Ed, I'd agree with you largely on that. The adaptation of the BACS system for on-line banking wasn't, in my opinion, fit for purpose although when I said that some operational risk people (who, to be fair, were non technical) thought I was talking rubbish. I felt vindicated when the banks were forced to include the account name check when setting up new payees. It's not the only occasion where technical advice that could have saved large amounts of fraudulent transactions were ignored. Hey, but arrogant public school educated directors and politicians always know best!The number spoofing is slightly different. It's essentially caused by, shall we say, an incompatibility or loophole between the old PSTN circuit based system where the CLI information is based on the caller's physical exchange connection while the new VoIP virtual circuit packet switched system requires the caller to insert their own CLI information. In countries like the UK, USA, etc with strong regulations that's well controlled but that's not the case everywhere. So new protocols are being devised and implemented to try and restrict rogue calls from abroad as well as internal ones. However, that's not easy as one doesn't want to erroneously block legitimate calls - and that includes UK mobile numbers roaming abroad.I suspect while some countries still have lax regulations it's never going to be 100% effective and some criminals will probably still find a way to circumvent the controls.
Michael Ixer ● 1036d