One of my constituents, Ralph Crisp, was done by the Barclay’s Bank ATM in Crouch End Broadway the week before last. It’s been all over the local papers but I want to post it here to shame Barclays for their performance in all of this.
It was the sort of scam we are warned about. Some villain has inserted something into the slot where you put your card so that when you put your card in it doesn’t come out. You go home and ring the bank when it opens – but the villains have meanwhile got your card and noted your PIN. Your money begins to be spent in places you have never been.
You phone the bank to say that the machine swallowed your card but at first you don’t suggest canceling card – just ask to have it back. So you go to the bank as it opens next morning. The machine hasn’t swallowed the card and within 15 minutes of insisting on seeing the manager the CCTV has demonstrated the scam.
Astonishingly, you are told that there have been 10 victims of the same scam in the last ten days!
Now when Ralph told me this – my hackles rose. If this had been going on for 10 days – where was the special notice warning customers? What on earth could be the reason for not widely publicising the fact that this ATM was under attack? Where was the duty of care to Barclay’s customers in all of this? Yes – I am writing to Barclays and the police – for what were they thinking? Were they scared of bad publicity? If you’ve got a pattern of crime, why not warn people?
The police say they had four of the then eleven cases reported directly to them. For the bank’s part – as far as I can gather – it is simply a matter for their fraud department and not referred onto the police. Can that really be the case? At what point should such a scam become a police matter? How do the police work with the Bank’s fraud department? Who monitors what is happening and how rigorous and successful the fraud department of banks are?
Yes – the Bank may ultimately cover the cost of what is gone from the account – but that doesn’t make up for the worry and hassle in the interim. It is in the public interest that criminals are caught and in the individual customer’s interests that the bank puts up a public warning at the first realisation of a scam.
So come on Barclays – you’ve got a lot of questions to answer!
Lynne Featherstone 
As security guru Ross Anderson noted many years ago, the way to get banks to improve their security is to make it their problem.Change the assumption so the bank is at fault for this sort of fraud, unless it can be proved otherwise. If you want to fix an IT security issue, the first step is to make sure the people who have the power to fix it are the ones who suffer in a security breach.
CQ is right. The police don’t like the situation where an organisation operates in a way that opens up the possibility of fraud, so they are reluctant to follow up reports – and they have been critical of the risks of card fraud for a very long time. But the position with the banks and card fraud is now more complex than that: the banks do indeed handle the reports themselves, only reporting them to the police when they are regarded as serious. And I understand that the banks also provide some funding to the police in order to get at least some support from them. It is the banking regulators who need to get tough.