KENT RELIANCE personal data harvesting: am I married to the M*f*a???

codger

Before my wife of nearly 50 years is extradited to the USA on a RICO arrest warrant, I wonder if others here have faced or are facing similar inconvenience? The facts are:

Mrs C and I were interested in opening a Kent Reliance instant access savings account and so I filled in its lengthy online application form and answered a lot of questions which delved deep into our personal data.

Nothing unusual about that; MSErs will long have grown used to exhaustive interrogation by financial enterprises worried about sophisticated money laundering rackets designed to accrue an eye-watering twelve quid a year on every £1,000 in an instant access savings account. This, as any fule know, is how Big Time Crime operates.

Kent Reliance asked me to give my forename, middle name, surname, date of birth, country of birth, country of residence, home address, home telephone number, mobile number, email address, employment status, National Insurance number, name of bank account, number of bank account, sort code. I was also asked to think up a password to use with the online Kent Reliance account.

Kent Reliance also required the same information about Mrs C. So that's now two National Insurance numbers floating through the ether as well as a repeat of the information of her name and mine on our joint bank account and re-confirmation of the fact that we have lived at our current address for more than 10 years and, perhaps amazingly, we have the same home landline number.

Twenty-odd minutes after embarking on this, Kent Reliance reported that the application could not be processed. It sent me an email explaining why, viz: Mrs C must provide proof that she is who I say she is. And proof that she lives where I say she lives.

This proof must be in the form of original documents submitted by post, though copies of originals will be accepted -- by post -- but only if signed by someone recognised by Kent Reliance as an embodiment of morality / a pillar of the community, for example, a banker.

Where my application is concerned however, Kent Reliance seeks no further information. It's happy that I am who say I am and that I'm living where I say I live.

The problem, then, is Mrs Codger. Although every question asked about her has been answered in similar fashion to every question asked about me -- same address, same bank account, same proposed Kent Reliance password, same home telephone number, same country of birth, same country of residence, same employment status, etc etc -- Kent Reliance appears to suspect that I'm married to someone on the FBI's Most Wanted. Or, or. . .

Or is this actually something else: the deliberate use of an application process involving the collection of highly personal data not to determine the quality of an application but to manage the quantity of applications?

In other words: to manage demand for a financial product in such a way that this management isn't seen to be obvious?

Though I'm irritated at having had to waste my time with this bunch -- I can understand why applicants who've been resident at a given address for only a comparatively short time may well need to provide further proof, but those with more than 10 years residency: oh, really? -- of rather more concern is my unease over the harvesting of a wealth of highly personal data (and especially, National Insurance information) by a financial outfit which may be subverting the purpose of an application process in order to manage demand by stealth.

That unease exists because if Kent Reliance had no grounds to query the first co-applicant -- me -- then Kent Reliance must equally have had no grounds to query the provenance of the second co-applicant: my wife.

Has anyone else on MSE experienced this kind of thing? Is anyone else on MSE an innocent partner / spouse who until dealing with a 1.4% interest per annum savings provider was unaware that their Other Half was a Master Criminal instead of an ethical document-certifier like a, a. . . banker?

Thoughts appreciated.

PS: Kent Reliance assures me it will destroy the highly detailed, highly personal data it has obtained from me in due course. It takes security very seriously. Ah. Right. This is the same takes-security-very-seriously Kent Reliance which also informed me, when I was creating the 'secure password' for use with the prospective online account, that special characters must NOT be used. Go figure.

dunstonh

I can understand why applicants who've been resident at a given address for only a comparatively short time may well need to provide further proof, but those with more than 10 years residency: oh, really? --

Failure of the electronic ID checking system is more likely if you have not lived there long as you havent had a chance to build up data at that new address. However, it is quite common for the spouse to get a failure, even if lived at for a long time, where there is little data held to give it a pass mark. For example, if all the bills are in the name of the first named person, not on electoral roll, no personal credit etc.

of rather more concern is my unease over the harvesting of a wealth of highly personal data (and especially, National Insurance information) by a financial outfit which may be subverting the purpose of an application process in order to manage demand by stealth.

The questions seem to be the standard fare of mostly money laundering check requirements and a bit of the new FATCA requirements. There isnt much there of marketing use.

codger

Thanks, Dunston. Appreciated. However, just to clarify:

I don't see any of this as data harvesting for marketing purposes. No company needs an individual's National Insurance number merely to spam their inbox. What I am uneasy about is the sheer quantity of information sought in a process which then halts for no good reason: as I pointed out, the answers I provided in regard to myself have been deemed entirely acceptable; the same / similar answers provided in regard to Mrs C, not.

Obviously, time of residence isn't a problem. More than 10 years occupancy at a given address is more than good enough. Equally, credit record (though that obviously isn't mentioned) is fine: Mrs C has held her own cc since Barclaycard first launched. Time with bank / duration of joint named bank account is no problem, either: 40-odd years takes care of that. National Insurance identifiers? No problem there, either.

As for bill payments, Kent Reliance has no more idea now of the name of the regular payee than it did before I submitted the application form. It hadn't time to check. Electoral roll? Kent Reliance hasn't had time to check that, either.

So either this is a financial institution utterly hopeless in constructing questions to yield data of positive value to it, or it's seeking to manage product demand by stealth (though God knows why), or it's knowingly wasting applicants' time from the get-go because Kent Reliance is not, nor can it ever be, in a position to proceed there and then with the online opening of a savings account that is to be jointly held.

Why on earth it can't simply come out and say, we cannot accept online applications for joint accounts, I've no idea. Does it think that such transparency would be harmful to its commercial prospects? (A rhetorical question, not directed to you.)

I wonder if the ICO has a kind of standard template which financial houses must adhere to when it comes to product applications?

As things stand -- and if Kent Reliance is anything to go by -- then it would seem that the most sensitive personal and financial details of UK consumers are being bandied about over the Internet in regard to savings applications which are then delayed / obstructed because those applications were never suited online treatment in the first place.

In the interests of personal security -- as well as the sensible use of one's own precious time -- such a state of affairs doesn't strike me as in any way desirable.

Eco_Miser

codger wrote: »

As for bill payments, Kent Reliance has no more idea now of the name of the regular payee than it did before I submitted the application form. It hadn't time to check. Electoral roll? Kent Reliance hasn't had time to check that, either. (

Yes it has, the check is virtually instant. I've had my identity checked while sitting the other side of the desk from the person checking. From her pressing enter to saying "Yes, that's fine" was less time than to write this post.

dunstonh

What I am uneasy about is the sheer quantity of information sought in a process which then halts for no good reason: as I pointed out, the answers I provided in regard to myself have been deemed entirely acceptable; the same / similar answers provided in regard to Mrs C, not.

There are no rules on how money laundering checks, sanctions search checks, PEP checks should be recorded and carried out. There are guidelines Firms have to interpret the guidelines and implement checks as they see fit. Most use a risk based analysis.

Small firms can use discretion and be more flexible on what info is recorded. Larger firms have far more staff and have to cater for the lowest common denominator in the staff and have a standardised process across all staff (the FCA has been really pushing this). This usually gets applied to customers as well. So, someone putting in £1000 would have the same questions asked as someone putting in £1mill.

Obviously, time of residence isn't a problem. More than 10 years occupancy at a given address is more than good enough. Equally, credit record (though that obviously isn't mentioned) is fine: Mrs C has held her own cc since Barclaycard first launched. Time with bank / duration of joint named bank account is no problem, either: 40-odd years takes care of that. National Insurance identifiers? No problem there, either.

Yet it failed the electronic check. The electronic check systems have a fail/pass with the scoring levels set by the firm. There is no "maybe" or "almost passed" option. You are either one side or the other.

So, either there is conflicting date on your wife's file. Something I have come across a few times when using electronic ID checks.

Electoral roll? Kent Reliance hasn't had time to check that, either.

it is checked as part of the electronic check. Takes seconds.

As for bill payments, Kent Reliance has no more idea now of the name of the regular payee than it did before I submitted the application form.

You would be surprised what data is held on the systems and can be checked against.

Why on earth it can't simply come out and say, we cannot accept online applications for joint accounts, I've no idea. Does it think that such transparency would be harmful to its commercial prospects? (A rhetorical question, not directed to you.)

I know it was rhetorical but I would say that approx 90% of those applications will pass the electronic check with no problem. Those that fail have to revert to the old fashioned way.

I wonder if the ICO has a kind of standard template which financial houses must adhere to when it comes to product applications?

No. They do expect firms to retain the data in a way that is secure though.

bowlhead99

codger wrote: »

So either this is a financial institution utterly hopeless in constructing questions to yield data of positive value to it, or it's seeking to manage product demand by stealth (though God knows why), or it's knowingly wasting applicants' time from the get-go

Yes, it might be one of those three options, though they all seem pretty unlikely to me.

Perhaps there is some secret fourth option: the customer is choosing to get unnecessarily irate about the fact that he had to provide personal identity information to a financial institution from whom he and his wife wanted to receive banking services; he derives some stress relief by raging about it on the internet to anybody who'll listen, by writing two posts which take longer to write and submit than the time he had been required to spend typing a few pieces of data into a secure online form.

because Kent Reliance is not, nor can it ever be, in a position to proceed there and then with the online opening of a savings account that is to be jointly held.

You filled out an account application form online. One applicant was accepted based on the instant online checks which they can do. The other was not: either due to a lack of information coming back from the online credit agency search, or a potential false match with someone on a list, or a certain percentage they randomly pull out to audit, whatever reason. Such is life.

You simply need to provide the identity documentation as requested to get the application over the line. You have not "wasted your time" because you have provided them with most of the info for yourself and your wife (most of which you say they are not disputing), and they are not asking you to start the application from scratch with a paper form - you don't have to throw the application away, you simply give them the bits they request, and the process is done. Presumably the terms and conditions which you read before you decided you wanted the account, does refer to the fact that certain checks will be carried out.

I wonder if the ICO has a kind of standard template which financial houses must adhere to when it comes to product applications?

Short answer, no. Anti- money laundering regulations and tax law does not provide an explicit form for a firm to adhere to. The government recognises that financial institutions might require different information for different services and will have their own methods and models for the customer on-boarding process for different service types using a risk based approach.

Every business has built its own systems and policies and procedures at great expense. Be grateful they are NOT all forced to spend huge sums of money matching an explicit and constantly evolving government-run template which caters for every possible type of data regardless of application type and works for the "lowest common denominator" in the banking industry by requiring original paper documentation for everyone rather than allowing instant online checks because some institutions don't want to subscribe to such services. You are better off with it as it is.

As things stand -- and if Kent Reliance is anything to go by -- then it would seem that the most sensitive personal and financial details of UK consumers are being bandied about over the Internet

So that's now two National Insurance numbers floating through the ether

These sorts of comments illustrate that you either don't understand the process or understand it but just want to have a rant.

You are keying information into your web browser over a secure 128bit+ encrypted connection between your computer and the bank's server. The bank need your personal details and your tax residency and tax ID because the law requires them to obtain it in order to be able to open an account. You are in possession of the information and want to give it to them to help them meet that legal requirement and obtain banking services.

It seems quite sensible that you key it into your screen and it is encrypted and transmitted to directly appear in their secure database. You can characterise this as things being "bandied about" or "floating through the ether" but please don't expect us to take that seriously and treat it as anything other than the ramblings of a befuddled old "codger".

If I've misunderstood, and the online application form for this particular bank is done via a web page which does not have a security certificate (little padlock icon in the browser), please correct me and do stop dealing with the bank, in favour of a better one.

In the interests of personal security -- as well as the sensible use of one's own precious time -- such a state of affairs doesn't strike me as in any way desirable.

The process doesn't seem very insecure. You mentioned email communication but presumably your confidential application data was entered directly onscreen into their servers via secure web form, and not by unencrypted email. Foliow-up documentation will be handled through post in the same way that it has been with other banks for years (and presumably a utility bill which you might send them for your wife was itself received by her through the second class postal system).

In terms of your precious time, what was the amount of time spent keying the info onscreen so far, versus the time spent taking about it here?


If seems an inefficient process and one in which you don't want to participate further, feel free to stick with your existing bank and their interest rates. KR's staff may of course decide that the "suspicious activity" of cancelling your wife's application when challenged for proof of identity is something that they should report, either internally or externally, depending on the operating procedures they choose to implement to protect their business and the financial services industry generally.

atush

I've just had to go thru this with HSBC, despite being a customer for over a decade.

Because when i opened my accts, they copied my documents/ID. Now they say copies are not enough for Fatca. But scanned is. Really?

So i went in and supplied everything, now it wasnt enough to give my DL, they wanted the pink bit (which is no longer required for new DLs). Really?

Then I supplied that. Cuz I still had it. Now they say they LOST the scanned copy of my DL that THEY made while I waited. Really?

Geez.

WorriedFTB_2

I've just had a mortgage approved bu Kent I thought they were quite average in terms of identification .

I am Brazilian/British so I am quite used to the requirements didn't bother me at all .

They simply asked copies of my passports and marriage certificate translated and legalised .

xylophone

I have been with Kent Reliance for a number of years and found them very efficient.

colsten

xylophone wrote: »

I have been with Kent Reliance for a number of years and found them very efficient.

Same here. Only niggle I have with them is that some accounts are Branch only. It's a bit of a hike to the nearest Branch for me, so I have to plan ahead more than I'd normally would want to for an account.

Plus

I had some trouble opening with Ulster Bank a simple current account, no overdraft. Not only did they want ID, they also wanted a photo of my ID (via an online ID submission website thingy where they can take a picture with your webcam),copies of my recent bank statements and three months payslips. I've opened more current accounts than I can count and nobody has asked for more info than some ID and a proof of address. I walked.