Open letter to Santander: please use contracts that aren't impossible to comply with

jamesd

JuicyJesus wrote: »

I don't often agree with you, but I'm with you on this one.

We're both reasonable people, just approach things from different sides or angles, so the best we can achieve sometimes is understanding how and why we disagree. Nothing wrong with that.

JuicyJesus wrote: »

In my view, and in the views of most if not all banks, I would define negligence as disclosing the PIN to a third party and/or allowing the card to be used or kept by someone besides the customer.

That's also the obvious expectation of Santander's front line security staff. They know what the high risk things are.

Santander does have a problem of sorts here because crooks do sometimes obtain this personal information and use it as part of fraud attempts. So asking customers to notify Santander if they believe that has happened does make sense. That's just good risk reduction practice. Making customers liable in that case wouldn't be risk reduction - it gives customers a disincentive to notify.

I may now be the only person in the country who has read and complied with the terms and conditions in this area. Though perhaps not fully complied.

Which should be telling Santander that their process is badly flawed, because every customer is required to notify.

jamesd

callum9999 wrote: »

If you genuinely believe that they ever have, currently do, or ever will have the intention that your address or DOB must be unique to them, and that you're never allowed to write them down etc.

I think that it would be unreasonable to do so. But it's good risk reduction practice for me to get them to confirm it. My risk reduction, not theirs. Otherwise it'll only come up when they are trying to make me liable for a fraud loss. Easier to get them to agree when it's not going to immediately lose them money.

callum9999 wrote: »

I just think this whole rant is pathetic. It doesn't affect you in the slightest, you've just gone digging in t&cs and are trying to be put out by it...

I've just reduced my fraud loss risk by notifying them. Now Santander is liable if those details are misused by a fraudster, not me.

We all have an interest in having banks use contracts that we have a chance of following. That's what contracts are supposed to be, an undertaking about how the parties will conduct themselves. There's even a law about it, relating to unfair terms in consumer contracts, which are supposed to be banned.

Maybe you don't mind that but I do.

callum9999

jamesd wrote: »

I think that it would be unreasonable to do so. But it's good risk reduction practice for me to get them to confirm it. My risk reduction, not theirs. Otherwise it'll only come up when they are trying to make me liable for a fraud loss. Easier to get them to agree when it's not going to immediately lose them money.

I've just reduced my fraud loss risk by notifying them. Now Santander is liable if those details are misused by a fraudster, not me.

We all have an interest in having banks use contracts that we have a chance of following. That's what contracts are supposed to be, an undertaking about how the parties will conduct themselves. There's even a law about it, relating to unfair terms in consumer contracts, which are supposed to be banned.

Maybe you don't mind that but I do.

What will come up? That Santander aren't the only people in the world who know your DOB or address? I hardly think so... If you want to pretend you're "reducing your fraud risk" then by all means inform them, but it's pointless complaining about such a non-issue on here.

Though back to my first point, worst case scenario it's just a badly worded part of the T&Cs. Santander DO NOT, WILL NEVER and I'd suspect legally CANNOT require you to keep your address and DOB secret from everyone else. It's not an "unfair" term because it's utterly meaningless and will never be used.

Not to mention it specifically states REASONABLE steps, yet you are acting like they are demanding all information about yourself is kept secret between you and them. Find a clause that specifically states this and I'll believe you.

jamesd

You're missing a significant part of the point by focusing only on the new uniqueness requirement and the things it can't apply to.

"13.1 You are responsible for transactions from your account and any fees or interest incurred as a result of those transactions if: ... c) you deliberately, or with gross negligence, disclosed your PIN or Personal Security Details to someone else;"

Things like name and address are included within their definition of Personal Security Details. I have deliberately disclosed those things to someone else. It's almost certain that every other customer has also done so.

Later in section 13 there is "In each case, we have to show that you acted fraudulently, deliberately or with gross negligence or that you failed to notify us as required."

Now, I'm deliberately disclosing some personal information, so part of that test is passed, but I have also notified them and under section 12.3: "You are not responsible for any unauthorised use of your card, passbook, PIN, or any of your Personal Security Details in any of the following cases: ... b) after you have notified us of its loss, theft or unauthorised use in accordance with Condition 12.1;"

If you wonder where they tell me in the contract that I have to notify them, it's "12.1 You must notify us as soon as possible using the contact details at the end of these Terms and Conditions and in your User Guide if you think that your card, passbook or chequebook has been lost, stolen or that your card, passbook or Personal Security Details have been misused or that your PIN, Personal Security Details or selected personal information has become known to another person."

Which I have now done.

None of this is part of the uniqueness stuff in the new terms that you're concentrating on.

I could wait until there's been some fraud on the account and then deal with it that way but that has two disadvantages:
1. it'd be knowingly breaching the contract by failing to notify.
2. it's easier to transfer the risk to them now than when it'll cost them some money.

You seem to misunderstand the unfair terms legislation. A term that cannot be used is one indication that it's an unfair term, because it can mislead or confuse those consumers who don't know their rights into not asserting those rights.

callum9999 wrote: »

they are demanding all information about yourself is kept secret between you and them. Find a clause that specifically states this and I'll believe you.

"9.7 ... you must: ... f) not disclose your PIN or Personal Security Details to anyone else". "‘Personal Security Details’ means any personal details or security process that we ask you to use to confirm your identity or authorise a Payment Instruction to us. These may include a password, selected personal information or other security numbers or codes that we give you or that you choose."

The items I listed earlier are items that they have asked me to provide to confirm my identity. This isn't the "all information about yourself" that you asked about, just the bits they know about and could use.

If I was following the contract terms I shouldn't have answered those questions because "9.7 ... f) not disclose your PIN or Personal Security Details to anyone else, not even a member of Santander staff;" and that also prohibits me from telling Santander employees my name, address, account number and such.

But I chose to ignore that term, because it's completely impossible for me to comply with it while passing through their phone security authentication, in which employees ask me some questions about the account that I am expected to know the answers to. I can't even notify them about a security breach without breaking that particular term.

Of course, what the contract should really have done is bar me from telling Santander employees my PIN or password but the left hand of those writing the contract clearly didn't know what the right hand was doing and didn't constrain it in the way it should have been constrained.

The contract needs to be modified to one that customers can comply with.

mgdavid

callum9999 wrote: »

........ it's just a badly worded part of the T&Cs. ........

bingo, the penny has dropped.
And the point is, an institution such as Santander should get it right and word it correctly.

Cass85

As someone who has had experience of working in banks, T&Cs aside I think it is important for folk (myself included) to ensure we are protecting our accounts and details as best as possible. Especially in light of these new T&Cs which all banks and not just Santander are going to introduce. For most of us, its probably just going to ensure taking more care at atms/ not giving out PINs etc..

Its frightening how many people are somewhat lax (in a "it cant happen to me" way) or uneducated about fraud/ identity and details theft. You have customers who keep their PIN with their cards. You have customers who use one PIN across their cards so muggers and fraudsters can easily clear out accounts in record time with a simple attempt. This is only the tip of the iceberg. You have folk who cannot confirm basic info about their accounts to pass telephone security at banks. You have folk who ask 3rd parties for the answer to security questions about their own account (not POA/ trustees) and you have folk who actually try to put other people on the phone to do security for them. With this in mind, its about time people started to be more careful. For their own safety and not just so they dont fall foul of these new T&Cs.

ChiefGrasscutter

and like my late father once saw....
standing in a cashpoint queue with a group of some "youngsters" in front at the machine, it became clear to him that they all knew each other's PIN number.

jamesd

Nobody has mentioned noticing it yet so I'll just point out another bit of silliness:

"K) take reasonable steps to keep your PIN or Personal Security Details unique to the accounts that you hold with us"

Which means that you can have five different Santander cards all with the same PIN and still comply with the term without having to take any other reasonable steps, because the PIN is unique to the accounts held with Santander.

Had they instead written "each card" it would have had a different meaning. If they wrote "each of the accounts", that wouldn't have changed the effect if a single account has more than one card issued for it.