Toronto man's online banking accessed by fraudsters
Security questions fail to stop fraudstsers
"All the security devices in the world" didn't seem to be able to stop an identity thief from gaining access to his banking information and almost causing serious financial harm, a Toronto man has told CBC News.
Eric Schmidt says his problems began two weeks ago when he went into his Scotiabank branch to pick up some cheques.
"I noticed that the address on the cheques was incorrect," he said. "It was an address that wasn't currently mine, and never had been mine."
He contacted the bank through telephone banking and an operator was able to confirm somebody made the address change – and other changes over the phone, as well.
He says the operator listened to a recording of the call and told him the fraudster gained access, despite not being able to answer a security question.
I noticed that the address on the cheques was incorrect- Eric Schmidt
"The breach actually took place through human error and all of the security devices in the world didn't seem to help."
In a statement to CBC News, Scotiabank apologized for the security breach.
"We'd like to apologize to the customer for the inconvenience he's experienced. We are working with the customer to resolve this matter and ensure that the customer is appropriately protected."
Starts with online information
John Russo, who works with the consumer credit reporting agency Equifax, says this type of fraud usually starts when information is obtained online.
"Fraudsters are phishing or using malware to get personal or account information and with that information they call a call centre," he said.
All of this has made Schmidt wary about the security of banking in general.
"My faith and trust in this bank, and probably other banks is questionable now," he said.
Schmidt's credit card company, Visa, noticed that someone was trying to make some suspicious online purchases and blocked them before they went through.
Scotiabank said that in that case security features were successful and resulted in no monetary loss to the customer.
Still, Schmidt learned that before that happened the fraudsters were able to sign up for a Mastercard and a mobile phone plan.