Natwest's Get Cash app pulled, but NOTHING to do with frauds
Yes there were frauds, yes it is pulled, but NO NO NO
Customer Success Testimonial: Recovery is Everything
Natwest has pulled a feature on its banking app that lets users get cash without a bank card. The removal of "Get Cash" from the app comes two days after reports that a fraudster used the feature to "get cash" - from another person's account.
The BBC reported that a Natwest customer had been diddled out of £900 through a thief abusing the cardless cash helpline. The Observer had a tale from a guy who lost £1500 the same way. One victim hadn't even signed up for mobile banking, though both did bank online.
Natwest says that the removal of the mobile feature days after these stories is coincidence and down to planned maintenance.
Get cash: though preferably your own, not other people's
Get Cash was introduced to Natwest's mobile banking app in June and is intended to help people get cash from their account in emergencies. By phoning a number accessible through the mobile app, and answering some security questions, customers get a six figure PIN number delivered to the app.
Entering the PIN into an ATM belonging to Natwest, RBS or Tescos lets the customers take out amounts of cash between £10 and £100 without a card. In the BBC story, the thief did this at least nine times over three days to take out the £900 he filched.
Natwest has said that an updated version of the service would be out next week at the earliest, and confirmed that this would have new security features, though stressed this was all routine security work:
The updates we're making are with regards to how they have seen seen customers using the app. Some of those will be security enhancements.
We believe this could include a lower limit on the amount that can be withdrawn through Get Cash.
According to a Natwest spokesperson it was likely that the fraud victim interviewed on the BBC's Moneybox programme had given out his details to phishers which is how his account got hijacked.
Natwest would only say this on record:
The GetCash feature of the RBS and NatWest mobile app is temporarily unavailable to customers as a result of a planned update.
®
COMMENTS
Re: A 6-digit PIN gives 'emergency' cash to anyone who types it in
>"the mobile app generated a pin number"
"PIN number"
Aaaaaaaaaaaaaarrrrrrrrrrrrrrrrrrrrggggggggggggggggghhhhhhhhhhhh!!!!!!!!!!!
Re: A 6-digit PIN gives 'emergency' cash to anyone who types it in
Well, the mobile app generated a pin number once you told it how much you wanted to withdraw. You then went to one of the ATMs that supported the feature, pressed the "Enter" key, typed in the pin, typed in the pin again, and then you had to type in the amount that the pin was generated for. So, assuming said ATM didn't tell you that it was an invalid pin after the first input, you then would have to correctly guess from £10 to £100 on top for each combination, multiplying the odds of a correct guess considerably. Also, the pin generated becomes invalid after a couple of hours.
I have used it and thought it could be very handy for letting someone else get money out in an emergency. It would be interesting to find out the exact details of what happened, as it seems a telephone call was mentioned and I never had to make said call, it was just one of the options available and was something you could do even without the mobile app.
Get Cash app
Does what it says on the box.
Just does it for anyone it seems.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
