18 August 2017
Paul Penrose

Finblog

Paul Penrose - Finextra

307Posts 1,329,811Views 246Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

Top Gear host left red-faced over bank ID theft stunt

07 January 2008  |  6531 views  |  9

The new year has barely started and we already have an odds-on favourite to win our 2008 idiot of the year award. Step forward Jeremy Clarkson, renowned UK celebrity petrol-head and all-round motormouth.

In his weekly column for red-top tabloid the Sun, Clarkson rashly publicised his bank account number and sort code in a dimwitted effort to prove that the UK government’s loss of unecrypted data discs was a lot of fuss about nothing. The worst that could happen, he figured, was that some fool would pay money into his account.

Within days a red-faced Clarkson was forced to recant after an unidentified member of the public accessed his account and set up a £500 direct debit in favour of UK charity Diabetes UK.

“I was wrong and I have been punished for my mistake,” the contrite Top Gear presenter wrote in a column for the Sunday Times. "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes.”

TagsRetail banking

Comments: (10)

Peter Roberts
Peter Roberts - UCL - London | 07 January, 2008, 16:08 It would be interesting to know exactly how his account was accessed and what the bank in question have to say on the matter.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Paul Penrose
Paul Penrose - Finextra - London | 07 January, 2008, 16:13

The bank in question was Barclays. Clarkson claims: "The bank cannot find out who did this because of the Data Protection Act."

Which seems a strange thing to say - what's the connection between the DPA and ID fraud in this instance? 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 07 January, 2008, 21:43

I would rather question the security at Barcleys.  Is Barcleys another username/ password bank?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Elizabeth Lumley
Elizabeth Lumley - Girl, Disrupted - Crayford | 08 January, 2008, 10:27 I wonder why they chose that charity (as worthy as it may be). To really get up Clarkson's goat they should have sent money to a carbon footprint organization.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 08 January, 2008, 11:09

I wonder if the person who set up a direct debit on Jeremy Clarkson's account actually accessed the account (I suspect not!!!), or simply submitted the account details to the charity, who then requested the direct debit be set up by Barclays (all of which would happen automatically - and rightly so). It being a direct debit, JC was never at risk. If they had really accessed the account, they would have set up a Standing Order, and then it would have been "Sorry Jeremy, but goodbye cash!".

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 08 January, 2008, 11:15 This could spark a new idiom - the 'Clarkson Syndrome' - in the world of Information Leak Prevention, as in the oft prevailing view of "I know my company's metadata is being leaked from emailed documents etc, but hey, no-one is going to use it....are they?"
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 08 January, 2008, 12:13

David's right (see post above). In this instance it's almost certain that the Direct Debit was set up by the charity in good faith having performed what they and their bank would have decided was a reasonable level of authentication of the individual. If this is the case, the bank of the charity and the victim's bank are not at fault either.

This incident does highlight how important it is to keep one's information secure, but this particular example is different from the way most direct debit fraud is perpetrated.

Exploiting someone's bank details for personal gain is significantly different from making a contribution to a charity using someone else's bank account. Obtaining goods or services using fraudulent details requires delivery to another address or in another name - this combination actually makes the fraudster's task more complicated, especially if the company providing the service is implementing industry best-practice and checking the identity of the individual and their address and, ideally, the link between the individual, their bank account and the address supplied. It's only by tying together all three pieces of information that this sort of fraud can really be reduced.

At the end of the day, because of the UK Direct Debit Guarantee Mr Clarkson is unlikely to end up out of pocket. This guarantee ensures that invalid/incorrect transactions will be repaid by the victim's bank and the company (or in this case, charity) is then left to sort out the paperwork and pick up the cost of the good or services supplied and the bank charges. Here no service has been provided and the costs of this demonstration are mostly administration and bank charges.

The final point that this event brings home is the necessity of checking one's bank account statements for incorrect transactions when they arrive. Within twenty months the EU Payment Services Directive comes into law across the EU - this may reduce, in every EU country, the time during which refunds can be requested to a minimum of eight weeks.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Rekha Menon
Rekha Menon - Independent - Maidenhead | 16 January, 2008, 06:03

 I would imagine that it is not very difficult to access Jeremy Clarkson's account through telephone banking if one knows his date of birth.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Henry Colchester
Henry Colchester - RealSpace Trading Solutions - London | 16 January, 2008, 17:25

Well, after a not too exhausting search on Google I now know that Clarkson's date of birth is 11 April 1960.

With that in mind - Rekha, I don't suppose you'd care to elaborate on how someone might access Clarkson's bank account would you? Not for any sinister reason, you understand - merely out of curiosity. Nothing at all to do with the fact that I wouldn't mind a Ford GT of my own...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 06 January, 2009, 07:04

My bank account number and sort code are on every cheque I send out usually accompanied by a letter with my address on.  This system seems seriously flawed. Oh - and I bank with Barclays.  Time to start checking my statements I guess....

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Paul

ANZ and Visa lose the plot

30 June 2011  |  6570 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineRetail banking

Don't give up the day job...ever

20 May 2010  |  5815 views  |  0 comments | recomends Recommends 0 TagsTrade executionWholesale bankingGroupWhatever...

Now we are ten

19 April 2010  |  6198 views  |  3 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

Finextra's Best of the Web

05 March 2010  |  5713 views  |  1 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

The ATM was the last great financial innovation

25 February 2010  |  9764 views  |  8 comments | recomends Recommends 0 TagsRetail bankingWholesale bankingGroupFinance 2.0

Paul's profile

job title Head of Research
location London
member since 2007
Summary profile See full profile »
I'm responsible for editorial content and quality control across the full range of Finextra media.

Paul's expertise

Member since 2006
307 posts246 comments

Who's commenting on Paul's posts