
Ask HN: Could secure hash functions prevent UK bank transfer fraud? - campbellmorgan
I was reading https:&#x2F;&#x2F;www.theguardian.com&#x2F;money&#x2F;2017&#x2F;nov&#x2F;11&#x2F;couple-scammed-57000-homesless-bank-transfer-fraud over the weekend. This involves a 3rd party hacking or imitating the email of a small business and sending invoices for expected amounts with false bank details.<p>My initial thought was that, with minimal infrastructural investment, Companies House, the UK government site that stores publicly available data on UK registered companies could include an option in which companies could decide to display a secure hash of their sort code &#x2F; account number made with a common, salted, open-source hash function (ie BCrypt)<p>Before transferring large amounts of money individuals could either verify bank details via the Companies House website or online banking apps and websites could implement the hash comparison functions.<p>Would this be usefully functional or are there huge security implications that I am missing? (I&#x27;m not a cryptographer)<p>If the consensus is that this is simple and secure to implement (especially as the gov.uk sites are introducing high quality multi-factor authentication), it is something that I would like to suggest to my local MP.
======
isostatic
Why the hash? Why not just have the actual bank details? Given that companies
print these bank details on their bills in the first place they clearly aren't
supposed to be a private piece of information.

~~~
campbellmorgan
I was imagining that publishing bank details would expose them to a slightly
higher risk of Direct Debit fraud, but again i'm no expert...

