Has your bank ever texted you a six-digit security code? Beware of it like the plague.
• Also read: ‘It will reduce my pension’: Hacker steals $350,000 at age 77
“We think this SMS protects us, but not at all,” warns Simon Marchand, a fraud expert.
David Trubiano, 48, knows something about it. The BMO customer was scammed out of $14,360 thanks to this security code.
The bank refuses to refund him because it holds him responsible for passing on his six-digit code to third parties.
One fine April morning, the project manager receives a call from the bank, at least from what appears to be the bank because the number shown is actually BMO’s.
He is told that he is the victim of a scam and that to confirm his identity he must recite the security code that has just been sent to him.
In fact, David Trubiano then becomes a victim of “spoofing,” or identity theft.
The hackers pose as a bank and need this code.
Once they have the victim on the phone, they connect to their online banking account. The SMS is sent and the six-digit code is read out. That’s it.
Not sure
All banks say the same thing: they never call a customer to ask for personal information.
But when the customer calls the bank, it sends him a six-digit code.
“I had to read the code at the bank when I was the one calling,” remembers David Trubiano. Everything can quickly become confusing.
“Attention: This code allows access to your accounts. Calls with this request can be fraudulent. If yes, dial the number on the map. BMO code: XXXXXX”, we can read in the SMS sent.
The Bells and Verizons of this world have been warning banks for a long time, assures Simon Marchand: SMS is not a safe solution.
Ultimately, banks have no obligation to reimburse. “That doesn’t make any sense,” says the expert.
London has passed a law forcing banks to compensate defrauded customers. “Justin Trudeau hesitates. If he doesn’t want to legislate, he should give the skills to Quebec,” says the man who was already a candidate for the Bloc Québécois.
Humiliated
Six months after the cheating, David Trubanio still cares. “It’s humiliating, you feel stupid. They are insulting, they blame us,” he says.
On the morning of April 20, he realized the problem in less than five minutes: The fraudsters had transferred $13,000 from his credit card to his checking account before transferring $14,360 to “Stranger.”
“I called her immediately. In less than five minutes they knew it wasn’t me, they knew where the money was,” says the father of three.
The bank hasn’t moved. Mr. Trubiano spoke to four different people at the bank and was asked to repeat his story throughout the summer.
“Every member of staff told me there was no point in me getting a refund. Then every time, those who decide and we can’t talk to refused the refund,” he says.
He was advised to lodge a complaint with the Ombudsman. “It all takes a very long time. They’re counting on people to give up, to wear them down,” Trubiano notes.
We asked BMO if it is their policy not to compensate spoofing victims. The bank was unable to give a clear answer. She preferred to tell us that “Account protection is a partnership between the customer and their bank.”
Can you share information about this story?
Write to us or call us directly at 1 800-63SCOOP.