Frustration

Referring to my previous posts and being mentioned by one or two posters, date of first letter from Lloyds was 5/7, second letter 22/9, 48 day turnaround. When I supervised a correspondence section in my younger days, I would had my rear end kicked long before I responded to customers in 48 days. Given the time of the year, holiday s were hopefully the reason. As it's now a further 57 days, am hoping that I've cracked it. I have studied that form at length and cannot see any other possible way that it could be filled in, given my clubs circumstances. So, fingers crossed!! Needless to say, I kept a copy of both attempts. The second letter only said which questions I had not answered and that was because I thought they were irrelevant.

John

Been through this today with BT for a friend. He lives in a "notspot" so texts are very difficult to get. But BT although they admit reception is bad in his area still insisted on texting a code to him so he could confirm his identity. The code never arrived so that job has stalled untill he takes his laptop & phone to another location to complete the process.

regards

Oldiron provides yet more evidence that the machinery of the modern world has been designed by, and is being operated by, idiots.

NatWest has devolved the ID 'verification' to HooYu, and presumably thereby hopes to insulate itself from responsibility when HooYu gets hacked. (Note 'when' not 'if''. Previous posters, and the bank's 'phone script-readers have suggested that I use someone else's 'phone or web-cam-equipped laptop to complete HooYu's ID 'verification' (pause for laughter) process.This is completely missing the point, which I thought I made clearly enough at the beginning of this sad little thread. The process is flawed.

What mechanism do money launderers frequently use for their nefarious purposes? They pretend to be someone else. This is facilitated by their stealing or buying someone else's identity. What information is required by someone intent on stealing your identity? Let me think. Oh yes, information about your identity, the more detailed and 'official' the better. Therefore the transmission of detailed identity information, such as passport info, etc. should be by an as secure as possible process.

Is the internet or the mobile 'phone network an inherently secure system? I don't think so. One can take steps to reduce risk, by taking care that your device is not compromised. You could be hard-nosed about this, and say that security is therefore your responsibility. But we ordinary mortals don't know enough to ensure security, and crooks are clever. It has recently been reported that perhaps 40% of Australians have had their identity information compromised by a single attack.

Thus, the suggestion to use someone else's, or a publically-accessible device is preposterously stupid. There is no way to have any confidence that the unknown device had not been compromised. 'Man in the mobile' and 'man in the browser' exploits are said to be undetectable by the user at either end of the link, and this type of exploit is considered the greatest risk to internet banking. Using a possibly compromised device lays one open to identity theft by 'man in the middle'-type exploits. Thus the stupid bank is suggesting something that increases the risk of identity theft, and thus facilitates money laundering!

Someone please tell me I'm wrong!

I suggest Kiwi is right, but goes a step too far in assuming the 'stupid bank' is insisting on a pointless step. The point is well made that 'ordinary mortals don't know enough to ensure security'. It applies in both directions! Not many customers understand what banks and businesses should do about security. However, it's reasonable to assume a bank employs security experts, who do know what they're doing, and will come up with something practical.

There's a hair in the soup. Computers aren't automatically secure and being connected to the internet means they can be attacked by any other computer on the internet. Also, because computer security costs money, it's all too likely that someone will choose not to spend it. If I remember correctly, Australia is a good example of this. When the government announced they were going to legislate to protect data, they were lobbied by a business community keen to keep costs low. This fitted quite well with the political belief that people should look after themselves, but missed the point that a big law firm with sloppy computer security would lose all their customers data and the customer could do nothing about it even if he was a tough. The UK system is stronger, but in my opinion also badly flawed. Here organisations who loose data are fined after the event, potentially heavily, but the customer is still shafted. Perhaps the main advantage of the UK system is that the size of the fine indicates how much a business should spend on security, which isn't nothing! I'd prefer a pro-active system, in which businesses have to meet standards and are subject to unannounced spot checks.

However, computers are no different to any other form of security. We often do things that need to be protected from dishonesty and negligence. Life is risky, making it always necessary to take reasonable precautions. Trouble is what's 'reasonable' depends on the risk, which isn't easy to judge. Kiwi feels providing a live picture by insecure means is dangerous. Although I agree he's 'not wrong' I think it's the bank who are taking the risk that Kiwi isn't Kiwi! From a security point of view a live photograph certainly isn't conclusive, but it adds to the overall evidence that the bank are dealing with an identifiable individual. And remember they're meeting a legal requirement to tighten up on dodgy bank accounts, not trying to prevent all forms of cybercrime!

So I'd go along with it because getting into a frustrating fight with faceless bureaucracy risks apoplexy. Don't forget to say 'cheese'.

Dave

SOD/Dave, I was hoping for your input. Thanks, always interesting to read your contributions.

I chose my words carefully, when I called the bank 'stupid'. Stupid in the sense of unintelligent. Unintelligent enough to realise that a 'one size fits all' approach isn't appropriate. There are many alternative ways of 'proving' identity, which are acceptable in UK law, but NatWest has devolved this task to HooYu, which requires it to be done live, on the 'net or by cell-phone. There is no alternative. Is this not stupid? (Cynically, I suppose that, from the bank's perspective, this is pretty smart, but you know what I mean.)

Also, this is the bank which didn't raise an eyebrow when bin-bags of millions of pounds of cash were deposited nefariously. So yeah, stupid!

Can anyone please explain to me how going through a process of sending a live photo of eg a passport (which I don't have), followed by a live 'selfie' establishes me as who I claim to be? In other words, does this reassure NatWest that it is in fact me, to whom it has been sending statements, cards, etc. for over 50 years? Surely it's only useful if the photos are 'validated' against a database of existing photos. I assume that part of the purpose of this exercise is the building of such a database. Big Brother is alive and well, and working for HooYu, and any other data-gathering outfit you care to think about.

Edited By Kiwi Bloke on 19/10/2022 10:57:30 (typos and brain-fade)

Edited By Kiwi Bloke on 19/10/2022 10:58:59 (finger stumbles...)

Edited By Kiwi Bloke on 19/10/2022 11:00:38

It looks like you will have a struggle, Kiwi

This is a frame grab of the hooyu landing page, this morning:

.

.

MichaelG.

That's frightening, Michael! Imagine how difficult it would be to clear your 'name' if this outfit, with ever-further-reaching tentacles, blacklisted you. Nowadays, it seems that you are blacklisted by default, until some 'security' outfit deems otherwise.

For those who think that worrying about this sort of thing is only for the conspiracy theorists and tin-foil hat wearers, remember the Crypto scandal. This was a Swiss firm that for decades after WWII supplied encryption machines to many governments across the globe. Eventually, it was discovered that the CIA owned and controlled the firm, and that machines supplied to over 100 countries were compromised, allowing the CIA to read their output. Now, it's been reported that another, smaller, similar company, Omnisec, is also a CIA operation. Constant vigilance! Trust no-one!

If you were a well-resourced organisation (or unfriendly country), intent on gathering as much personal data as possible, on as many people as possible, where would you direct your efforts? Wouldn't HooYu be a prime target? Let's hope their security defences are impregnable. What's the chance of that?

This is all rather glib: **LINK**

https://www.natwest.com/current-accounts/ID-verification-HooYu-details.html

MichaelG.

.

German word of the day = glibberig

Edited By Michael Gilligan on 19/10/2022 21:18:14

… and, of course, our though-provoking Latin quote of the day must be:

**LINK**

https://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%3F

MichaelG.