Sending my Bank Details as email attachment

Masala

Hi

I have a number of customers who want to pay me by Bank Transfer rather than cheques.

I know the customers well and the now asking me to forward them my Bank Details.

How would you recommend that I get this info to them?? The best option is to send them back as an attachment with all the details on a Headed Paper.

Am worried that this attachment could be 'phished' somewhere along the line.

Would I be better putting my details within the body of an email??

I see some companies have a system of password locked security that needs a password to open. They then send a password in separate email.

Any ideas to help me protect myself on this???

Regards

incentsitive

Pick up the phone!

RossieMan

What are people going to do with your BIC and IBAN? Send you money? I think you'll be alright.

Masala

incentsitive wrote: »

Pick up the phone!

I agree.... but alot of office juniors want it in hard copy from me so that they have a reference to refer to if anything goes wrong in taking it down over the phone.!

Masala

RossieMan wrote: »

What are people going to do with your BIC and IBAN? Send you money? I think you'll be alright.

So why are the phishing emails looking for your Bank details???

RossieMan

It's generally card numbers they're after with that. They prey on the stupid who don't know the difference.

Direct debits is all you can set up with an IBAN, and they're very easy to have refunded.

incentsitive

RossieMan wrote: »

It's generally card numbers they're after with that. They prey on the stupid who don't know the difference.

Direct debits is all you can set up with an IBAN, and they're very easy to have refunded.

So are credit cards, I had a transaction through my account recently and rang the bank and they just refunded it. I still don't know how they got it, I am super paranoid about it!

Mrs OBumble

incentsitive wrote: »

Pick up the phone!

Absolutely not: that's just asking for transposed digits.

Give them something they can copy and paste from.

incentsitive

Mrs OBumble wrote: »

Absolutely not: that's just asking for transposed digits.

Give them something they can copy and paste from.

So, eh, unsecure e-mail is it?

ArrBee

As someone who is likely to ask for bank details so I can make payment, I would only accept an "official looking" hard copy on letterhead etc if the business was anything other than someone I already knew, like my plumber or something.

There's a couple of reasons for this.
1. If a mistake is made in inputting the number you have a record of the number supplied. (already pointed out)
2. cuts down the likelihood of being given the personal bank details of the office staff by "mistake"

As others have said, it's not really something you need to overly protect, unlike card numbers.

Effects

incentsitive wrote: »

So, eh, unsecure e-mail is it?

Yeah, you're right. Should just stick to cheques I guess.

Wheety

Some companies have their bank details on their website for payments. You should be ok emailing them. Most places would have the details on their invoices.

Other option is to post them on headed paper.

srsly78

Why isn't your IBAN on the invoice?

user1842

The issue here is that the email or letter is intercepted and the IBAN is changed.

Thus the payer "unknowingly" pays to the IBAN of the criminal thinking they are paying the real company (there are a few documented cases of this happening in Ireland).

There is not much the payee company can do about this other than making sure your computer systems are not compromised and putting a notice on the invoice for the payer to confirm your IBAN by contacting a know trusted party of your company.

The ideal solution is for a proper Europe wide e-invoicing solution with request to pay functionality. The Euro Retail Payments Board (ERPB) is working on this.

JTMan

One great function in PayPal is the ability to create an invoice including secure payment. Works really well.

Outside of this, add the IBAN on the PDF invoice. The risk that it will be hacked is very low.

murpho999

Masala wrote: »

So why are the phishing emails looking for your Bank details???

THey're looking more for your logon to your online bank account so they can clean out your account.

People get into any awful panic over bank details as if people can just wipe you out.

However, they have no problem sending somebody a cheque in the post that contains all your bank details and a sample signature.

Emailing the iban and bic will be be fine. The worst thing people can do is pay money into it.

coylemj

Send the IBAN in an e-mail, ask them to phone you to confirm the details. The risk of the e-mail being hacked is extremely low.

The fraud that happens in this case is that after the event, a fraudster sends an e-mail which looks like it's coming from the supplier. It asks the customer to note a change of bank account. The customer accepts this on it's face, transfers money to the new account and it disappears down a black hole.

Bear in mind that when you hand someone a cheque, it has your bank details (branch code and account number) on it and this is still going on thousands of time a day, especially in the agricultural community.

murpho999

user1842 wrote: »

The issue here is that the email or letter is intercepted and the IBAN is changed.

Thus the payer "unknowingly" pays to the IBAN of the criminal thinking they are paying the real company (there are a few documented cases of this happening in Ireland).

There is not much the payee company can do about this other than making sure your computer systems are not compromised and putting a notice on the invoice for the payer to confirm your IBAN by contacting a know trusted party of your company.

The ideal solution is for a proper Europe wide e-invoicing solution with request to pay functionality. The Euro Retail Payments Board (ERPB) is working on this.

Just ask the company to e-mail a confirmation of the IBAN they are paying to.

Seriously what are the chances of the email or letter being interpreted by criminals?

user1842

murpho999 wrote: »

Just ask the company to e-mail a confirmation of the IBAN they are paying too.

Seriously what are the chances of the email or letter being interpreted by criminals?

Unfortunately it happens:

https://www.bpfi.ie/fraud-alert/invoice-re-direction-fraud/

murpho999

user1842 wrote: »

Unfortunately it happens:

https://www.bpfi.ie/fraud-alert/invoice-re-direction-fraud/

Never said it doesn't but it's very rare.

The chances of your email being intrecepted by criminals, altered and resent are very slim.

It's like thinking that you could get hit by a car when crossing the road. It happens everyday but does not mean that it's bound to happen to you and therefore you should never cross the road.

Plus getting the supplier to confirm the details after is the solution.

user1842

murpho999 wrote: »

Never said it doesn't but it's very rare.

The chances of your email being intrecepted by criminals, altered and resent are very slim.

It's like thinking that you could get hit by a car when crossing the road. It happens everyday but does not mean that it's bound to happen to you and therefore you should never cross the road.

Plus getting the supplier to confirm the details after is the solution.

For emails it is not usually an interception but a email from a faked address that looks like a supplier invoice.

A phone call supposedly from the supplier saying to update the IBAN is also another way.

For paper invoices it is usually an interception/theft of the original physical invoice which is then altered.

I agree it happens in very few cases and can be easy stopped by confirming details.

Unfortunately some high profile cases make people worried:

https://www.rte.ie/news/2018/0509/961346-invoice-fraud-arrests/