Deva Link said:
A lot of them are inside jobs.
Last year I had my current account hacked, about 2.5k spent on debit card.
Turned out that just before, the bank received a letter signed with a signature very like a ten year old one of mine on file with the bank advising of a new address, in some East London block of flats and changing the phone numbers on record.
Unbelievably, the bank complied without checking.
A day or two after another letter was received asking for a new debit card which was duly sent, followed by a new PIN.
My branch manager showed me scans on screen of both letters.
Then the spending started.
The bank refunded without any delay, we even waited until the final two fraudulent transactions hit the account, when they were immediately refunded.
Closed the account and set up new, never learned anything from the banks security team about what had happened but both my branch manager and I believe that a bank employee was involved.