Tweet
Hello,
I hope this is posted in the correct place and that someone can help me!
In a nutshell, my phone number was stolen by a fraudster. Once they had control of my phone number, they reset my online banking details and transferred money from my account.
In detail, here is the full story (and timeline);
Tuesday 16th - I receive a text from my phone provider with my PAC code and notifying me that my number would be moved to a new provider within 48 hours. I called my phone provider and notified them that this was a fraudulent attempt to steal my number. They reassured me that my phone would remain and they would block the attempt and investigate the matter.
Wednesday 17th - about 24 hours after I received the text message, my phone went dead. I called my phone provider and they notified me that unfortunately they hadn't blocked the attempt and my number had been moved to another network. Agent again said they would notify the new provider to block the number and they would request it back. I was issued with a temporary number in the interim and the request to get my number back would take 48-72 hours. They assured me that there was nothing to worry about and they don't know why fraudsters try to steal phone numbers.
Friday 19th - I tried to login to my online banking but it had been blocked and there was a note to call their fraud team. I called the fraud team and they notified me that almost £3k had been transferred from my account and that I would need to go to my local branch with ID and proof of address. At this point I called my mobile provider for an update. They advised me that my number was still on another network and they hadn't completed their internal investigation.
Bank told me that they had the funds on block and they would return this to me within 2-3 days - no issue with my bank. They have been excellent.
Obviously I wasn't happy with the detail from my phone provider. They refused to give me any information on what personal information the fraudster held of mine, or what details they revealed. I escalated the matter with the Agent on the phone (after 30 minutes on hold, and 45 minutes of going around in circles with detail) to a complaint handler whose attitude towards the complaint was pretty poor. They refused to give any detail or admit any fault. They claim they followed protocol.
Tuesday 23rd - mobile phone number was returned to me.
To this day, I still have not received any updates on their investigation, had all requests for information denied and pretty much told that once the phone number was returned that would be the end of it.
Obviously I really want to pursue this to find out exactly what happened, and why it was so easy to port my number to another network. I really want to find out what details the fraudster had about me so I can prevent fraud going forward.
What I do know from mobile phone provider is that their security protocol checks for the following information as security;
Name
Address
The callers then need to verify the password on the account. If you do not know the password the following questions are asked;
Phone Make and Model
Place Where Contract was Bought
If you do not know this information they will ask for the bank account number linked to the account.
Phone provider has almost (with extreme pressure from me) hinted that the fraudsters didn't know the Phone Make and Model or Place Where Contract was Bought.
I suspect (or they want me to believe) that someone had my bank details all along and that they are not to blame. I had at that point, told them that my bank account had been compromised via my phone.
I have already reported this to Action Fraud UK, who advised me that technically Identifty Theft isn't a crime until I become liable financially (at the moment I am not). I've also contacted the ICO, aswell as OFCOM to ask about various rights and responsibilities in this instance.
ICO have said that I should request as much data (as well as compensation) as I like, and if phone provider does not comply then escalate the complaint with OFCOM.
I want to pen an email to phone provider tomorrow and would like some legal advice on what to input! So far, I have requested the following;
Hope to hear from you soon!
I hope this is posted in the correct place and that someone can help me!
In a nutshell, my phone number was stolen by a fraudster. Once they had control of my phone number, they reset my online banking details and transferred money from my account.
In detail, here is the full story (and timeline);
Tuesday 16th - I receive a text from my phone provider with my PAC code and notifying me that my number would be moved to a new provider within 48 hours. I called my phone provider and notified them that this was a fraudulent attempt to steal my number. They reassured me that my phone would remain and they would block the attempt and investigate the matter.
Wednesday 17th - about 24 hours after I received the text message, my phone went dead. I called my phone provider and they notified me that unfortunately they hadn't blocked the attempt and my number had been moved to another network. Agent again said they would notify the new provider to block the number and they would request it back. I was issued with a temporary number in the interim and the request to get my number back would take 48-72 hours. They assured me that there was nothing to worry about and they don't know why fraudsters try to steal phone numbers.
Friday 19th - I tried to login to my online banking but it had been blocked and there was a note to call their fraud team. I called the fraud team and they notified me that almost £3k had been transferred from my account and that I would need to go to my local branch with ID and proof of address. At this point I called my mobile provider for an update. They advised me that my number was still on another network and they hadn't completed their internal investigation.
Bank told me that they had the funds on block and they would return this to me within 2-3 days - no issue with my bank. They have been excellent.
Obviously I wasn't happy with the detail from my phone provider. They refused to give me any information on what personal information the fraudster held of mine, or what details they revealed. I escalated the matter with the Agent on the phone (after 30 minutes on hold, and 45 minutes of going around in circles with detail) to a complaint handler whose attitude towards the complaint was pretty poor. They refused to give any detail or admit any fault. They claim they followed protocol.
Tuesday 23rd - mobile phone number was returned to me.
To this day, I still have not received any updates on their investigation, had all requests for information denied and pretty much told that once the phone number was returned that would be the end of it.
Obviously I really want to pursue this to find out exactly what happened, and why it was so easy to port my number to another network. I really want to find out what details the fraudster had about me so I can prevent fraud going forward.
What I do know from mobile phone provider is that their security protocol checks for the following information as security;
Name
Address
The callers then need to verify the password on the account. If you do not know the password the following questions are asked;
Phone Make and Model
Place Where Contract was Bought
If you do not know this information they will ask for the bank account number linked to the account.
Phone provider has almost (with extreme pressure from me) hinted that the fraudsters didn't know the Phone Make and Model or Place Where Contract was Bought.
I suspect (or they want me to believe) that someone had my bank details all along and that they are not to blame. I had at that point, told them that my bank account had been compromised via my phone.
I have already reported this to Action Fraud UK, who advised me that technically Identifty Theft isn't a crime until I become liable financially (at the moment I am not). I've also contacted the ICO, aswell as OFCOM to ask about various rights and responsibilities in this instance.
ICO have said that I should request as much data (as well as compensation) as I like, and if phone provider does not comply then escalate the complaint with OFCOM.
I want to pen an email to phone provider tomorrow and would like some legal advice on what to input! So far, I have requested the following;
- Electronic Copy of the call to phone provider on 16/07 in which Security Protocol was breached and PAC Code requested
- A Copy of my own Personal Data which phone provider may have shared with Third Parties including but not limited to Credit Agencies, Phone Providers, Marketing Companies and any other Third Party
- Phone Unlock Code at sole cost to phone provider; I will obviously switch network myself and have cancelled my direct debits
- Phone Proivder to place a Cifas Marker on my Credit Report; which can only be removed by me at my time of choosing - ICO advised me to do this; is it relevant or worthwhile?
- Detailed report from phone provider which confirms there has been a review of security protocol with recommended actions to prevent future similar instances of identity theft
- Release from my remaining contract with phone provider; with all associated fees the sole responsibility of phone provider
- Acknowledgment of fault and apology by phone provider for inconvenience caused
- Compensation of £XXX - I'm not so bothered about the compensation part here. All I want to be be free of phone provider and them to admit fault/apologise. But ICO were very adamant that I would be entitled to compensation of some sort. Is there precedent on how much I could potentially ask for? I have noted some phone providers have paid out large amounts in the past for fraud on customer accounts but unsure if the circumstances are similar to my own.
Hope to hear from you soon!
Comment