VICTORIA BISCHOFF: How our phones are leaving us exposed to scammers

A few weeks ago I left my cell phone in a taxi. I was loaded with bags and had put them on the seat next to me for a while while I paid. By the time I realized the driver had disappeared around the corner.

Oh, the panic. Like so many people, I am lost without my phone. It contains all my family and friends numbers, my personal and work emails and, most disturbingly, my many banking apps.

Fortunately, thanks to Apple’s wonderful Find My iPhone app, I was able to get my cellphone back.

With this clever tool, you can track on a map where your phone has gone and have a sound play so that someone (in this case the taxi driver) can find it and call a phone number that lights up.

But the ordeal made it clear how dependent we have become on these gadgets. That’s why I fight to back up my phone so that even if it gets lost, my photos, files, and contact information are safe.

I also wrote my husband’s number on a piece of paper I keep in my bag so I can call him in case of an emergency.

When a story posted to Twitter last month, my alarm bells started ringing. Charlotte Morgan described how someone broke into her gym locker, stole her smartphone and bank card and spent £8,000 on spending.

When her current account ran out, the criminal even managed to transfer thousands of pounds of her savings to continue spending.

And worst of all, her bank, Santander, had refused to refund a penny. It claimed she must have been negligent and kept her pin with her debit card – which was nonsense, of course.

As the Mail reported last Thursday, it has since emerged that she is not the only victim. Police are hunting a prolific thief suspected of stealing thousands of pounds from women in gyms across London. It is claimed to have lost nearly £20,000 in an hour and a half.

But how exactly did this happen? We have always been told that scammers cannot access our mobile bank accounts. After all, the phone itself is secured with an access code.

And the apps are protected by facial recognition or fingerprint technology. Well, an investigation by BBC Radio 4’s You And Yours claims to have solved it.

To spend large sums of money with your card, fraudsters need your PIN – which is (somewhat unbelievably) available to view in your mobile banking app.

To access it, you usually have to enter a passcode or unlock it with your face or thumbprint. But if the crook has your card, they can download your mobile banking app on their phone.

The bank will want to verify that you are actually doing this, so they will send a text message with a one-time authorization code.

But if the criminal also has your phone, they can see it (even if it’s locked), access your account, change the passwords and, crucially, get their hands on your PIN – all in a matter of minutes.

Banks need to jump on this glaring security flaw quickly. Many people keep their mobile and bank card in the same place. Few would realize how vulnerable this makes them to fraud.

I also find it hard to believe that the banks – who regularly boast of their sophisticated fraud detection systems – haven’t frozen these victims’ cards sooner.

You can expect one unusual transaction to go unnoticed. Still, Charlotte says her card was used to make multiple purchases totaling thousands of pounds at an Apple store — where she’s never shopped in her life.

Finally, under pressure from the press, Santander agreed to repay her. But it again raises serious concerns about why some banks are still so quick to blame the victim and refuse refunds.

One lesson I’ve learned is to change your phone’s security settings so messages don’t flash when the device is locked.

That way, scammers won’t be able to see verification texts sent by your bank. And make sure your phone’s SIM card is password protected.

In the meantime, we may need to rethink how much personal data we store on phones. As this story shows, our cell phones have disturbingly exposed us to scammers.

v.bischoff@dailymail.co.uk