The following was an email from a reader that caught our attention so others do not fall victim to these scams.
Greetings . Having been a recent victim of one of these tripartite phone banking scams which seriously deleted a good part of my retirement savings I have been following ,with great interest, your articles on this ongoing serious problem here in CR. One extremely important issue that I feel I need to mention is the total lack in mentioning the indisputably principal cause of ALL of these bank scams. Much has been mentioned of the faults of the victim giving out the secondary codes and token numbers for the withdrawals subsequently made but ,strangely enough , not one word is ever mentioned about why one’s security password is able to be changed so easily without ANY private security questions(standard procedure in any non CR bank) and totally unbeknownst to the victim.
Here it is well known that the criminals are taking advantage of what’s known as the “incorrect security messaging” flaw which is the initial and principal cause of ALL these frauds. When you or someone else accesses the sign-in phase of your account they hit the “forgot my password” tab. The customer, who has already been cheated into thinking he’s speaking with the official BNCR phone banking, receives a standard transaction notification via text or email with the accompanying security code.
The email message states that ” you are undertaking a transaction” instead of the internationally -accepted standard of receiving a “CHANGE OF PASSWORD” warning. Also, when they are adding new recipients’ accounts to your online service you will also receive this same standard “transaction” notice . Unbelievably these messages do not even contain the words “change of password” much less the subsequent ” you are adding a new recipient” in the following messages. This is a flaw of such epic proportions that it leaves me speechless as does the Costa Rican Times lack of ever addressing this fatal flaw on the part of the BNCR , which HAS to be a contravention of international minimum standards.
Sources within the prison system frequently mention how the very few criminals ever convicted of bank fraud openly boast and ridicule the banks outdated and criminally negligent messaging errors which enable the criminals to proceed with these thefts. As an experiment ,hit the ” forgot my password” tab on ANY other online account you have and take notice of the incredibly clear first message that you will receive warning you that “YOU OR SOMEONE HAS REQUESTED A CHANGE OF PASSWORD!!!”. Usually ,this warning will appear in GIANT letters of a different color or on top of different colored backgrounds , in some cases even flashing and compare this with the quaint and dangerous ” Ud está realizando una transacción,etc” that the BNCR continues to send us 10 years after these scams have become rampant here. Try a password change even in your non-banking/PayPal accounts , like eBay, Amazon, Spotify , last FM, etc, etc and you will I variably receive a message beginning with the absolutely crucial “change of password” phrase. These responsible companies have even configured their warnings to clearly begin with the word “password” in the default notification ” bubble” on the outside of your telephone ,which would most definitely terminate any following fraud activity since ,if you think your receiving a “deposit” and you see the word “password” in your message there is no way ANYONE would proceed to be defrauded.
This extremely serious messaging error is principally responsible for ALL of these scams and all the press and public organizations are also at fault for studiously ignoring this issue. Attempt to bring this flaw to the attention of the OIJ, SUGEF, the national consumer protection agency, your embassy and you will either get no response or a list of private lawyers so that you can be left bankrupt trying to fight appeals against this nationally owned. It is many years past due for this issue to be brought to the public, national, and international light via the press. Who else do we really have to protect us if not you people. Stop this insanity once and for all. Respectfully… Peter Lubianetzky, Puntarenas , CR.