Why Friday is the most dangerous day for fraud

Kaufmann said: “I immediately tried to telephone Hargreaves Lansdown to tell them I had not authorised the transfer or the change of account. But I had arrived back on a Saturday and the contact numbers I had operate only between Monday to Friday.”

There is also a helpdesk number available until 12.30pm on Saturday, but he did not arrive back until 1pm.

The case raises concerns that conmen are now targeting investment providers — which, unlike banks, tend not to use a “two-step” security system when customers want to make payments or change details using online banking.

What do the banks do?

For many years, banks such as Barclays, HSBC and Royal Bank of Scotland have required customers to use an electronic device to access online accounts or set up new payees (people or businesses to whom money can then be transferred), on top of usernames and passwords, in an attempt to tackle a rising tide of fraud. Other banks, such as Lloyds, will contact customers by phone to verify any changes made online.

Hargreaves Lansdown, which has nearly £50bn of client funds, said fraudsters had stolen their clients’ money by hacking into its customer accounts on three occasions in the last five years. The most recent two, including Kaufmann’s case, were within the last 12 months

His loss was the largest of the three. Hargreaves Lansdown said it would refund the money this week because it was “the right thing to do” although the company, one of Britain’s largest investment providers, does not accept its security procedures might be flawed.

How did it happen?

The fraudster hacked into Kaufmann’s email in December last year and was able to work out exactly when he was going to be out of the country. “I had been corresponding with my travel agent, so all the details were there,” said Kaufmann.

Normally, you need a password, date of birth and user name to access a Hargreaves Lansdown account online.

Additional information is required to change the nominated account. This was changed from Lloyds, Kaufmann’s bank for about 30 years, to a Barclays in Nottingham, about 120 miles from where he lives. He said he logs into his Hargreaves account about twice a year, normally to top up his Isa.

“Surely something should have been flagged when my nominated account changed from the one I had been using for years. Why would I set up a Barclays account miles from where I live?” he said.

“Perhaps Hargreaves should use some of their considerable profits to invest in greater security?”

Hargreaves Lansdown said: “Our security systems are extremely robust and at no time have our systems been compromised. This type of incident is exceptionally rare, but shows the importance of people storing their information securely and keeping anti-virus software up to date on personal computers.”

Why fraudsters act on Friday

The fraudster made the transfer on a Friday using Faster Payments, an electronic transfer service that allows money to be moved within minutes between firms.

Surprisingly, not all Britain’s largest banks operate a 24-hour fraud reporting line, according to a leaked document compiled by the anti-fraud service Financial Fraud Action UK (FFA). As a result, fraudsters take advantage and often defraud victims late on a Friday, knowing that nothing is likely to happen until Monday.

The FFA document, dated January this year, lists the “out of hours” contacts used by bank staff to inform each other of potential fraud. It means staff at one bank can ask those at another to freeze funds before a criminal is able to withdraw the money from a bogus bank account.

However, the list is not comprehensive and banks are not obliged to lodge details. While Santander and RBS have reporting teams operating 24 hours a day, seven days a week, Halifax fraud lines operate between 8am and 8pm Monday to Friday, and between 8am and 6pm on Saturday, according to the document. Lloyds operates on a 24/7 basis, except for Christmas Day. HSBC and Barclays are not on the list.

The Kaufmann case is the third reported by Money in recent weeks where a fraudster hacked into emails while the victim was on holiday abroad and made a Faster Payment transaction on a Friday.

On the two previous occasions staff at one bank thought counterparts at another were not contactable outside normal working hours. If this had not been the case, the frauds could have been stopped more quickly and less money lost. After The Sunday Times became involved, both victims managed to get back more of their stolen money.

Sir Peter Burt, the former boss of Bank of Scotland, said the lack of a 24-hour fraud communications line at some banks represented a “huge gap” in security. He said: “If banks can now transfer funds on a 24/7 basis, I am surprised staff do not operate fraud reporting lines on the same basis. There is an illogicality to it that fraudsters are clearly taking advantage of.”

HSBC said: “We speak to fraud investigation teams from other banks on a daily, if not weekly, basis and attend many different inter-bank working groups. We make our contact details available through many of these organisations to ensure our peers can contact us.”

Lloyds and Halifax said the FFA document had been updated last week: “Our fraud team is available to customers and other banks 24/7. We will ensure all banks and industry bodies are contacted so they can update their records accordingly.”

Barclays said it has now provided FFA with its 24/7 fraud contact details.

FFA said: “All banks will hold contact details for other banks and have set protocols for investigating fraud cases. Banks can contact each other quickly and will do all they can to follow the money and retrieve stolen funds.”