Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • rpbster
    • By rpbster 18th May 17, 8:42 PM
    • 2Posts
    • 0Thanks
    rpbster
    Financial Institution breach of DPA
    • #1
    • 18th May 17, 8:42 PM
    Financial Institution breach of DPA 18th May 17 at 8:42 PM
    Hi guys, I was just wondering what you think of my complaint at the moment. I found out my account had been compromised, no financial loss (yet) but my address had been changed by an advisor through telephone banking after an impersonator phoned up with my details. There is questions over where my details had come from, due to them knowing certain security details, I believe it was from inside the financial institution. However, they are arguing that is not the case, even though everything is pointing to it.

    Some facts:
    - I phoned up the day before all details got changed, explained that I was travelling and would not be back for a year. Passed security etc and got that note on my account.
    - Next day, impersonator phoned up, could not give credit card number, just my details, they failed the telephone banking password but got asked 2 more generic questions (which the financial institution argues were guesses, they were not as the answers were against the norm).
    - My address and telephone number were changed.
    - They phoned back 10 minutes later and requested a new card/pin etc to the new address.
    - This is when the account got blocked (so they state).
    - I am abroad at the moment.
    - My card was blocked, unable to use my card while travelling and was told that I needed to go into my local branch 8000 miles away to unlock my account.
    - After 3 days of constantly phoning up, I finally get through to someone that helped me, explained what had happened etc and put everything back to how it should be.
    - They have admitted it was a breach of data protection.
    - They have admitted that there needs to be a review of procedures as it happened too easily without any security.
    - The only layer of security for telephone banking that was there, was bypassed too easily by the call handler, and has then put me in a bad position.
    - It will / could have affected my credit rating. It has affected my travelling, I have been unable to purchase a flight to attend my dads funeral.
    - I have emphasised that the matter be taken further and investigating the telephone call I made the day before etc, if needs be I will file a police report etc.
    - I have been offered £250 compensation, I personally believe this is not enough.

    Where should I go from here? I have escalated it to final response, it was the idea of the complaint handler as I said that I am unsure what the precedence for such a breach of DPA.

    Thanks guys
Page 1
    • bigadaj
    • By bigadaj 19th May 17, 5:41 AM
    • 9,923 Posts
    • 6,334 Thanks
    bigadaj
    • #2
    • 19th May 17, 5:41 AM
    • #2
    • 19th May 17, 5:41 AM
    Well most obvious question is what do you want?

    Without you having incurred any financial loss then realistically any compensation is limited to inconvenience and upset, so you are looking at a few hundred pounds I would a have said.

    Have you calculated the actual cost if sorting this out in terms of travel, phone calls etc as this would at least be an element that has left you out of pocket.
    • PeacefulWaters
    • By PeacefulWaters 19th May 17, 7:02 AM
    • 6,843 Posts
    • 8,431 Thanks
    PeacefulWaters
    • #3
    • 19th May 17, 7:02 AM
    • #3
    • 19th May 17, 7:02 AM
    - I have been offered £250 compensation
    Seems reasonable. Maybe a modest top up for any call costs and time?

    They've put things right and offered sizeable compensation.

    They're not going to tell you the outcome of any internal investigation. They would be the victims of any fraud, not you, so there's no point you going to the police.

    So other than somebody's head on a spike what are trying to achieve?
    • rpbster
    • By rpbster 19th May 17, 5:07 PM
    • 2 Posts
    • 0 Thanks
    rpbster
    • #4
    • 19th May 17, 5:07 PM
    • #4
    • 19th May 17, 5:07 PM
    Purely the security questions that they "guessed" could not have been guessed due to them being obscure. They only way you would have known them if you were me or had access to my account, bank side. For example the most common answer would be like 99% of people accounts, mine is the 1% answer. Therefore if it was a guess, the person would have guessed the same as the 99%. Not only that but my argument is also, if the additional security can easily be guessed then it is not adequate and it is the financial institutions fault for allowing a bypass of a critical security measure for someone to guess.

    It all seems like too much of a coincidence, especially with what was discussed the day before on the phone call I made to the bank. It adds up considerably overwhelming that it must have been an inside job. Not that I like to point fingers, I have look at it from multiple different angles and it all points to one way.

    Not only the fact of the inconvenience and stress it has put me under. Also that if my details have been compromised by a data leak from an advisor inside the call centre then all my other financial institutions are at risk, my credit file etc.

    You say that it is the financial institution that would be the victim, I agree in the end they would be not me. However due to the data that has been leaked it opens up so much more to happen to me, with my other financial institutions that I have accounts with etc.

    I want to get to the bottom of this. I want to find out where the data came from, as I am 100% sure it is not someone who has my basic details and guessed security. It is my data that has been compromised.
    • GarthThomas
    • By GarthThomas 19th May 17, 7:04 PM
    • 147 Posts
    • 230 Thanks
    GarthThomas
    • #5
    • 19th May 17, 7:04 PM
    • #5
    • 19th May 17, 7:04 PM
    You won't find out where it came from, you've suffered no financial loss, and they have offered generous compensation. You can ask for a bit more, but then just accept it, and move on.
    • PeacefulWaters
    • By PeacefulWaters 19th May 17, 8:47 PM
    • 6,843 Posts
    • 8,431 Thanks
    PeacefulWaters
    • #6
    • 19th May 17, 8:47 PM
    • #6
    • 19th May 17, 8:47 PM
    I want to get to the bottom of this
    It isn't going to happen.
    • bigadaj
    • By bigadaj 20th May 17, 7:34 AM
    • 9,923 Posts
    • 6,334 Thanks
    bigadaj
    • #7
    • 20th May 17, 7:34 AM
    • #7
    • 20th May 17, 7:34 AM
    Purely the security questions that they "guessed" could not have been guessed due to them being obscure. They only way you would have known them if you were me or had access to my account, bank side. For example the most common answer would be like 99% of people accounts, mine is the 1% answer. Therefore if it was a guess, the person would have guessed the same as the 99%. Not only that but my argument is also, if the additional security can easily be guessed then it is not adequate and it is the financial institutions fault for allowing a bypass of a critical security measure for someone to guess.

    It all seems like too much of a coincidence, especially with what was discussed the day before on the phone call I made to the bank. It adds up considerably overwhelming that it must have been an inside job. Not that I like to point fingers, I have look at it from multiple different angles and it all points to one way.

    Not only the fact of the inconvenience and stress it has put me under. Also that if my details have been compromised by a data leak from an advisor inside the call centre then all my other financial institutions are at risk, my credit file etc.

    You say that it is the financial institution that would be the victim, I agree in the end they would be not me. However due to the data that has been leaked it opens up so much more to happen to me, with my other financial institutions that I have accounts with etc.

    I want to get to the bottom of this. I want to find out where the data came from, as I am 100% sure it is not someone who has my basic details and guessed security. It is my data that has been compromised.
    Originally posted by rpbster
    The other possibility is that the breach is closer to home of course, or indeed is totally unrelated and isn't a breach. Are you sure it isn't friends, relatives or acquaintances that might be a possible source?
    • mt99
    • By mt99 20th May 17, 11:38 AM
    • 345 Posts
    • 154 Thanks
    mt99
    • #8
    • 20th May 17, 11:38 AM
    • #8
    • 20th May 17, 11:38 AM
    I know it was a long shot but when you called the day before I assume you gave your security details is there any chance you could have been over heard or even the line tapped or anything like that
    • GingerFurball
    • By GingerFurball 20th May 17, 4:54 PM
    • 937 Posts
    • 885 Thanks
    GingerFurball
    • #9
    • 20th May 17, 4:54 PM
    • #9
    • 20th May 17, 4:54 PM
    £250 is awfully generous considering no error has occured.

    Whoever fraudulently changed your address has obviously satisfied your bank's security processes to the extent they were satisfied that they were taking a request from the genuine account holder.

    It makes no sense for this breach to be internal as the staff member involved would get caught and dismissed as there would be an evidence trail linking them to your account being compromised.

    As for getting to the bottom of it - how certain are you that you're not the point of compromise?
    DEBT FREE!

    Debt free by Xmas 2014: £3555.67/£4805.67 (73.99%)
    Debt free by Xmas 2015: £1250/£1250 (100.00%)
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

386Posts Today

4,481Users online

Martin's Twitter
  • Shana tova umetuka - a sweet Jewish New Year to all celebrating. I won't be online the rest of t'week, as I take the time to be with family

  • Dear Steve. Please note doing a poll to ask people's opinion does not in itself imply an opinion! https://t.co/UGvWlMURxy

  • Luciana is on the advisory board of @mmhpi (we have MPs from most parties) https://t.co/n99NAxGAAQ

  • Follow Martin