back to article Clarkson's 'steal my ID' stunt backfires

Gobby TV presenter Jeremy Clarkson has been forced to reverse his position after he lost money after publishing his bank account details in a newspaper column. The Top Gear presenter rather rashly published his account details in a column in The Sun to back up his claims that the child benefit data loss furore, which resulted …

COMMENTS

This topic is closed for new posts.
  1. censored
    Happy

    Public Info

    Thoroughly deserves, but still, it's still nothing that's secret... and, of course, if he didn't sign the DD form he'll get the money back.

    Mind you, why did his bank not send him the standard "A new DD has been set up, if this is wrong tell us now" letter that you're supposed to get?

  2. Scott
    Alert

    Oh dear!

    It's refreshing to see that Mr Opinion himself has been stung by his latest stunt - but I respect him more for coming up with an admission he was actually wrong, and has now reversed his intital opnion.

    So why can't MP's and PM's do that too??

    Clarkson for Prime Minister!

  3. Ash
    Joke

    He flew a plane once, and has one in his garden...

    I'd trust this man to design the network infrastructure for DreamLiner!

    I'm guessing he may well have done...

  4. Anonymous Coward
    Anonymous Coward

    Bank at fault

    Its been many years since I worked for a bank, but back then the bank was responsible for verifying the signiature on a direct debit mandate was correct. A second check, that the DD looked believable, would probably not have flagged up this one, but under what rational system can the bank accept a DD without corroborated authorisation from the account holder?

    And as for the DP act being blamed...rubbish. If its between the bank and its customer, its confidential between those two. If its anyone sles, its fraud, and since when did the DP act protect criminals?

    I suggest Clarkson should start poking his bank with a big stick until they explain how it hapenned.

  5. Jonathan Schofield
    Thumb Up

    Clarkson for PM

    He may be a little hasty, but he would still get my vote.

  6. Anonymous Coward
    Anonymous Coward

    Did anyone get those details?

    I have some respect for the man. He was wrong, admits it and, having learned from his mistake, is quite happy to change his opinion.

    Strange mistake to make though. He seems a fairly clever chap, is it not obvious that anyone can use anyone else's bank details to buy stuff? I suppose it's less obvious than using a credit card. I wonder how long it will take for the first credit card application in his name to become active? Or do credit card companies insist on sending cards to the account address?

    Also, I wonder if he broke the conditions of his bank account by publishing his details?

  7. Jason Harvey
    Coat

    HA HA!

    /Nelson

  8. Vaughan
    Linux

    He's done us all a favour

    Maybe the "nothing to hide, nothing to fear" brigade might wake up to a few realities now.

  9. Graham Deans

    Banks...

    This is exactly why I dont trust banks. Knowing an account number, sort code and address should NOT be enough information to do anything other than pay money into an account. Clarkson may have been wrong, but he SHOULD have been right.

  10. Neil Charles
    Happy

    Wrong Charity!

    I like Clarkson, but whoever did this missed a golden opportunity to make him donate to Greenpeace. Or Friends of the Earth.

  11. Dazzer

    Ha ha.

    Well it's his own fault for being so foolish but at least he's seen the error of his ways. To be honest, I've always thought the whole "identity theft" thing was scaremongering by the government and media. The child benefit CD balls up really made me concerned though (mainly because I know my details are on it :( )

  12. BatCat
    Stop

    Fuss about nothing Mk II

    All very amusing, but it is just a prank as direct debit payments are protected in 2 important ways:

    1) Direct debits can only be set up for payments to beneficiaries that are approved ‘originators’ of direct debits. In order to be approved, these beneficiaries are subjected to careful vetting procedures – and, once approved, they are required to give indemnity guarantees through their banks.

    2) The direct debit guarantee provides for the customer’s bank to refund disputed payments without question, pending further investigation.

    So, it's a bit tricky to exploit the direct debit system to actually steal people's money.

    Would have been much funnier if they had set up a DD to Friends Of The Earth.

    Turns out Clarkson is wrong twice about the same thing - ought to stick to writing about cars and not stuff he doesn't know anything about.

  13. Ferry Boat

    Fantastic

    Couldn't have happened to a nicer bloke. Other than that it's just brilliant.

  14. Jeff Paffett

    UK Direct debits

    Very unwise of Mr Clarkson. In the UK, direct debits can be set up with minimal information over the phone or online and the bank then think it's your job to sort out any problems.

    Still, couldn't happen to a nicer chap....

  15. Paul R

    Respect

    Yet again, I have to respect Clarkson. Unlike _any_ politician, he was prepared to stand up, admit his mistake, and adjust his viewpoint accordingly. Show me a politician who can do that!

  16. Anonymous Coward
    Anonymous Coward

    hahahahaha

    HAAAHAHAAHAHAHAHAHAHAHHAHAHAHahahahahah ahahahahhahahahahaAHAHAHHAHAHAHAhahh ahahahhahahahahahahahhaa a haahhahahahahahahahahahhahaaaaaa

    I seem to remember people saying on the comments that the loss was nothing but twaddle, HAHAHAHAHHAHahahahah ahahhahahahahaahhahaaa hahahahahhahahaha but I think he learnt his lesson, this should stand as a shinning example to us all as to just how dangrous data losses can be.

  17. John Miles
    Paris Hilton

    How does the saying go

    A fool and his money

  18. mark carlisle

    there really is a god...

    thank you!

  19. Adrian Waterworth

    On the one hand...

    ...Jezza pulled a stunt and it backfired. Tough luck matey-boy. And I would hope that, even though he might be quietly seething about it, he'll take it on the chin like a good 'un and at least recognise some of the humour in his own misfortune.

    However, on the other hand (and in a perfect world), he should have been right. Even if I know your address and bank account details, I _shouldn't_ be able to draw money out of your account. On a normal direct debit form (i.e. a bit of paper), you would normally need a signature and that should be checked before any debit is allowed to be drawn. Having looked at the Diabetes UK website, it does appear to have an online DD donation page, so it raises the question of what checks should (or can) be carried out to prevent someone signing someone else up for direct debit payments.

    After all, if I've ever received a cheque from you, I'll probably know your sort code and account number (for most UK banks anyway). Alternatively, if you have paid me electronically by BACS (for example), I can probably get the info somehow (might have to dig a bit and step over legal lines to get it, but hey, if I'm planning on emptying someone else's bank account for fun and profit, I'm not going to be too worried about that am I?) As for your address, there's a gazillion legal ways to find that out. And all of that is before we get to dumpster diving, mail interception and any of half a dozen illegal ways to find things out.

    So, while the whole thing is worth a chuckle or two at Jezza's expense, it does seem to highlight an interesting issue in the handling of certain types of bank transaction in the online world (even if not in real life).

  20. Anonymous Coward
    Anonymous Coward

    Data Protection Act?

    > The bank cannot find out who did this because of the Data Protection Act

    Would anyone like to hypothesize what he might mean by that?

    It looks as if an offence has been committed. If the bank has (e.g.) a log of the IP address from which an online-banking request came, they can surely pass it on to the police.

  21. Dave
    Paris Hilton

    BWWAHAAHAAAAAA

    WHEEEEEE Well done Jeremey!

    If I was stupid enough to read the Sun I would have emptied his account and given the money to some really annoying charity, like the PDSA, still, good show Anon. Fraudster.

    At least J.C. can admit he's a complete tit, he's not a bad man, just dumb.

    Cocktail sticks are pointless (is that a pun?), these people are blind through idiocy anyway.

    Paris icon because even she isn't that dumb.

  22. Andrew Warwick

    It's the bank at fault here, not Clarkson

    Except that Diabetes UK and the bank are at fault here and not Clarkson, as it should be impossible to set up a direct debit without (a) his signature, which matches a copy on file and (b) a letter of confirmation from the originator before the first withdrawal is made.

    My bank account details are on every invoice I send out, to allow payment into my account, and--as Clarkson says--it shouldn't matter.

    If I were Clarkson here I'd be taking Diabetes UK and the bank to task, if not court, for allowing this to happen.

  23. Harry Stottle
    Happy

    Every now and then

    I think

    "ah! there is a god after all..."

  24. Chris Thomas
    Thumb Up

    Brash, but in self-rightousness and in honesty equally

    Whatever you wanna say about jeremy, he has the balls to put his hands up and admit when he's wrong, he can say stupid things sometimes, mostly off the cuff and no doubt wrote what he did ad-libbing as he went, without checking it out before publishing, but thats just the man in action.

    what characterises him the most, is how when things go wrong, he doesnt try to cover it up, or play stupid word games, he simply puts his hands up and admits it.

    how many people would like that kind of brashness from our own politicians who caused the mess? But instead all we seem to have is face saving double speak, which gets them out of trouble, but not out of the shit they are in and that we are all in now. I don't even know if my details are included, but I would like to know, anyone know how I could find out.

    I was having a conversation with a polictical science student I live with a couple of weeks ago about politicians and lying, I will share a little with you. Even though it is slightly off topic, we spoke about why politicians lie and why not just do a clarkson, as I shall forever call it.

    The reasoning from him was that politicians are practically forced to spin favourably everything they do/say because if they do not, the opposition will, but negatively. They don't necessarily spin because they like it, but if labour did a clarkson, the conservatives would pull their legs off. So don't expect this level of honesty from anyone who wants to keep their career. Anyone stupid enough to do this, would find themselves dumped by their bosses (the pm in this case) because they damaged the party. It is not enough to be honest, you have to support the party, if being honest damages that, you are not permitted to be honest and keep your position, so even though 99% of you would pat the guy on the back, he'd be out of the door in no time and therefore not be in a position to tell the truth about anything interesting in the near future. It is a crap situation to be in, but it is our own fault, because we practically reward political spin, just look at how people vote to figure that one out.

    So, clarkson maybe gobby, but he's honest in a way that no politician could be. So don't go expecting any of them to put their hands up and admit to all these data protection breaches anytime soon.

    chris

  25. Pete Burgess
    Thumb Up

    Respect is due

    The man put his money where his mouth is, quite literally in this case. How many MPs would do the same?

    He stands by and backs up what he believes in. Nice one. Even if it was rather a tosser thing to do.

    Oh, and "can't trace the source due to data protection act".. what utter bollocks.

  26. Anonymous Coward
    Anonymous Coward

    Data Protection?

    "The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again,"

    Tell the bank they can fuck right off. How can the DPA possibly be used to conceal information about bank account use FROM THE AUTHORISED ACCOUNT HOLDER?

    My first reaction here would be to freeze ALL transactions on the account (presumably this was an account with minimal funds in... just in case he was wrong) and demand an immediate explanation from the bank as to why the hell they allowed this to happen. If they're unwilling or unable to do that, a series of articles published in the papers about why he's leaving them should embarrass them enough that they'll do something about it.

    I like Clarkson, the fact he's willing to admit mistakes straight away like this merely reinforces that. It certainly raises him above any politician.

  27. Steven Knox
    Coat

    @Respect

    "he was prepared to stand up, admit his mistake, and adjust his viewpoint accordingly"

    Yeah, but he went from raving about the insignificance of the problem to raving about the significance of the problem.

    Can we for once get a public figure who isn't raving?

  28. SuperNintendoChalmers
    Alert

    Clarkson in doing something useful shocker!

    Could this be the first time he has done something useful? There will be people out there who believed him the first time round, people who were unaware of what could be done with what they thought of as innocuous data. These people will be feeling slightly differently now.

    I also think he has hit upon a proper punishment for the management level culprits.

  29. Neil
    Thumb Up

    Respect? I don't think so..

    You have to respect him for being ridiculously stupid and then being forced to admit he was? lol what choice did he have? 'Yeah I lost £500 but I still stand by my statement that this story is being blown out of all proportion'

    The guy is a moron and got what he deserved.

  30. Richard
    Pirate

    Pranny

    Just to balance the argument.

    I hate Clarkson. Even though he makes me laugh, he's a reactionary, arrogant, shouty tit.

    Also, beacause he's a rich car-owning, male WASP with a small mansion in the home counties he *genuinely* believes that he gets it tough.

    He doesn't realise that he's top of the pile...

  31. Anonymous Coward
    Anonymous Coward

    Be careful about feeling smug...

    For all those feeling smug about how he shouldnt have done what he did...

    The only details he gave were those available from the telephone directory and one of his cheques.

    Still feeling so safe?

  32. Anonymous Coward
    Anonymous Coward

    @AC

    "Also, I wonder if he broke the conditions of his bank account by publishing his details?"

    That would seem unlikely, given that they're on every cheque you hand out.

  33. George

    Nice of him to admit to it...

    And nice of the person to do it to a charity and not themselves.

  34. Anonymous Coward
    Anonymous Coward

    Delicious!

    I couldn't contain my glee when I read that. I read it to the entire office and we all had a good giggle about it. Clarkson shoots self in foot... an absolute classic. Serves the gobby motormouth right.

    Of course, this is proof that confirms my lack of trust in Direct Debits. I don't have any; I don't trust them as far as I can throw them (and since they can't be thrown, they can't be trusted). And sadly organisations are more and more starting to charge you extra for not using a DD. How I feel about that is another thing altogether.

    This is all the more reason to take the government (or indeed any information gatherer) to task over data loss.

  35. This post has been deleted by its author

  36. Anonymous Coward
    Paris Hilton

    What I like most about this...

    ... is that it highlights why morons (politicians) and power hungry gits (politicians) shouldn't talk about matters of security from a position of ignorance - and then put legislation and laws in place based upon their ignorance.

    As has been pointed out, atleast Clarky had the good sence to see the error of his ways and has subsequently changed his position - alas, none of the scummy politians in government would ever admit to be wrong about anything, ever!

  37. David

    @AC

    "That would seem unlikely, given that they're on every cheque you hand out."

    And companies typically give out their bank details to their customers - have the look at the back of a utility bill for example, and then wonder why BT etc aren't scared of having their accounts cleared out by fraudsters.

  38. Anonymous Coward
    Anonymous Coward

    Note to self: Avoid cheques + be ex-directory...

    That should at least minimise some of the risks... And add being off the public electoral register to that too.

  39. JimC

    > about feeling smug

    Exactly so... Every company you've ever bought something from mail order has all those details, and so do their rogue employees...

  40. Mark W
    Thumb Up

    "Can we for once get a public figure who isn't raving?"

    Oh so true +++

  41. Brian Miller
    Boffin

    @ Data Protection

    I think that the culprit may have been less direct thatn everyone is thinking. I reckon that it was one of these high street charity workers that have been deployed around the world recently.

    The bank knows that the Charity is the recipient of the illegal funds, and has said so, thats the bank done its job. The charity that employs the worker has itself been defrauded, and is a victim also, despite it being the benificiary of the crime. Hence the charity would not be obliged to hand over the details of the worker that accepted the application form, as this would breach the DPA rights of the original victim (worker).

    The details on the application itself may or may not be in the handwriting of the original culprit, and would only contain clarksons details anyway.

    SNAFU

  42. Anonymous Coward
    Thumb Up

    Signature? No problem

    It took me 5 minutes of googling to find Clarkson's signature on an autographed photo. It may not match what his bank has on file, but I bet it's close enough.

  43. Tim Seely
    Happy

    Fair enough, but...

    Did anyone else notice that the 'Data insecurity/ID theft is nonsence' piece was in the Sun, but the retraction was in the Sunday Tims? Am I being a conspiracy theorist?

    Also, good choice of chraity, if I ever get on the show I will have to get a t-shirt saying "Thanks for the donation!".

  44. Matt

    What's going on....

    What's wrong with the UK banking system? Here on the mainland you have to publish your bank details on every invoice.

    Never had any trouble.

    Suggest you try a new government.........

  45. cor
    Happy

    What about his BBC matey Jonathon WRoss?

    He reckons he's worth several journos salaries, I'm sure he can miss a few quid.

  46. Rob

    As others have said

    He should have been right and the bank screwed up.

    With that said, the "fraudsters" weren't much cop either. He's got his date of birth on his website and his mother's maiden name's on wikepedia. Frankly, just setting up a DD shows a marked lack of ambition....

  47. Gordon
    Coat

    Signature

    Whilst Andrew Warwick is quite right, how hard is it to get ahold of the signature of a famous person? How different will it be from his Autograph? If it's suitably similar you'd just need the preface of his latest book, or a public letter or anything carrying his autograph. Then you need a scanner and an inkjet printer..... When he set up the account it probably wasn't possible to do this, since the scanner/printer would be hard to come by - so would he see the danger in not making them different. As for the letter from the originator - you might need this. But how hard is it to forge and send from a different address?

    The first rule of security is that you don't give access to anything that you don't NEED to give access to. Simply because you can't see how something can be used fraudulently, doesn't mean to say nobody else is clever enough to work it out. Paranoia is the best option, but complacency and bravado.

  48. Simon Millard
    Joke

    Pillock!

    A sort code and account number is not enough. Add the name and address and Robert's your mothers brother!

  49. Anonymous Coward
    Anonymous Coward

    Data Protection Act?

    Someone fraudulently phoned T-Mobile and ordered expensive new phones on my account (shockingly easy to do with just name + phone number). T-Mobile say the DP Act prevents them from telling me what address the thief (supposed to be me) had had the phones delivered to.

  50. Mike Crawshaw
    Go

    Re: "Be careful about feeling smug..."

    "For all those feeling smug about how he shouldnt have done what he did...

    The only details he gave were those available from the telephone directory and one of his cheques.

    Still feeling so safe?"

    Don't forget your cheque also has a sample of your signature....!!

  51. andy rock
    Go

    heh heh

    i love it when fools make comments like that and it immediately blows right up in their face.

    tit.

  52. Anonymous Coward
    Anonymous Coward

    Re: Signature? No problem

    Well, it's easily photoshopped and enhanced to look authentic. Anyone with a bit of time could.

    It is rather disconcerting. One reason why anything financial here gets shredded once it has exceeded its use (like statements once their statutory keep dates expire).

  53. Dom

    It was done online.

    You can see for yourself at diabetes.org.uk. Clarkson is still *largely* correct - there's no way to *permanently* deprive him of his money, as you can only set up DDs to carefully vetted organisations who promise to return the money immediately in case of a dispute.

    It's still gob-smacking, though, that it is possible to do this to someone else's account.

    Sadly most of the reporting that I can see is terribly inaccurate and will only continue to make people think that there's something terribly dangerous about revealing your account number.

  54. Anonymous Coward
    Thumb Up

    Anonymous Goatherd

    large user Direct Debits are set up without requirement for a signature - under a system called Auddis the beneficiaries just send details of new DD's they have received to the banks electronically.

    If anything goes wrong the beneficiary companies refund the banks and the banks meet the obligations of the Direct Debit indmenity guarantee - they refund the customer.

    Still annoyingly easy to fall victim too though - the inconvenience factor.

    I expect Clarkson's bank were fending off requests for the culprits to be caught by quoting DPA - meaning that they can't look into Diabetes UK's records - IP data etc. Police could I suppose - if they didn't have a million better things to be doing.

  55. Ian Yates
    Black Helicopters

    @Bank at fault (and others)

    While I agree a signature /should/ be required (or at least you should be told about the new DD), that's just not the case.

    I recently moved house and set up a direct debit for my gas, electricity, phone, etc without a single signature and I've had nothing through the post saying that they've been set-up.

    Luckily, I have internet banking and often check my account activity.

    You have 10 days to cancel a DD payment once it has been requested (again, without you being told it was) - so if you wait for your monthly statement, it will already be too late to cancel.

    With regards to Jezza - hats off to him. He played the consumer card and found that people just don't understand how important all this information is. Now he's been stung, hopefully others will start to take more interest in their own information (unlikely).

    I'm a little shocked that there was something worth reading in The Sun.

  56. Anonymous Coward
    Anonymous Coward

    Data protection

    > the charity would not be obliged to hand over the details of the worker that

    > accepted the application form, as this would breach the DPA rights of the

    > original victim (worker).

    They may argue that they can't hand over that information to Clarkson. Not sure about that.

    But they could most certainly hand it over to the police, and the police could require them to do so.

  57. Anonymous Coward
    Flame

    Just wait

    Until he finds out how many caravans he is having delivered.....

    seriously he could have got away with it if only someone who could read hadn't bought a copy of the Sun that day,

    I wonder how many rounds he would have paid for if he had published the information on the register.

  58. Chris
    Paris Hilton

    Not All Accounts Are Created Equal

    Businesses can publish this information because they pay for their accounts and so get a more rigorous service from the bank.

    You'd think that with all that money and flash car Clarkson would have upgraded from a basic "Hoy Poloy" current account??

  59. Richard Scratcher
    Unhappy

    Safety in numbers

    It seems to me that many systems operated by banks (direct debits, ATMs, cheques, credit cards, etc.) rely solely on the fact that most people aren't criminally minded. So many of their systems seem to be wide open to attack and abuse but they just accept such incidents as a business cost.

    If somebody did some work at my house and I wrote a cheque for payment, that person would have all my bank details and a copy of my signature. Would this be enough to start a malicious attack, signing me up for all sorts of direct debits?

  60. Anonymous Coward
    Anonymous Coward

    Not only Clarkson

    Ok, so any anonymous person can set up a DD for an online donation if they have someones bank details, name and address. None of which are hard to come by.

    Not everyone has £500 (or any amount for that matter) going spare in their bank account, so you end up going massively overdrawn with excessive bank charges, caused by this malicious person. Ok, you'll get these refunded at some point. That doesn't help at the time when this causes your mortgage, credit cards and utility bills to fail payment. All of those add charges if your payment is late, plus the extorionate charges for letters from the bank kindly informing you about each failed direct debit.

    It is unforgivable that these transactions can happen, possibly causing massive financial crisis for an innocent victim.

  61. Anonymous Coward
    Alert

    Oh dear

    Same old story: ID Cards, suspension of habeas corpus, greater police powers, etc all fine and dandy until the day that it affects *you*.

    Then all hell breaks loose.

    Why not think about what will happen based on historical precedent and then comment, Jeremy?

    You cannot trust them. And if you have to ask who they are, you shouldn't comment about the system they set up to keep you in the dark.

  62. Anonymous Coward
    Pirate

    Spear phishing

    I wonder how susceptible Mr Clarkson would now be to a spear phishing attack? Given that those account details have been compromised, it would be straightforward for a real attacker to send in a carefully created email purporting to be from the bank. Perhaps along the lines of "your account was recently the subject of fraudulent activity, please reset your details by following this link".

    Personally, I think Clarkson did the right thing by standing up and shouting that it's all media hype. To a certain extent it is, but everyone who has been affected by this data leak (and others) should be keeping a close eye on any communications between themselves and their bank for a long time.

  63. Anonymous Coward
    Anonymous Coward

    I don't get it

    I lived in The Netherlands for donkey's years.

    Over there, if you want to pay someone, they give you their bank details and you pay them quickly and easily without farting about with Victorian cheques.

    I do not understand how someone else can set up a direct debit on your account.

    Where's the icon for baffled & confused?

  64. Nathanael Bastone

    Could not have happened to a more deserving person

    And well done honest sun reader, for donating to a good cause on Mr. Clarkson's behalf.

  65. Ken Hagan Gold badge

    Jeremy was not wrong

    The personal information *is* publically available and it is impossible to use a UK bank account without publicising the account number and its sort code. It was not irresponsible of him to pull this stunt. It *ought* to have been a high-profile demonstration of the security of UK banking practices, for which the banks should be grateful.

    Sadly, a crime was committed and Barclays are hiding their negligence behind the DPA. With luck, Jeremy has a sufficiently high profile and his stunt was well enough publicised that it is Barclays who will end up with pointy sticks in their eyes. I suspect if this happened to you or me then we'd have more trouble sorting it out.

  66. Anonymous Coward
    Anonymous Coward

    DPA, police etc.

    As it says, the bank can't give that information to Clarkson -- the only people they can give it to is the police. In order to do that, Clarkson needs to report it as a crime.

    I surmise that Clarkson doesn't want to report it, seeing it instead as relatively harmless mischief, and/or his own fault.

    He challenged, someone responded. Wouldn't look good if someone ended up in jail; would it?

  67. Charlene
    Thumb Down

    A fool and his money

    This is the kind of fool that thinks everything is a "scare" or "hype" until it happens to him. The same kind of consecrated idiot always discounts everyone else's problems and implies that anyone who complains is either a whiner, a fraud, or a malingerer.

    When it happens to him, though, it's a major disaster! Call out the police! Call out the Army! Mobilise the planet! The Great I Am has been harmed!

    Maybe the next time he could actually believe the people who have experienced previously, and not go screaming about how something is BS because he doesn't want it to be so?

  68. Jon Lawrence

    DPA - bollox.

    Funny it might be but this is a criminal act. Should the bank wish to investigate further by involving the police then the DPA is irrelevant.

    Clarkson is right, it should not be possible to remove money from his account without his permission. But from personal experience I could have told him that's simply not true. The bank may well refund a DD (eventually) but they'll still send the money to anyone with a DD setup whether they are supposed to collect that money or not and regardless of whether you have already told the bank that this is the case.

    At least Clarkson checked his bank statements, I can think of numerous people I know that likely wouldn't have even noticed this had happened until the hole in the wall refused to give them money they thought they had.

  69. Geoff Thompson
    Paris Hilton

    Not so daft

    It isn't Clarkson who has it wrong. Every time you give someone a cheque, they have your bank account details. If they are local, or request your address, e.g. Curry's, then they have that as well. The bank are very much at fault for letting this happen. The data the prankster had access to is so minimal that the bank is dreadfully negligent in allowing the DD to be set up.

  70. Luther Blissett

    Another reason to reform the banking system

    Anyone disagree?

  71. JeffyPooh Silver badge

    Isn't all that info pre-printed on every cheque?

    "...bank account number and sort code, along with ---- his address..."

    Isn't it?

    Those would be the same cheques that you would hand-out to clerks in shops.

  72. Phil

    I don't think he was stupid

    As others have said, he should have been right.

    What he has done is to publicly show up a major flaw with the banking system.

    Well done JC

  73. Ken Hagan Gold badge

    A matter of opinion

    "He challenged, someone responded. Wouldn't look good if someone ended up in jail; would it?"

    Personally I think it would look great. It would both prove his point and act as a deterrent to all those a-holes who think emptying people's bank accounts is a laugh "because they can".

  74. heystoopid
    Paris Hilton

    At least

    At least Jeremy has shown the basic flaws in the Banking system since everything was centralised and the banks cut and zeroed nearly all security corners and nixed the paper handling trail in order for them to generate the regular increases in profits demanded by both the Ponzi LSE and the ever demanding Pension investment funds wanting higher returns for them to face 2012 when out goings will exceed incomings !

    Yeah the bank is truly at fault and now he can sue them as well for their complete and utter stupidity of lack of security too !

    What would Paris say about that !

    "Idiocracy" here we come !

  75. Morely Dotes
    Alert

    Clarkson made the oldest mistake in the book

    That is, he trusted his bank.

    I can't speak to the law in the UK, but in the USA, *anyone* can set up a DD to a bank account without a single piece of paper changing hands. My wife is a retired banker, and tells me she had to correct such "errors" several times weekly. Teh professional fraudsters set up recurring DDs for only a few dollars, and most people never notice. If you set up, say, a thousand DDs at $5/month, you're making a very respectable income with little to no risk; the banks won't call in the legal authorities for such small amounts, because it would make the news.

  76. This post has been deleted by its author

  77. Tomothy Toemouse
    Alert

    Probably true about the data protection act

    it seems to stop anybody telling anybody anything useful even if it does seem like a cop out. I don't even think checking your own credit report would help - can be done for free online at Experianand possibly also Equifax at the moment - because the money came out of an existing account. I wasn't aware of the original article so I thought this was typical Clarkson - brilliant.

  78. iamzippy
    Thumb Up

    Hoist By His Own Bank's Petard...

    I've no time for the guy, but the whole episode is show-time for The Bank.

    Reluctantly tip my hat to JC on this occasion -- ugh -- hope he's learned something from it.

  79. Deep Tank

    What a tool.

    No furter comment required.

  80. Jon Tocker

    Well, well, well

    My estimation of Clarkson has gone up.

    At least he has the honesty to admit his mistake publically and change his viewpoints.

    Was he wrong? Yes. SHOULD he have been wrong? NO!

    If any bank I used did the same to me based on /that/ level of "personal" information (and really, how "personal" are details that are published in your phone book and on the cheques you write?) I would close my accounts and start talking to the local reporters about what a pack of cretins the bank was.

    If I ever go to England, I'd never open any account with Barclays.

    As Anon Coward ("Not only Clarkson" 7th January 2008 17:49 GMT) said, the potential for devastation is horrific.

    My previous bank (before I ditched them for being a pack of thieving, money-grubbing shits) would happily charge $30 for every dishonoured transaction (putting the account further in OD than actually /honouring/ some of the transactions would have) and then charge an additional "Unarranged Overdraft" fee AND charge interest on the OD at punitive rates. On top of that, the rent, car, power, phone etc have not been paid that week and they start getting shitty. Afterwards, the bank account is in OD to the tune of 6x $30 dishonour fees plus $12.50 Unarranged OD fee plus punitive interest (so >$200) when your next pay cycle rolls around (what, you expect the bank to get it sorted and get your money returned within one pay cycle?) and you're down over $200 in your household expenses budget.

    And that's assuming the thieving mongrels actually reverse all the fees and interest they've taken from your account as well as getting your money back. My old bank, you'd have a higher likelihood of Bill Gates dropping by your place and tossing you a wad of high denomination banknotes. You expect honesty and fair dealing from an organisation that will dishonour a $10 autopayment that would put you $5 OD then charge a $30 fee that puts you $25 OD so they can charge more interest on the amount you're overdrawn?

    Some families live so "close to the wind" that starting the pay week more than $200 short would totally clean out their food budget and still leave them short for paying the bills (meaning more dishonoured payments and more fees) - could take months to get back on their feet.

    Any bank that allows money to be removed from an account based on such a paucity of information - regardless of whether "it can be returned later" or not - does not deserve to be trading. Seriously.

    Barclays, and any other bank that would allow the money to be removed without proper verification, has no respect for its customers and therefore does not deserve any.

    As to DDs - I refuse to have them. Even my power supplier, who claims to only accept payment by DD (which they can control) gets paid by Automatic Payment (which / control) - having been stung in the past when the bank dishonoured a Direct Debit (and charged me $30) and the creditor retried debitting my account twice during the subsequent couple of days (incurring additional $30 dishonour fees each time). The only attempted withdrawals from my account that I have not *personally* performed or authorised should be the bank fees themselves (if I am remiss enough to use another bank's ATM or perform too many EFT-POS transactions in a month).

  81. Steve Medway
    Stop

    Carefully vetted....... my arse......

    About five years ago I had 5 DD's set up on my account for mobile phones all from the same internet based company.

    No sig is required - its called an ldas or ldis or something similar DD. Only found out 4 months later after £1k was taken from my account in a month (I learned to always check my statements from then on).

    Got all the cash back from the bank on the day I realised, but guess what..... the cops didn't want to know.......

    I went into Nottingham's main police station to report the crime and their answer was "oh it's probably just a clerical error". They gave me a crime reference number after much moaning from myself - and they didn't even want to give me that.

    I wonder what would happen if I reported a DD fraud now?

  82. Charles Manning

    Entertainment...

    Clarkson is primarily an entertainer. Do you really think Top Gear etc is completely factual? I doubt it. These guys don't let fact get in a way of fun and controversey and entertainment value.

    Therefore the whole report should be taken with a handful of salt. The whole DPA thing could be part of the scam to give an excuse for not proceeding.

  83. Anonymous Coward
    Anonymous Coward

    Misuse of the DPA

    Financial institutions and the like have been misusing the DPA for years now to bury stuff they'd rather not talk about. I've no idea whether or not what they're doing is in accordance with the letter of the law, but this surely isn't what the DPA was intended for.

    As for the normal level of banking security, if I showed such lax standards as a sysadmin I'd be out on my ear. I suppose there is a difference, though, since my users' accounts will contain all manner of important tat like their porn bookmarks whereas a bank only handles the trivial stuff like their salaries.

  84. Tim
    Stop

    They could have done it anyway.

    The fact he published his bank numbers is besides the point. He was challenging the bank system to proove that there are security measures that stop the leaked data from being useful. Unfortunately UK banks being about 50 years behind acceptable levels of security, and he was prooven wrong.

    It's the banks fault NOT his. Numbers that anyone can read from a cheque obviously cannot be verrification, this story just highlights the need for banking reform.

    (and again shows how stupid the government were for loosing the disks in the first place)

  85. Anonymous Coward
    Jobs Horns

    Direct Debits are the Devil's work

    Never, and I mean never, set up a DD. They are dangerous. Trying to vary or stop a DD can be a nightmare.

    :: Always check every line in your Bank/CC statements, every line.

    :: Keep all banking reciepts until you have done your checks.

    :: Shred obsolete banking and CC papers.

    Bottom line: Banks and the banking process cannot be trusted.

  86. Paul Daniels
    Pirate

    Insanity.

    If its that easy to setup a DD its a wonder that no crims have setup a bank DDOS scheme. Pay up or thousands of your account holders will be shafted. Oh hang on.... All these fees on my last bank statement, we already are.

  87. Paul Murray
    Flame

    get a lawyer

    "My bank allowed a large amount of money to be taken from my account .. a week after I'd given them (in person) a written request to cancel... the bank said they hadn't had my request ... and that they wouldn't do anything about it ... the company, they refused to refund me ... the bank then charged me lots of money for being overdrawn and kept me in the red for several months afterwards by continuing to charge me for being overdrawn."

    Etc etc etc. Sounds like this advice is too late for you, but here it is: GET A LAWYER. Don't get given the runaround - threaten to drag the bastards into court. It's the only thing they understand.

  88. Anonymous Coward
    Anonymous Coward

    RE: He flew a plane once, and has one in his garden...

    He doesn't have the plane in his garden anymore and hasn't for a long while, the council made him put it away, something to do with planning i think... He does however, have donkies in his garden

  89. Mike Bremford Silver badge

    Not just Direct Debits.

    I was at the local nick a few months ago (by choice I might add) and the guy ahead of me was reporting a phony standing order on his account. £3000 a month, ran for 3 months before he spotted it. No DD guarantee there and the paperwork requirements are similar.

    I also had a mate who had money stolen from his account through telephone banking. His bank required 2 random digits from a 4 digit pin code - yes, he chose a date, and was horrified when I guessed one was 0, 1 or 2 and three was a 0. Oi! Banks! Five digit pins stop people choosing dates.

    Nice work Clarkson, always have time for people can admit when they're wrong.

  90. Maurice Shakeshaft

    The next Clarkson revelation.

    You get your fingers burnt if you put them in a fire!?

    The man is funny and gobby and opionated and .. and ..... all those other things. Perhaps, now, having seen how it works for one of their own the elite of our land will start to take notice of the "little people's" concerns. Is Mr. Clarkson a member of the NO2ID campaign?

  91. James Anderson Silver badge
    IT Angle

    Bank account numbers are not secret.

    Everybody you ever sent a check to, sent a bill which you paid, transferred money to, and anyone who transferred money to you

    automaticly know your bank account number, plus your name and address.

    Anyone who worked with these companies people can easily get your bank account number, and, you dont have to be a black hat hacker you just need to get a job in the mail room!

    The bank was clearly at fault here and should take full resposibility.

    As with most of this "Identity Theft" hype, it really has nothing to do with the person impersonated. Its fraud commited against the bank by someone using a false identity and the bank should either take appropriate precautions against this or go the way of Northern Sock.

    I hope the diabietes people get to keep the 500 smakers.

  92. Andy Worth

    New DD's

    Well, I don't get a notification in writing from my bank when a new DD is set up, as the very first poster suggested he should, so perhaps that depends on who you bank with?

    As for signature verification, considering Jezza is quite well known I'm sure it'd be quite possible to find out what his signature looks like, as after all he signs enough stuff. Someone with a half decent talent could easily replicate his signature, as after all they wouldn't have to write it quickly. Of course, it is also entirely possible that the bank didn't check properly.

    Kudos for the perpetrator for setting up the DD to go to a charity.

    Oh and bank bosses ought to be able to be held criminally liable if their bank does not meet acceptable security levels - for example to allow DD's to be set up without proper verification. Sorry but they've been screwing us over for years so it's time they got theirs.

  93. JimC

    Telephhone Banking/Internet Banking

    When I looked at the terms and conditions for these, and especially the "its up to you to prove it was fraud, not that we'll give you access to our logs or anything else you need to do so" parts, I came to the conclusion that using either is about as dumb as what Mr Clarkson did...

  94. Nicola Marshall

    Data Protection

    I worked in finance for 8 years, Jeremy Clarkson's bank may not be given the details of the person who signed him up for the dd, however as this was a fraudulent transaction, and the person’s details can be used by the police if he wished to prosecute.

  95. Anonymous Coward
    Alert

    Signatures don't mean anything

    I was amused by a couple of the comments assuming that banks actually bother to check signatures. They don't. Not on direct debit forms, cheques or any other documentation.

    The only time signatures are looked at is after the event if an account holder questions a cheque, DD or anything else. I have had cheques accepted on an account where the signature (very legible made up name) did not match any of the authorised signatories.

    So paranoia about keeping financial details private is justified.

  96. Anonymous Coward
    IT Angle

    when did the DP act protect criminals?

    Somebody wrote:

    "And as for the DP act being blamed...rubbish. If its between the bank and its customer, its confidential between those two. If its anyone sles, its fraud, and since when did the DP act protect criminals?"

    Well my wife knows a DI through her work and apparently the DP Act frequently protects/help criminals...

  97. Stephen Jenner
    Pirate

    Analogue v Digital?

    I have always thought that as a general rule, any retained data, by any agency, especially government, should be analogue. If some daft or dishonest clerk loses, or gives away a document that he is entrusted with, the potential for damage is far more limited than if the same document had been stored digitally.

    I remember an organisation called the "Economic League" years ago, who understood this distinction. Their business was to collect and share information (for a fee) about senior executives amongst prospective employers. For good or ill, under the original data protection act, they were exempt from declaring this information, because they kept their records on a rolodex, not a computer.

    So, if one agrees with such a thing as the NHS in its current form (I do not), we should resist the digitalisation of our medical information.

    Likewise we should resist the introduction of digitalised ID cards, passports and voting systems.

    On the other hand, if the banks were playing an honest game, and they wanted to continue to deal with money electronically, for their and their customers benefit, they should also continue to offer guarantees against fraud, (after all we pay for it anyway). The introduction of chip and pin, if anyone remembers, was accompanied by a modification of the rules in the banks’ favour, they would no longer honour their guarantee to the retailer or the customer if there was no digital signature, we all know that this is not secure, but it is genuinely convenient for us and profitable for the banks and retailers.

    I do not know whether this was the case with Jeremy Clarkson, (no digital OR analogue signature) but by highlighting this, he has done us all a favour, albeit unwittingly, hasn’t he?

    The problem is that government by nature, is always dogmatic, just because there might be an advantage for citizen and government in storing some information digitally, it does not mean that it is ok to store ALL information in this way. Essentially, we should resist “modern” “joined-up” electronic government at every turn, until we know what the ramifications are for digitalised storage of a particular form of personal information.

  98. peter

    A huge security hole, the banks know it and don't care

    Hurray. Someone has now realized a flaw in the banking Direct Debit system I found.

    Several years ago I found that someone had setup a Direct Debit on my account for a TV licence. After long conversations with TV licensing and my bank I found out that there is nothing to stop anyone setting up a direct debit on my account. All anyone has to do is fill in a direct debit with someone my account details. The company managing your direct debit can only accept at face value that the direct debit they get has the account details filled in correctly and pass it to your bank. The Bank does no checking that the direct debit is correct because they have delegated all responsibility to the Company dealing with the Direct Debit and they just automatically process the direct debit mandate WITHOUT ANY CHECKS.

    No signature checks, no account checks, not even checking that the person originating the direct debit owns the account. NOTHING.

    So basically the Company raising the Direct Debit cannot check any details are correct, and the Bank does no checking because they have passed on responsibility.

    So the only person in the whole chain who checks that the direct debit has been applied to the correct account is you. This is a huge hole that the Banks have buried their head into. The only reason I did not take it further was because of the Direct Debit guarantee that I would get my money back. (and even then in this instance I had to be passed up the chain to a senior manager at the bank and had to quote some of the Banks own direct debit leaflets before they would honor the guarantee and credit my account straight away.) I tried to raise it as a potential fraud, but the Bank was just not interested. As they said, the Company raising the Direct Debit indemnifies them, so what was the problem. They could just not get it into their heads that someone had taken money from my account without my permission AND COULD DO IT AGAIN. They just kept repeating ’but you got your money back’

    I can also understand the comment about the Data Protection Act. I tried to find out who had raised the Direct Debit and was quoted the Data Protection Act.

  99. Anonymous Coward
    Anonymous Coward

    Data Protection Act

    >> The bank cannot find out who did this because of the Data Protection Act

    > Would anyone like to hypothesize what he might mean by that?

    The phrase "because of the Data Protection Act" is call centre speak for "I can't be arsed".

  100. Anonymous Coward
    Joke

    Cherry on top...

    ...will be when he tries to cancel the DD and gets told he can't because he wasn't the one who set it up in the first palce

  101. Joe
    Alert

    Banks should be contacting the customers

    Why can't the banks and the credit card companies send SMS and/or email notification of every significant action that takes place on your account as it happens?

    BEEP An electronic direct debit mandate has been placed on your account xxxxxx91 from the originator Nigerian Prince Ogoaeruyter. Please call the bank now if this is incorrect.

    BEEP Your MasterCard xxxxxxxxxxxxxxxx3079 has been used to purchase a Bugati Veyron. Call us to dispute this transaction.

    Since signature checking seems to be increasingly lax these days a bit of dilligence from the banks wouldn't go amiss...

  102. Pete Burgess
    Alert

    IT WAS A SET UP

    At least that's my opinion after sleeping on it. It all just seems a little too nice, clean and clinical for my liking...

    He publishes his bank details in the paper, and of all the potential dodgy dealings, there is one single solitary payment to a harmless charity...? With all the cash he has, you'd have thought something more inspired would have been done, and certainly by more people. Bare in mind, this is someone who buys supercars, so there should be the potential to make a handsome amount

    The bank claims the DPA is preventing them "assisting with enquiries". Surely, the only way this could be true would be if the transaction was NOT fraudulent and WAS actually the account holder making the transaction, in which case it would apply...

    I'd be interested to know if he has reported it to police... which doesn't seem to have been mentioned. If it hasn't, then I think it must be a stunt.

  103. Anonymous Goatherd
    Coat

    Prepared to Pay?

    ok, its true the banks don't check signatures on Direct Debits - for many DD's they only have an electronic instruction come through.

    let's say they could check these, what do you think it would cost and who do you think they would pass this charge onto? Are you prepared to pay as part of account charge or slightly worse interest rates?

  104. peter

    They don't need any 'personal' information - they just need your account details

    To all those who think they are safe, because someone who might setup a direct debit on their account does not have their personnel details (address, Mothers maiden name, DOB, or even your name).

    THINK AGAIN. You do not need any of these details to open a direct debit. You only need an account number (a sort code helps as well). You can put in any name, any address and make other piece of information you like.

    Why? Simple. The company who sets up your direct debit have no way of knowing you own the account you are setting the direct debit against and check it against your name, address etc. The banks will not tell them (Data Protection working for you - again). The Company raise a request to the bank and the bank ONLY checks that the account number is valid before raising a Direct Debit against that account. The Bank does not check that the name, address or anything lines up with the account – let alone any other basic security checks.

    The Bank’s excuse is that they security vetted the Company raising the direct debit really really carefully, and so when the get a valid direct debit, the HAVE to honour it. (‘valid’ means only that the account number is correct). They do not seem to understand that the Company raising the direct debit has no way of knowing that the account details they are given is actually owned by the person raising the Direct Debit.

    So the Company raising the direct debit has no way of security checking any direct debit request and the Bank performs no security checks on your behalf.

    So all you need is someone’s account details and you can set up a direct debit against their account.

    The question is not ‘how could the bank have allowed Clarkson’s account be debited’ but rather ‘How could the banks have allowed such a huge security hole to have existed for so many years’. It is a simple answer. They don’t care because they are indemnified by the Company raising the Direct Debit.

  105. Cavan
    Coat

    I'm am completely shocked,

    A sun reader could operate any form of electronic device in order to set up any form of fraud, I bet that's the angle Clarkson was aiming for.....

  106. Christian Cook
    Alert

    Are signatures actually checked anyway?

    About 10 years ago I got utterly bored with my signature (too long to write each time) and so decided to completely change it overnight. The very next day I began using my new ultra-condensed and totally different looking signature and my bank did not ask any questions over any new cheques or direct debits at all?

    Of course, things might be different now but, in my experience, that generally means they are now a lot worse.

  107. JimC

    > Don't check signatures on DD

    The banks don't check signatures on anything...

    A good twenty years ago, when I worked in the bike trade, we had a lad come in and say "My Dad wants to buy me a new bike, but he's too busy to come to the shop. Is it OK if I bring in a cheque?". So we said sure, but you'll have to wait for the cheque to clear and all that. So we get the cheque put through on a special clearance, being careful and all that, all is OK, and the lad gets his bike.

    Three months later angry father comes into the shop waving cleared cheque... It turns out that the family had split up, and son had grabbed two or three cheques out of Dad's cheque book as Dad was walking out the door. The signature Son had filled in on cheque bore not the slightest resemblance to Dad's signature in any shape or form, and it was the equavalent of 3k or so in current money...

  108. Fluffykins Silver badge

    @Peter (and anyone else scammed by DD setup)

    Just a thought, but you _may_ be able to get past the Data Protection brick wall by calling the bank "to check the contact details used for the transaction" as you believe they may have been taken down wrongly, since you can't recall receiving any writtem confirmation.

    At that moment you're not saying it's someone else, just asking to check their record of what you assume is your own data.

    Maybe.

    Maybe you could charge 30% interest for unauthorised credit as well.

  109. Anonymous Coward
    Coat

    title

    RE: Public Info

    "Mind you, why did his bank not send him the standard "A new DD has been set up, if this is wrong tell us now" letter that you're supposed to get?"

    Maybe it was sent the same way those 2 cds where sent ;)

    RE: Just wait

    "I wonder how many rounds he would have paid for if he had published the information on the register."

    Non as the BOFH and PFY would have emptied on rounds before anyone else had a chance to do so :)

  110. Frank Bough
    Thumb Up

    Well Done Clarkson

    All he's done is PROVE, in the most public way possible, that the banks are not only only incompetent, but COMPLICIT in data theft. There's no way someone should be able to steal your money just because they know your account number.

    Clarkson's may have been motivated by his usual careless buffoonery, but he's done us all a favour. As with jamie Oliver's school dinners', it's nice to see an irritating celeb using their fame for something other tha grabbing more and more cash.

  111. Vince
    Go

    RE: Are signatures actually checked anyway?

    ---------

    About 10 years ago I got utterly bored with my signature (too long to write each time) and so decided to completely change it overnight. The very next day I began using my new ultra-condensed and totally different looking signature and my bank did not ask any questions over any new cheques or direct debits at all?

    Of course, things might be different now but, in my experience, that generally means they are now a lot worse.

    ---------

    If a cheque we receive doesn't have a signature, it gets bounced everytime, but if it has a scrawl, no matter how different to the account signature, it goes through everytime as long as there are funds. I think that answers your question.

  112. kieran
    Thumb Up

    Good move

    Clarkson is normally good for news. I like him but this was a fantastic move on whoever did it's part.

    I'm glad to see he learnt his lesson, rather than just thinking it was an outrage. What I really want to know is how much he got back, considering its a charity it would be quite interesting.

  113. Anonymous Coward
    Pirate

    @ "Fuss about nothing Mk II"

    You make it sound as if our banking sytem was actually secure!?

    I have worked for the IT-security sector of the finance industry, and can tell you that just about nothing is secure in the financial industry! they don't care!!!

    It would have been about 10-20min works for me to transfer 100s of millions of pounds into off-shore accounts without the possibility of law enforcement getting their hands on the funds immediately!

    by the time it would have been noticed, it would have been way too late, I would have been gone and on the way to the next plastic surgeon as well as getting a new identity.

    the only thing that could possibly been seen as some sort of security is "security by obscurity" and I think we all know what to think of that!!

  114. Anonymous Coward
    Boffin

    Correction of some of the incorrect assumptions in this thread...

    RE: Public Info - "Mind you, why did his bank not send him the standard "A new DD has been set up, if this is wrong tell us now" letter that you're supposed to get?"

    No... the letter never comes from the bank, it comes from the payee... that's because one of the Direct Debit conditions is that you are so informed of the amount(s) to be debited from the account, and of the relevant dates, in advance.

    And for a number of years, there has been a national agreement that in these cases, the report is always to the bank in the first instance, NOT the police: if the bank then wishes either to report the offence(s) and/or relevant intelligence for further action, then THEY contact the police. In practice, for most cases, it doesn't happen - it's just not financially worthwhile for the bank to take it further. After all, they just take it out of the huge profits that they have been making from US! ;-)

  115. jason Silver badge

    How do you check a signature?

    Johnny bankteller gets a cheque form a customer, do they then have a digital network that shows all the signatures on record just like that (kind of like the fingerprint system on CSI)? How long would that take to manually check all sigs? Even by computer would take ages with the thousands of cheques/DDs going through the system each day.

    For a while I started changing the signature on all my cheques I sent out. Not one got challenged. They all got paid in.

    As for finding out the details of who submitted the DD, wouldnt that be 'J Clarkson'?

  116. peter

    @ jason

    wouldnt that be 'J Clarkson'?

    Nope. Could be anyone. No-one checks that the name on the direct debit is the same as the name on the account. You could fill in a direct debit with Clarksons account number and put Imagit Clarkson in the name. It would probably have got through (probably will not now as - I would hope - Clarkson has closed the account or the bank has put a stop on any further activity on it).

  117. Anonymous Coward
    Anonymous Coward

    Title

    Never liked DD anyway. Seems an act of madness to allow folk to dip into your savings as and when they like, based on promises of telling you in advance. Especially when you end up having to spot and sort any problems yourself. It's bad enough a bank (!) has to be trusted with your savings in the first place. I blame you lot for accepting it as a legit service when it first came out, ensuring that the rest of us now find it difficult to avoid.

  118. Rob
    Alert

    Signatures...

    What's been said is true. For a while, just for laughs, I went through a phase of signing my name as "T. Burglar". Nary a peep....

  119. Jon Tocker

    Re Correction of some of the incorrect assumptions in this thread...

    "No... the letter never comes from the bank, it comes from the payee... that's because one of the Direct Debit conditions is that you are so informed of the amount(s) to be debited from the account, and of the relevant dates, in advance."

    So all you need do is write some random fake address (or even a random real address, it doesn't matter) to go with the fake name (since neither the company nor the bank check that the name supplied matches the name on the actual bank account) and the "stolen" account number (if reading a cheque and learning the account number can be classed as "stealing" anything).

    The letter from the company advising that 1000 quid's going to be debitted from your account each month on the 21st as of this February is going to be sent to the bogus address. If it is a real address, the likelihood is that the householder will glance at the name, say "no one in this house" and drop it in the bin. Even if they do scrawl "Not known at this address, return to sender" on it and drop it back in the mail on their way to work, the person who checks the mail back at the company is most likely to shrug and bin it as it's not his/her job to locate the right address for the payer.

    So the person whose account has been targetted will have no warning of said direct debit until they go to buy their groceries and find their account is already in the red and is going to get worse once the bank starts reversing the autopayments and smacking dishonour fees in place.

    From peter: "The Bank’s excuse is that they security vetted the Company raising the direct debit really really carefully, and so when the get a valid direct debit, the HAVE to honour it. (‘valid’ means only that the account number is correct)."

    Yeah, because the company is deemed to be safe and would not *commit* fraud - yet the company is not equipped to detect if they themselves are being defrauded (as the bank cites DPA as a reason to prevent the [trusted and non-fraudulent] company from confirming that the account details provided are kosher.)

    In short, the banks know that the data is unverified and therefore cannot be trusted, despite knowing that the company itself would not deliberately supply fraudulent information - and yet they still proceed as though the data were totally trustworthy.

    Wankers. And then if enough fraud is committed throughout the year and they've had to restore a lot of money into accounts that should not have been removed in the first place (would not have been, had they used proper security checks) - to the point that their stakeholders are at risk of having their enjoyment of banana daiquiris, underage prostitutes and 5-Star Bahaman resorts curtailled due to falling profits - they can use the slump in profits to justify increasing fees and interest on loans (while decreasing interest on savings accounts).

    Re: It was a setup:

    Pete Burgess, what exactly did you smoke BEFORE you slept on it? Were there strange eldrich creatures roaming around the room at the time you came to your conclusion?

    Suuuuuuuuuure, a loud opinionated public figure just decides to loudly change his opinion and so fakes being targetted. Riiiiiiiiiiiiiiiiiiiight.

    And he's popping by my place later to drop off one of his super cars for my wife...

  120. Anonymous Coward
    Anonymous Coward

    run 100m on sprained ankle? ... need a crutch, and its gonna be slow

    There are enough things in life that are cause for worry, and it is generally accepted that worry will shorten your life more than most things (other than being run over by bus, or drinking 4 litres of vodka, or getting a new hairdo by covering ones hair with gel and doing the double digit in the nearest light socket...). You shouldn't have to worry about your bank accounts being siphoned off by duff DDs and your bank couldn't care less....

    Jeremy Clarkson appears to be one of the few public commentators in the UK who wield a pin with remarkable authority, regularly popping allegedly safe balloons to show the underbelly of life in the UK... (note: 500quid is a small price to pay for '000s quid worth of PR). . The 80's boomtime showed how brash the banking fratenity was... this DD fiasco JC has shown us highlights the latent arrogance of the banking fraternity... nothing new to some/most, but allowing DDs to be processed without appropriate security diligence could be considered in the same way someone pickpocketing you.

    Without a banking-led overhaul of this setup, maybe the only way to nail this down is to commit your bank to only authorise DDs when you front up to your local branch and verify a received DD: do the math - an hour lining up at your branch versus empty/overdrawn account and the fallout from that...

  121. Anonymous Coward
    Anonymous Coward

    Direct Debit Rules

    Most DD's are now set up electronically without any signature from the customer.

    As I understand the direct debit rules, a collecting organisation wishing to electronically set up direct debit mandates without a signature has to sign an unlimited indemity clause.

    So in general case, you would dispute a fradulent direct debit with your bank and the collecting organisation has seven days in which to produce evidence or refund the monies. Therefore any fraud is against the collecting organisation who has agreed to take the risk by signing the indemnity.

    That said, Clarkson openly disclosed his details so this would probably not apply to him.

    Also, my experience is that banks only check signatures on cheques for very large sums as was the case when my father tried to pay his mortgage off via a cheque from his current account and they compared his signature against his original specimen supplied about twenty-five years previously. Obviously, your signature would never change over time!

  122. Pete Bass

    Clarkie for PM? Come off it!

    It's all very well applauding JC for admitting that he was blatantly and publicly wrong but PM material? Come off it!

    Jezzer is a gobby and opinionated TV personality with no responsibility other than to keep as many paunchy petrol-heads glued to their TVs as possible.

    Any politico who admits to a mistake is instantly and unceremoniously drummed out of office to eak out a meagre seven-figure living as an after dinner speaker.

    Me jealous? Never!

  123. Anonymous Coward
    Thumb Down

    If anything, from this article you should learn one thing

    Barclays Barclays Barclays Barclays Barclays Barclays

  124. Jon Tocker

    @Pete Bass

    "Jezzer is a gobby and opinionated TV personality with no responsibility... "

    Sounds perfect PM material to me, no bugger would be able to tell the difference between him and any prior/current PMs anywhere in the Commonwealth.

    If a senile geriatric actor and an illiterate in-bred cowboy can become Presidents of the USA, despite any semblance of intellect (or ability to string together a coherent sentence) surely someone who is at least articulate enough to fuck off people with his opinions on a regular basis can be PM of England.

    It's not like the job requires any real qualifications.

  125. ryan
    Black Helicopters

    @ Adrian Waterworth

    roughly thirty seconds of searching found me an e-bay auction for some signed clarkson tat, complete with appropriately large (copyable) pictures.

  126. This post has been deleted by a moderator

  127. Anonymous Coward
    Anonymous Coward

    @Banks should be contacting their customers

    Here in India, they do that. At least my bank does. I get text messages and email alerts for every transaction like CC , debit cards etc. It is a feature you opt for though.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020