Feeds

Natwest's Get Cash app pulled, but NOTHING to do with frauds

Yes there were frauds, yes it is pulled, but NO NO NO

Protecting users from Firesheep and other Sidejacking attacks with SSL

Natwest has pulled a feature on its banking app that lets users get cash without a bank card. The removal of "Get Cash" from the app comes two days after reports that a fraudster used the feature to "get cash" - from another person's account.

The BBC reported that a Natwest customer had been diddled out of £900 through a thief abusing the cardless cash helpline. The Observer had a tale from a guy who lost £1500 the same way. One victim hadn't even signed up for mobile banking, though both did bank online.

Natwest says that the removal of the mobile feature days after these stories is coincidence and down to planned maintenance.

Natwest get cash feature in mobile banking app, credit screengrab iTunes

Get cash: though preferably your own, not other people's

Get Cash was introduced to Natwest's mobile banking app in June and is intended to help people get cash from their account in emergencies. By phoning a number accessible through the mobile app, and answering some security questions, customers get a six figure PIN number delivered to the app.

Entering the PIN into an ATM belonging to Natwest, RBS or Tescos lets the customers take out amounts of cash between £10 and £100 without a card. In the BBC story, the thief did this at least nine times over three days to take out the £900 he filched.

Natwest has said that an updated version of the service would be out next week at the earliest, and confirmed that this would have new security features, though stressed this was all routine security work:

The updates we're making are with regards to how they have seen seen customers using the app. Some of those will be security enhancements.

We believe this could include a lower limit on the amount that can be withdrawn through Get Cash.

According to a Natwest spokesperson it was likely that the fraud victim interviewed on the BBC's Moneybox programme had given out his details to phishers which is how his account got hijacked.

Natwest would only say this on record:

The GetCash feature of the RBS and NatWest mobile app is temporarily unavailable to customers as a result of a planned update.

®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.