Egg refuse to close off internet access to my closed accounts!

arthur_22

I have just closed a credit card account with Egg, and once that was all sorted I asked for internet access to the closed account to be removed so that no-one could log in to my account. This was for security reasons mainly as it seemed daft to have an account just sitting there when I was never going to use it again.

Egg have said that: "All login and account information will remain in place. There's no security issue as the same protections apply as when your account was active" which seems ridiculous - apart from anything else I will never change the password on this account again as I will never use it. How can that be safe?

They quoted the Data Protection Act and said that they need to store my info for six years, which is fine, but why on earth do they need to keep internet access to my (closed) credit card account available? Obviously a fraudster couldn't use the credit card but he could certainly get a nice look at all the personal details about me stored under this account.

I have asked again for them to close off internet access, and if they refuse again I'm going to complain...anyone else had this experience? How can they justify this as not being a security risk? How can they say this is a legal requirement when other banks I have been with are happy to remove internet access to an account if you ask for it?

10_66

arthur_22 wrote: »

...I asked for internet access to the closed account to be removed so that no-one could log in to my account. This was for security reasons mainly as it seemed daft to have an account just sitting there when I was never going to use it again.

You could go through the log in process and deliberately enter incorrect information repeatedly so that it locks the account log in, and then not re-set it.

lisyloo

so that no-one could log in to my account

Well if you don't give out your details adn password then they won't be able to log in.
If you don't want to use it anymore, why not set a fiedishly difficult password?

arthur_22

Trying to lock the account is a good idea, thanks for that. I'm afraid it's not quite as simple as just not giving out your password and then no-one being able to log into your account - if it was then we could all ditch the anti-virus and anti-malware and anti-spyware and anti-rootkit and all the rest of it stuff. I could set a difficult password but it still leaves a little door open that would be much safter it was just bricked up.

lisyloo

Yes, we could all live in Fort Knox as well, but we don't.
We stop being totally paranoid to a level where we can't live and take reasonable precautions and get insurance for the rest.
My house could be broken into, my car could be stolen etc. etc. but I'm not going to just brick myself in.

If you haven't been negligent then you won't be liable.
I have a funny feeling you could prove in triplicate that you've not been negligent :-)

arthur_22

Closing off access to an account I'll never use seems like common sense to me, but I guess you disagree.

To be honest you should be paranoid on the internet - I run sites for a living and have seen hacks happen firsthand. There are legions of people trying to fleece you, and I'd rather prevent it than fix it later. Leaving a door even a tiny a bit ajar is just daft when there's an easy alternative.

JamesU

lisyloo wrote: »

Yes, we could all live in Fort Knox as well, but we don't.
We stop being totally paranoid to a level where we can't live and take reasonable precautions and get insurance for the rest.
My house could be broken into, my car could be stolen etc. etc. but I'm not going to just brick myself in.

If you haven't been negligent then you won't be liable.
I have a funny feeling you could prove in triplicate that you've not been negligent :-)

Nothing paranoid about this. Data stored and accessed by Egg is also accessed by Citigroup in the US. Customers were informed of data sharing between the two in the T+Cs a few years ago. In the event of identity theft, sorting this out is one big headache with or without insurance. And at the time on the US side ID fraud was more prevalent than here in the UK. It is best to close down things completely.

Egg are a pain in closing down internet accounts with zero balances. In part this is probably because as an account holder with an active zero balance you are still registered with them and then not eligible for special offers available to new customers. And for sure, this will not be sorted out easily unless you do things more formally.

Arthur_22, phoning or e-mailing Egg is a waste of time and effort. Yes, you still end up with access to a zero account. Send them a formal letter, and below is one from a year or so ago, which will start you off. They are then obliged to act and will send a reply letter suggesting allowing up to 10 weeks for all access and removals to be completed. Once this is done you will be Eggless and Eggstatic.

"I arranged for this Egg account to be closed around a year ago (by phone and e-mail notification) but have since received a statement as enclosed. In the interests of security and minimising identity fraud, could you please ensure this old account is indeed closed and that no further correspondence or marketing material will be sent. Please confirm the above requests by letter."


Hope this helps.


JamesU

Mids_Costcutter

Arthur, I experienced something similar. I closed my credit card account but Egg kept sending promotional and other emails. I asked for these to be stopped but was told I had to log on to change preferences. Expecting not to be able to do so I was then informed that my logon details would be retained for 6 months after any accounts were closed.

LesU

I had a similar run-in with them many years ago. They refused to close my account with them and shut down the internet access. They are the only company in my experience that do this, all of the other companies I have dealt with shut down access immediately.
In this case it came in handy. I had effectively stopped the account and requested it shut down in 2002, but they refused to close it. I changed everything held in it to incorrect information, but I kept those details in my MS Money program as account history.
When Egg came along in 2008 with a good interest rate offer I wondered if my old account was still valid. It was.
I was able to get into my 'closed' account nearly 6 years after having requested it shut down. I set up a new savings account and was up and running in minutes.

lisyloo

Nothing paranoid about this. Data stored and accessed by Egg is also accessed by Citigroup in the US. Customers were informed of data sharing between the two in the T+Cs a few years ago. In the event of identity theft, sorting this out is one big headache with or without insurance. And at the time on the US side ID fraud was more prevalent than here in the UK. It is best to close down things completely.

So is this any worse that having an open EGG account?
If not then are you saying having an open EGG account is an unacceptable risk?

Having accounts is a risk (as is having a car, house, driving, getting on a plane, getting up in the morning etc,) but for most people it's an acceptable risk.

lvader

arthur_22 wrote: »

They quoted the Data Protection Act and said that they need to store my info for six years,

Actually the data protection act says that information should be kept for no longer than is necessary. It's the FSA that say's it must be kept for 6 years. Biut I agree they should close internet access.