Santander security - ?

Legacy_user

Like so many others, I have recently been made aware of new 'terms and conditions' which include stringent security measures to be adhered to by customers. I am particularly aware of the potential problems of giving full account details in e-mails, because surely not completely secure. As a Santander account holder for some time and being a holder of a 123 account (operated online, for security) I at last gave in to the temptation of a 2 year fixed ISA, available only, apparently, to 123 account holders and duly applied, I assumed securely. I received a code/ application number.

The new account appeared on my (secure) online service almost immediately - excellent, efficient, thought I. I then received an e-mail acknowledgement of my application, quoting my application code, as I would expect. What I did not expect, however, was that said e-mail also stated 'your new sort code is xxxxxx (given in full); your new account number is xxxxxxxx (also given in full). Given that there is a perfectly good secure messaging service available, why on earth didn't they send the details (unnecessary, admittedly, because already visible online) using it?

Odd.:(

sabretoothtigger

Full details of an account are on the bottom of every cheque and so on. If the banks are so weak that simple details are a way to steal from it I see that as their liability not yours

thenudeone

The details are also on every debit card so not exactly top secret, but I agree that I'd prefer them not to be included in an email.

These details alone are enough to cause a few problems:
http://www.telegraph.co.uk/news/uknews/1574781/Jeremy-Clarkson-eats-his-words-over-ID-theft.html

System

Apologies, but my point was about my new ISA account number and sort code, not about a current account that has cheque book or card, where, yes, the numbers are undoubtedly more usually apparent. I rather gathered we, as customers, are instructed not to give any personal details, like account numbers, in e-mails, particularly if there is a secure messaging service which can be used for that purpose. If we are instructed to do so by our bank, I do not see why the bank does not use it.

rb10

uselessaver wrote: »

I rather gathered we, as customers, are instructed not to give any personal details, like account numbers, in e-mails, particularly if there is a secure messaging service which can be used for that purpose.

No, there's no problem with sending sort code and account details by email - I frequently do so to friends and family when they owe me money!

There's nothing anyone can do with that info apart from pay money in to your account.

Sceptic001

rb10 wrote: »

There's nothing anyone can do with that info apart from pay money in to your account.

That's what Jeremy Clarkson thought too...
Jeremy Clarkson eats his words over ID theft

psychic_teabag

But that was a current account. Is there any mischief anyone can do with details of a savings account. (I guess for an ISA they can pay in too much and get you in trouble with the tax man.)

rb10

Sceptic001 wrote: »

That's what Jeremy Clarkson thought too...
Jeremy Clarkson eats his words over ID theft

... but as it was a direct debit, it was 100% safe and protected and he was entitled to a full refund, no harm done.

talexuser

But presumably he would have to prove the DD was not taken out by him or his computer?

System

for your info, I received a telephone call and secure message of apology from Santander and a note that the matter is being forwarded to the relevant department for review. The speaker/writer stated they were 'very concerned about full account details having been disclosed within a non secure e-mail', which was my original point (whatever may have happened to Jeremy Clarkson:cool:).

rb10

talexuser wrote: »

But presumably he would have to prove the DD was not taken out by him or his computer?

No, he would not.