[HacktionLab] [Ttfa-discuss] Issues with publishing bank details and direct debits.

Charlie Harvey charlie at newint.org
Mon May 21 10:13:37 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 18/05/12 17:09, Adelayde Skidmore wrote:
- -----------------8<---------------
> Anybody out there know of a type of account where direct debits aren't
> allowed?  I guess a savings account...

Hi,

Not exactly, but another approach is to process them through GoCardless
(https://gocardless.com/) thus only revealing your account details to
them and meaning that they have to deal with any fraud attempts.

It works like this:

* Person sets up a DD to GoCardless's account.
* GoCardless collect once per period.
* GoCardless transfer the money to your account with BACS after skimming
off 1% up to a £2 max.

The really obvious attack vectors include:

* GoCardless are storing people's details as well as the various banks
involved in DD processing and the BACS system.
* GoCardless might GoRogue and do a runner with the money (they are FSA
regulated if you put faith in that sort of thing)
* There may be some sort of data breach at GoCardless which may leak
your or your constituent details.

So it isn't perfect but it may help to mitigate the specific risk you're
discussing.

Cheers,


> If there's no corroboration of signature, that's one thing, as digitally
> this is harder to do, but surely you'd have to get the person's name...
> so this is why people do organisation accounts, because you know the
> name, and because the AUDDIS system appears to have no checks beyond
> account name, sort code and number: details that anyone can get.  It's
> woefully inadequate.
> 
> I'll guess I hope Clarkson can put some pressure on them to get this
> sorted then, he's got considerably more clout than us lot (sadly).
> 
> M
> 
> 
> 
> On 18/05/12 15:03, protag wrote:
>> On Fri, 18 May 2012 14:18:28 +0100, Adelayde Skidmore
>> <adelayde at riseup.net>
>> wrote:
>>> Anyone else had similar experiences, or had a different story from their
>>> bank?
>>>
>> Hi All
>>
>> We had this at the 1in12, with our Co-op account.
>>
>> We went through a whole drama trying to work out a palatable way to
>> receive internet donations for our Fire Safety Emergency Work fund - the
>> only thing which didn't get blocked was putting our bank account details on
>> the front page of the website.
>>
>> To be fair, we knew it wasn't foolproof (didn't Jeremy Clarkson do the
>> same thing, to prove a point in a column, and end up proving the opposite
>> point?) but we reasoned any income would exceed any fraud, and any fraud
>> would very likely be a problem for the bank more than for us.
>>
>> All of the above turned out to be true: making it easy for people to give
>> us money worked brilliantly, but there were also bogus direct debits which
>> the bank had to refund.
>>
>> Amazingly (it seemed, at first) the items were traceable to identities:
>> RAC membership, mobile phones and car insurance etc.
>>
>> But then I remembered how money laundering works: pay for something with
>> dodgy money, then cancel the transaction and direct the refund somewhere
>> else. So imaginary money pays for an item or service which is never
>> delivered, instead it sets up the scenario where a refund can be directed
>> to an imaginary identity, before the money moves on and gets laundered a
>> few more times.
>>
>> Hey ho.
>>
>> We need something like Paypal for activists but who's going to do that?
>>
>> cheers
>>
>> Protag
>>
>>
>>
>>
>> _______________________________________________
>> Ttfa-discuss mailing list
>> Ttfa-discuss at lists.aktivix.org
>> https://lists.aktivix.org/mailman/listinfo/ttfa-discuss
> 
> 


- -- 
Charlie Harvey
IT Manager
New Internationalist

t: +44 (0)1865 811402
f: +44 (0)1865 793152
w: http://www.newint.org/
k: http://bit.ly/gpgkey/

** We offer a range of design, production, editorial, publishing and
mail order services. See http://nin.tl/hire-ni **

New Internationalist is an independent not-for-profit communications
cooperative. Our multi-award winning magazine, New Internationalist,
brings to life the people, the ideas and the action in the fight for
global justice.

New Internationalist Publications Ltd. is incorporated in England
under no.1005239. Registered Office:
New Internationalist, 55 Rectory Road, Oxford,  OX4 1BW, UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJPuhVRAAoJEPytMqUZaqlzzt8QALs405kVZEZnPwP7vSLnz1X+
Mn8a0Yi1tsAy/oNsAH9e8PfvI5EUgfOUUx+CyoxJQRE1z7ipLreZdgG1FSFqgoPT
WntnvmwBU8WRCaWXU9tp1evf294iwR4OtPbCBjqlVuK5XdpIHkVA89tHAVOcDhcO
QNZp41ItFpqZVbuNRuDA1L000jssNUUbe/RwPTcl9uG4teCdkLGAg3cjPiwWBTiG
F/p4LdrPgMXQzeuN2ot4aaun0FgYzR+T0Xgybf/I3wvKPbrYC/Q2NEx6Ez+Jm59J
rkJohiENiItWR2wmPoXgJLcJiy89D3IrK1JQFXnNLkBcwZZqtn7Kv+9jiHcKzufC
tv6LM1NjQsY7edYeoIWEOaV7UhuojuXfAcH2zkdmis7SwddpeAYU/W2hH6cu3dSs
aAMtc/dRQe9zD53ZmwGLxg87HZ6H52mgOqBkuICjdCk0+8A3+g0GgqPLYNcb78t0
8VKJoLwu8NoYZUQLua6iV5VZ7FhEP1vzTEj6i49OGTvxftokvWlVYJwAyrFfXf3/
8pmMS8UF0nVZgvWSgMuf6KDKt6z1b9ZU1vF6MLZhkZ9uILRwkUPdbCzquUJJcZkU
2W/iU87fXITVjAeY02ek4LluHPG+SAALpTcRbpA9VxcP67PwlPTMRFImrqo8AQFZ
uloDNmhDslBGIjBmedMH
=FtkL
-----END PGP SIGNATURE-----

More information about the HacktionLab mailing list