(Mis)Uses of Technology

by Mike Masnick

Banks In South Africa Say Too Bad If You Have A Typo

from the such-is-life dept

Banks in South Africa have taken an interesting approach to how money is transferred via online banking. While they ask you for a variety of information about the account you're transferring money to, including account number and name on the account, they only look at the account number when making the transfer. In other words, if you make a typo and transfer money to the wrong account, too bad. Your loss. Now, obviously, people should be careful and double check the numbers they type in, but typos happen. And, at the very least, the bank should attempt to match the account names, since they have that information. If the names don't match, give back an error message. Instead, they say it's just too hard, and they accept no liability in the matter. If you're sensing a pattern here, you're probably right. Banks have decided that they aren't liable for anything that happens online, pretty much. Perhaps that's why they often seem so free with your data.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Jeff R, Nov 7th, 2005 @ 11:35am

    Even when it's their mistake!

    I had a fradulent Electronic-Funds Transfer out of one of my Checking accounts a few years ago.

    I had done business with a local ISP where I signed up for 3 months of service, pre-paid with a check. Normally, this ISP did business by doing EFT debits from customer accounts each month but I told them in advance that I did not authorize that and when my 3 months were up, they were to disconnect my service. I crossed out those provisions in their contract before signing it (and kept a copy).

    They proceeded to debit my account anyway.

    When I got my statement the next month, I went down to the bank to have them explain the EFT. They told me that I had 24 hours to dispute that particular type of EFT and in order to get my money back, I had to convince the business refund the money.

    Needless to say, I was livid. It is the most stark example of your bank doesn't care about you that I have ever personally witnessed and is the reason that I never provide any business except my credit card companies and my utilities with checking account information anymore. Everyone else is either a credit card or cash transaction.

    Your bank does not care and will take no steps to protect your or your money.

    reply to this | link to this | view in thread ]

  2. identicon
    Bret McDanel, Nov 7th, 2005 @ 11:41am

    account numbers

    so if a thief gets into your online account they can send what appears to be a legit payment by filing out the name, address, etc to one of your existing vendors, but an account number they control (perhaps another compromised account as was revealed in a previous story here). They can then avoid detection slightly longer because the summary page doesnt look as odd.

    No one checks the account numbers when going to the summary page unless something is wrong. Since the names match the customer doesnt notice as quickly (think business accounts where there are lots of transfers all the time)

    reply to this | link to this | view in thread ]

  3. identicon
    SysAdmin, Nov 7th, 2005 @ 1:54pm

    I'm not a banker, but I almost sympathise

    I work as a private system administrator. My clients include banks, medical offices, and other kinds of businesses. It never ceases to amaize me how willing people are to give out their own user names and passwords to "friends" and other associates. Then act like it is my faul that their data was compromised.
    This kind of stupidity happens on all levels. Small business, big businsses, governemnt. People just don't know how to keep a secret.
    It is my own opinion, that if somebody gains access to your account, through legit means (IE, they use your UN and PW to get to your online banking page), then it really isn't the banks fault. However, if the crook gets your banking information by compromising the banks own security measures, then it is the fault of the bank, and the bank should be held liable.
    That being said, it is very easy for banks to cross reference inforamtion, and not send a transaction through if names, numbers, and addresses don't match 100%. It is even easier to detect if your banking system allows those transactions to happen without the help of a human being (which happens way more than you think it does).
    However, most banks, while trying to provide good cusomer serivce, keep the checks and balances standards pretty low. And I can understand why. The one bank that I work for, that has very tighet security standards, also has more mad clients than any of the other banks that i work for. Their volume of complaints based on "user stupidity" is three or four times that of any other bank in my client base.
    Needless to say, I have no sympothy for those who complain because they didn't know the proper spelling for "Bank of America". And being a poor speller myself, I can tell you how frustrating it is to have to attempt a transaction a couple of times. However, there is a higher since of security, simply because it is that much harder for ME to make a mistake and loose money. Sadly, not everybody sees it that way.
    To make things worse, the bigger the bank, the worse the problem is. Small banks might do only twenty or thirty wires a day. Bigger banks might do hundreds, and bigger banks still do thousand and hundreds of thousands. Even if the typo error rate was only 1% (I can tell you right now that the number of client errors in small banks is much much higher than 1%), and of that 1% only 3% compained, that is still a lot of money, and time wasted on the banks behalf because of all the people who don't double check their work before clicking the send button.

    reply to this | link to this | view in thread ]

  4. identicon
    Lubnuk, Nov 7th, 2005 @ 3:50pm

    Re: Even when it's their mistake!

    Their mistake? You gave somebody your account information, told that company that you don't want them to actually use it, and then, when they did, you blamed your bank?

    Please explain how this is the banks fault.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, Nov 7th, 2005 @ 5:37pm


    I bet the head cheeses of the bank got with some of their IT guys and made a deal such that they actually do check the account number against the name, and if they dont match they just pocket the money. Thats actually a pretty cool idea except for being incredibly bad for PR when people find out.

    reply to this | link to this | view in thread ]

  6. identicon
    Jeff R, Nov 7th, 2005 @ 7:19pm

    Re: Even when it's their mistake!

    I wrote them a CHECK. a one time transaction. My bank cashed that check and then later allowed them to electronically transfer funds out of the account that check was drawn upon WITHOUT MY APPROVAL.

    That is not a mistake on my part, that's criminal fraud on the company's part and my bank didn't lift a finger to verify that it was a legal transaction, that the account holder (me) had authorized it, or to put the situation right once they were informed that they had facilitated a fradulent transaction.

    reply to this | link to this | view in thread ]

  7. identicon
    Lubnuk, Nov 7th, 2005 @ 10:36pm

    Re: Even when it's their mistake!

    But how is the bank supposed to know that you don't have an agreement with said company? Electronic debits are very common. And writing a check is the same as giving your account information to the company (because all of your accounts vital information is right there on the check.) If this was really fraud, you should have a case against the bank, a criminal one. have you talked to your states prosecuter, or the bank examiner to see what their take on the situation is?

    reply to this | link to this | view in thread ]

  8. identicon
    bob102285, Nov 8th, 2005 @ 3:58am

    Re: Even when it's their mistake!

    im a data processor/IT support at a bank... At our bank It is VERY difficult for the bank to make the mistake. you see, even on my job I have to know the full financial side of how the bank works. I have to be able to do anyones job. The security measures we have in place are top notch and all IT personel have to have securuty+ and network+ certifications. Its going to be even harder soon to make a mistake because at the end of next year all FDIC banks must have two-tier identification for online transfers. That means having something you know, and something you have(physically or personally)
    so you will need -token
    -or you have to be able to answer a specific, changing question.
    or biometric (but I doubt it...too expensive and still can be broken easily)
    Banks typically do their parts, but i don't think banks should grow as big as some have. It becomes too hard to keep track of everything and spot errors. They aren't perfect either, the best way to protect yourself is to just be smart with your identity and choose a good, respectably bank that has a good record. They do have procedures over errors and should have instantly halted the transfer or refunded it pending a 10 day investigation...thats a law.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.