A couple of bits of security news…

By | October 4, 2021

I’ve got a couple of bits of security news to share with you today – you might have seen headlines or articles about these already, but for those of you who haven’t…

There’s a new number to call if you’re worried about fraud – 159

Phone-based bank fraud is big business in the UK – hundreds of millions of pounds big business – so the banks are working hard to put a stop to it.

Stop Scams UK (an organisation formed from major banks and telecoms companies in the UK) has launched a new easy-to-remember hotline that you can call to contact your bank if you get a suspicious call.

The number to call is 159, and that works from any landline and most mobile phones.  When you call the number, you get through to an automatic switchboard that reads out a list of options.  Choose your bank from the list, and it takes you straight through to their fraud prevention department.  That way you don’t have to root around in your paperwork to find a trustworthy phone number to call.

There are a few things I wanted to point out, though:

  1. Not all banks are signed up to this scheme yet.  Some of the biggest ones that aren’t a part of it yet are HSBC, TSB, Co-op Bank and Nationwide.  (Nationwide are launching their own hotline for you to call, which they’ll tell you about themselves if you’re a customer).
  2. At the moment, 159 calls are charged at your local call rate, whereas some of the direct helpline numbers are freephone.
  3. If you’re worried that you’ve been called by a fraudster, it’s a good idea to use a different phone to call 159 (if you can) or call a friend between hanging up and ringing 159.  That just makes sure the crook isn’t still on the line playing you their own version of the 159 option list.  [Sounds extreme, I know, but as I said – this is big business.]

Generally, though, I think this is a good move.  You can be much more confident that you’re getting through to the right people if you’ve just got one phone number to remember.  Stop Scams UK are encouraging people to call the number if someone contacts you claiming to be from your bank – even if they don’t seem suspicious.  Or if you get a call claiming to be from any authority asking you to move money from your bank account.

Security issues with Apple Pay and Visa cards

The other thing I wanted to tell you about this week is some security research that’s just been made public. If you have an iPhone and use Apple Pay, it’s well worth you knowing about this.

So Apple Pay is a way to save a credit or debit card to your phone, and then use your phone a bit like a contactless credit card in a shop.  It’s handy because it means you don’t have to carry a wallet around with you as well as your phone.  And, crucially, there’s no “limit” the way there is with a contactless card.  At the moment, you can only pay for things up to £45 using a contactless card (although that’s going up to £100 on the 15th October) – with Apple Pay you can spend as much as you like.

Why the difference?  Because with Apple Pay, you have to authorise every payment with a passcode, fingerprint or facial recognition scan.  That’s an extra level of security that isn’t there with a contactless card.  So far so good.

Having to authorise payments like that, though, makes them slow to use on the ticket turnstiles in London (apparently).  So the card companies and Apple got together and came up with a system called Express Travel that means you don’t have to unlock your phone or authorise a payment when you’re using the Tube.  Sadly, there’s a major security flaw in Visa’s version of this system.

What I wanted to stress, though, is that it’s only an issue if you’re using the Express Travel setting with a Visa card.  There’s nothing to suggest that any of the other bits of Apple Pay have issues.  So my advice would be to keep using Apple Pay (if you do already) but just make sure “Express Travel” is turned off in the settings.

Usually, this sort of security flaw is fixed very quickly, but in this case Apple and Visa have had a year’s warning to do something about this before the researchers went public.  I’m a bit disappointed with them, honestly.

Well – I hope you all have a good week, and stay safe.

Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *