Posts Tagged ‘HSBC’
by Gwyn Headley
Paying by bank transfer is much easier than paying by cheque, which is why so many companies now include their bank details — account number and sort code — on their invoices.
That’s reasonable when the recipient is a private individual or another company. It’s not so good when they are published on the fifth biggest website in the country.
To illustrate an article “Bank cheques to be cleared within a day” on their website last Wednesday the BBC used a photograph of a handwritten HSBC cheque, clearly showing a company’s account number and sort code details.
The trouble was they were ours — fotoLibra.com’s.
This was a cheque we’d paid to one of our contributors in 2012, and to add aggravation to outrage she photographed it and uploaded it to Getty Images, who then sold it to the BBC, complete with our clearly visible bank details.
James Cliffe, HSBC’s Head of Business Banking, is no call centre drudge and he took the issue sufficiently seriously to call me direct. HSBC had seen the article shortly after it appeared and immediately called the BBC to complain. The photograph was replaced within the hour.
An account number and sort code is all an unscrupulous individual needs to set up a standing order or direct debit, as Jeremy Clarkson found to his cost when he published his bank details in the belief they only worked one way. He found he was suddenly paying out a £500 direct debit to the charity Diabetes UK.
Clarkson revealed his account numbers after rubbishing the furore over the theft of 25 million people’s personal details. He wanted to prove the story was a fuss about nothing. “The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again,” sighed Clarkson. “I was wrong and I have been punished for my mistake.”
We hold the BBC and Getty Images equally responsible. We expect they know (Getty, that is) they’ve done wrong because there’s no trace of that image on their website today.
We still don’t know what damage we may suffer.
But if HSBC’s big guns are concerned, then we are concerned.
by Gwyn Headley
… and Pennsylvania, and Indonesia …
Once upon a time (early this morning, actually) there was a photographer who came across a lovely website called fotoLibra.
“Gosh,” he thought. “If I sign up I can upload my pictures to fotoLibra and if they sell I’ll make some money.” So he uploaded two pictures for nothing.
This very same morning a nice lady in New York found the same lovely website.
“Gee willikins,” she thought. “I’ll sign up, and what I’d like to do tonight is buy a photograph of some guitar strings, for 5000 corporate CDs in Europe.”
Within minutes another nice lady in Pennsylvania also discovered fotoLibra and signed up. “Now, let me see,” she mused, “I think tonight I’ll have a photo of some guitar strings on my commercial internet site for a year. Ah! Here we are! The very thing!”
And both ladies, by fortunate happenstance, had hit upon the same photograph, uploaded by our lucky new member in Indonesia only moments before.
What joy! Two satisfied customers and one happy photographer! And they all signed up within 30 minutes of each other! The picture was uploaded and sold twice before it had been online for half an hour. Job done by fotoLibra!
But then, far away on the other side of the world, a new day dawned, and deep in her feculent pit the great JACQUI NORMAN stirred. She pointed one terrible eye at the computer screen and in an instant spotted the improbability of such transactions.
“FF RR AA UU DD !!” she bellowed slowly and heavily, shaking the sere and devastated land around her lair.
As I write, there is no happy ending. The money — a fair amount, paid by credit card — will be deposited in the fotoLibra account by close of play tomorrow. In 30 days we have to pay the photographer.
And in four or five months HSBC will slowly realise there has been a fraudulent transaction and will remove the entire amount from our account without informing us first.
So maybe we won’t be paying this gentleman from Indonesia in 30 days. We’ll just hold on to the money for a little while, and see what happens.
We could be wrong.
But we don’t think so.
by Gwyn Headley
Having been ripped off by a Nigerian scammer (details here) we asked our local MP Elfyn Llwyd (Plaid Cymru) if there was anything he could do to help.
He was as outraged as we were that the issuing bank knew of the fraud two months before coming to HSBC and demanding that $800 be removed from the fotoLibra account, by which time of course we had disbursed the money. He said he would write to the Chairman of HSBC.
Which he did. He received a reply from David Lewis, Head of HSBC Customer Relations, absolving the bank of any responsibility and arguing that it was fotoLibra’s fault for accepting ‘cardholder not present’ transactions. This amazing statement ignores the fact that 10.7% of all retail sales* are now made via the internet, every one of which is a ‘cardholder not present’ transaction.
Mr. Lewis concluded
There are some steps the merchant/retailer can take to minimise the possibility of fraud, for example asking for the numbers in the post code of the card holder and only delivering to that address (as fraudsters often ask for the goods to be sent to another address other than that of the registered cardholder).
That might have been relevant if fotoLibra delivered boxed goods to physical locations. But we don’t. We permit the download of digital images to an email address. There’s no connection to any part of the credit card.
Maybe a credit card could be linked to a fixed email address which would form part of the verification process? No, that’s probably far too simple. Isn’t it?
We are most grateful to Mr Llwyd for his concern and his response. That’s exactly what MPs are for. Full marks.