Foreign exchange transfer funds

HiFX is telling me now that I have 13 days to pay £233.77 or they will take legal action! This was on a transfer of US$7000.000 that never took place. Anyone have any ideas ...quickly... of who to contact?

I guess the first thing that I would do is check any agreement that I made with them to be sure that this situation is not covered.  Have you signed anything or agreed to terms and conditions that might include these type of charges? 

HiFX is telling me now that I have 13 days to pay £233.77 or they will take legal action! This was on a transfer of US$7000.000 that never took place. Anyone have any ideas ...quickly... of who to contact?

13 days sounds arbitrary and legal action sounds like a hollow threat.  If they deliver a "letter before action " , that's when the threat becomes more credible.  They should have better things to do with their time than chase £200 unless they have an airtight claim.

I guess the first thing that I would do is check any agreement that I made with them to be sure that this situation is not covered.  Have you signed anything or agreed to terms and conditions that might include these type of charges?

Well, they've pointed me to their terms and conditions (http://www.hifx.co.uk/~/media/files/pcs_terms_and_conditions.ashx) which it is assumed that I accepted by initiating the transfer in the first place. I read this but didn't really understand it. If I had, I'd never have agreed as I find it a poor business practice with such a volatile currency market at the moment. I would doubt that if the exchange rate had gone the other way, that they'd be sending ME a check!

I really wanted to use them but when I tried a couple of years ago they wanted my username and password for US online banking. Sorry, I don't give that out to anyone! Did you have to give that to them? If not what did you have to give them for the US side?

Or are you sending them money via wire transfer with a sending fee from your bank.

They don't store your username and password rather they set up a secure link to validate your bank details the very first time. I don't do the wires I use ACH which is free.

Xe.com do it better imo, same as Vanguard, but it takes several days. After entering the bank routing number and account number they make 2 "micro" deposits and 2 identical withdrawals. You have to monitor your bank account then log back onto xe and enter the values of the deposits.

When I recently went to set up a bank account in my Fidelity account the online verification failed but they did have an alternate where I printed out a form, filled in the bank details and mailed it in. TransferWise may also have that option if you ask.

They don't store your username and password rather they set up a secure link to validate your bank details the very first time.

So if I changed the password to something new, went through the Transferwise setup procedure, then changed the password back to what it was, it would still work?

So if I changed the password to something new, went through the Transferwise setup procedure, then changed the password back to what it was, it would still work?

Absolutely, that would be an excellent plan. 

I'm sure you can see the need for a verification that the future bank debits are indeed correctly authorized, whether by a signed form, the once only micro debit verification or a one time validated login.  Your name, account number and bank routing number (sort code) is printed on every check you hand out so relatively easy for a someone to obtain, set up an account on TransferWise, enter your bank details and then begin moving money from your account.

I'm sure you can see the need for a verification that the future bank debits are indeed correctly authorized,

Yes, I understand the purpose, but I feared Transferwise would keep the online login details in it's database and who knows if they get hacked... or perhaps a disgruntled employee in some far-flung country uses customer's bank details, etc.

Online banking is one of those passwords that I don't write down anywhere. So currently only the bank has it, and that's how I want to keep it.

Yes, I understand the purpose, but I feared Transferwise would keep the online login details in it's database and who knows if they get hacked... or perhaps a disgruntled employee in some far-flung country uses customer's bank details, etc.

I've done a couple of Transferwise transfers from GBP to Euros in the last few months and so far I've been able to pay the money using my debit card rather than having to register my bank details with them.

I've done a couple of Transferwise transfers from GBP to Euros in the last few months and so far I've been able to pay the money using my debit card rather than having to register my bank details with them.

I think this is a US-accounts only thing with them.

Might be worth a call to your bank before you give out your online banking password.

If you give that out, you are no longer protected by your bank's anti fraud protection. 

Yes, I understand the purpose, but I feared Transferwise would keep the online login details in it's database and who knows if they get hacked... or perhaps a disgruntled employee in some far-flung country uses customer's bank details, etc.

Online banking is one of those passwords that I don't write down anywhere. So currently only the bank has it, and that's how I want to keep it.

Very wise I never keep financial account passwords written down either, and use different passwords for each account.

I fully understand your concerns and you'll see when prompted to enter the bank account details that the secure socket layer is established (https shown in the URL) so the characters are encrypted as you type and like all financial institutions even if TransferWise were to store what you type no one would be able to decipher what is stored.  Even your own bank cannot tell you what your password is, they don't know, which is why if you forget your password the best they can do is to create a new one.

I really do think that your idea of creating a new password then immediately changing it back, or simply taking the opportunity to changing your bank password after using it with TransferWise should satisfy all your concerns.

I use the USA TransferWise site and don't believe there is an option to use a debit or credit card.  I think it is ACH or Wire transfer.

Might be worth a call to your bank before you give out your online banking password.

If you give that out, you are no longer protected by your bank's anti fraud protection.

It is very common in the US to link accounts together (I don't do this) so that a person has a single view of one's assets. e.g. Fidelity and Vanguard allow one to enter account details from different banks and brokerages, plus the likes of Quicken and Mint.com where folks have everything pooled together.

I fully understand your concerns and you'll see when prompted to enter the bank account details that the secure socket layer is established (https shown in the URL) so the characters are encrypted as you type and like all financial institutions even if TransferWise were to store what you type no one would be able to decipher what is stored.  Even your own bank cannot tell you what your password is, they don't know, which is why if you forget your password the best they can do is to create a new one.

SSL (https) only encrypts the connection. The data is decrypted at the other end. At that point the server code will perform a one-way hash of the password, perhaps with a random salt, and store it. Because this is one-way it can't be reversed to get the password. That is why your bank says they don't know your password.

However, what hackers do is get the entire database with these hashes. Then they can take their sweet time performing one-way hashes on all kinds of passwords until they get a match. Then they know your password.

For example suppose your password is "dog" and after the one way hash it becomes 6215321FAD1. That is put into the database.

Now I hack in and get a hold of 6215321FAD1 along with your username.

I hash "cat" and get something different - no match.
I hash "pig" and get something different - no match.
I hash "dog" and I get a match. Ah ha! Now I know your password. Perhaps you have used this on other sites as well with the same username?

Actually it's worse than that. The same hash value can be obtained from different passwords. That's because there are less possible unique hash values than there are possible unique passwords. So perhaps I hash "mouse" and I get a match. Now I can use that as your password! This weakness depends on exactly how good the hash method is that is being used.

The hackers have fast computers, armed with dictionaries and common patterns, so they can check very quickly - millions of possibilities a second.

So that is how hackers can find your password. Always use something long and random without words in it.

However there is always the weak point - the moment when you password is received at the other end and before it is stored or compared with the database. I trust my bank and their server code. But do I trust some company that is relatively unknown to me? I decided not. 

Next time I need to make a transfer I will use my approach of temporarily changing the bank password so Transferwise only gets that one, then change it back. I would have preferred the "two small deposits" approach that XE and paypal use.

Next time I need to make a transfer I will use my approach of temporarily changing the bank password so Transferwise only gets that one, then change it back. I would have preferred the "two small deposits" approach that XE and paypal use.

There is no "next" involved. Once you have verified your bank details with TransferWise, xe.com or whoever, you never need to enter your password again, as ACH debits and credits don't require your password.  It is a one off verification which is why changing your password immediately after you see the success message appear on the screen is good practice. (The verification is done live and takes a matter of seconds as opposed to the micro debits and credits which take days)