bank of Scotland, said that its systems for both banks would be changed as a direct result of the You and Yours investigation.
Chris Popple, managing director of NatWest Digital, said: “This is a cross-industry problem, particularly with us, and the telecom companies. We working with Financial Fraud Action UK to make sure we’re communicating with each other … to make sure mobile phone security is as strong as it possibly can be.”