A Finextra member 07 January, 2008, 16:08 1 like It would be interesting to know exactly how his account was accessed and what the bank in question have to say on the matter.

Paul Penrose - Finextra - London 07 January, 2008, 16:13 1 like

The bank in question was Barclays. Clarkson claims: "The bank cannot find out who did this because of the Data Protection Act."

Which seems a strange thing to say - what's the connection between the DPA and ID fraud in this instance? 

A Finextra member 07 January, 2008, 21:43 1 like

I would rather question the security at Barcleys.  Is Barcleys another username/ password bank?

Elizabeth Lumley - Girl, Disrupted - Crayford 08 January, 2008, 10:27 1 like I wonder why they chose that charity (as worthy as it may be). To really get up Clarkson's goat they should have sent money to a carbon footprint organization.

A Finextra member 08 January, 2008, 11:09 1 like

I wonder if the person who set up a direct debit on Jeremy Clarkson's account actually accessed the account (I suspect not!!!), or simply submitted the account details to the charity, who then requested the direct debit be set up by Barclays (all of which would happen automatically - and rightly so). It being a direct debit, JC was never at risk. If they had really accessed the account, they would have set up a Standing Order, and then it would have been "Sorry Jeremy, but goodbye cash!".

A Finextra member 08 January, 2008, 11:15 1 like This could spark a new idiom - the 'Clarkson Syndrome' - in the world of Information Leak Prevention, as in the oft prevailing view of "I know my company's metadata is being leaked from emailed documents etc, but hey, no-one is going to use it....are they?"

A Finextra member 08 January, 2008, 12:13 1 like

David's right (see post above). In this instance it's almost certain that the Direct Debit was set up by the charity in good faith having performed what they and their bank would have decided was a reasonable level of authentication of the individual. If this is the case, the bank of the charity and the victim's bank are not at fault either.

This incident does highlight how important it is to keep one's information secure, but this particular example is different from the way most direct debit fraud is perpetrated.

Exploiting someone's bank details for personal gain is significantly different from making a contribution to a charity using someone else's bank account. Obtaining goods or services using fraudulent details requires delivery to another address or in another name - this combination actually makes the fraudster's task more complicated, especially if the company providing the service is implementing industry best-practice and checking the identity of the individual and their address and, ideally, the link between the individual, their bank account and the address supplied. It's only by tying together all three pieces of information that this sort of fraud can really be reduced.

At the end of the day, because of the UK Direct Debit Guarantee Mr Clarkson is unlikely to end up out of pocket. This guarantee ensures that invalid/incorrect transactions will be repaid by the victim's bank and the company (or in this case, charity) is then left to sort out the paperwork and pick up the cost of the good or services supplied and the bank charges. Here no service has been provided and the costs of this demonstration are mostly administration and bank charges.

The final point that this event brings home is the necessity of checking one's bank account statements for incorrect transactions when they arrive. Within twenty months the EU Payment Services Directive comes into law across the EU - this may reduce, in every EU country, the time during which refunds can be requested to a minimum of eight weeks.

 

A Finextra member 16 January, 2008, 06:03 1 like

 I would imagine that it is not very difficult to access Jeremy Clarkson's account through telephone banking if one knows his date of birth.

A Finextra member 16 January, 2008, 17:25 1 like

Well, after a not too exhausting search on Google I now know that Clarkson's date of birth is 11 April 1960.

With that in mind - Rekha, I don't suppose you'd care to elaborate on how someone might access Clarkson's bank account would you? Not for any sinister reason, you understand - merely out of curiosity. Nothing at all to do with the fact that I wouldn't mind a Ford GT of my own...

A Finextra member 06 January, 2009, 07:04 1 like

My bank account number and sort code are on every cheque I send out usually accompanied by a letter with my address on.  This system seems seriously flawed. Oh - and I bank with Barclays.  Time to start checking my statements I guess....