Bank sends new card to old address

michael32253

SiliconChip said:

michael32253 said:

...but no mention of compensation for sending a card with personal details to a random person.

It wasn't sent to a random person, it was sent to you. The actual recipient should have sent it back.

To offer possible answers to a couple of other points raised:

@sherambler debit cards can have much longer expiry dates these days than historically, my Santander 123 card is valid until November 2026.

@kazwookie and @Ayr_Rage the OP does say that the account address was updated but the address for the debit card was not, I'm not sure how that could happen because the card is directly linked to the account so shouldn't need it's own address, but as the OP hasn't told us what bank it is there's no way for anyone else to say if they know how that banks works.

Yeah the account address has always been kept up to date. However, the debit account itself seemed to have (at least in their database) another address that wasn't in sync with the main account. No way for me to know unless I can find these allusive PDF statements that only exist on the website version. I use the app so everything directs me there regarding correspondence. 

michael32253

macman said:

You can certainly claim all your quantifiable losses. Which, unless there is something you haven't told us, are precisely zero.

Quantifiable losses right now are zero yes. That is if the recipient was a stand up individual. However, if someone has your name, bank and account number. All they need is a few more details (e.g. security questions) to gain access to an account via customer support. Luckily I'm not on social media, but it's not hard to find out the rest on a public profile. 

DullGreyGuy

michael32253 said:

macman said:

You can certainly claim all your quantifiable losses. Which, unless there is something you haven't told us, are precisely zero.

Quantifiable losses right now are zero yes. That is if the recipient was a stand up individual. However, if someone has your name, bank and account number. All they need is a few more details (e.g. security questions) to gain access to an account via customer support. Luckily I'm not on social media, but it's not hard to find out the rest on a public profile. 

Every cheque you ever wrote had all that information on it too.

Damages are based on what has happened not what could have happened. 

Aylesbury_Duck

michael32253 said:

macman said:

You can certainly claim all your quantifiable losses. Which, unless there is something you haven't told us, are precisely zero.

Quantifiable losses right now are zero yes. That is if the recipient was a stand up individual. However, if someone has your name, bank and account number. All they need is a few more details (e.g. security questions) to gain access to an account via customer support. Luckily I'm not on social media, but it's not hard to find out the rest on a public profile. 

Which is why security questions and multi-factor ID exist and should be used sensibly.  I agree entirely about social media, it's mad that people post all sorts of personal information in the public domain.

The fact remains that until you suffer a loss arising from this, you don't have an automatic right to compensation.  Compensation is meant to put you back in the same position as you were before you suffered the loss.  You're there already.

powerful_Rogue

michael32253 said:

macman said:

You can certainly claim all your quantifiable losses. Which, unless there is something you haven't told us, are precisely zero.

Quantifiable losses right now are zero yes. That is if the recipient was a stand up individual. However, if someone has your name, bank and account number. All they need is a few more details (e.g. security questions) to gain access to an account via customer support. Luckily I'm not on social media, but it's not hard to find out the rest on a public profile. 

And if my grandmother had wheels she would have been a bike.

Stand up individual? I think the majority would have 'Returned to sender' or thrown in the bin.  It's only the very small minority that would have used the card for nefarious reasons. Even then it's very unlikely, as you'd have to be pretty stupid as it would be very easy to trace where the card was sent.

born_again

DullGreyGuy said:

michael32253 said:
This feels like a data protection breach.

Does anyone know if there is anything under consumer rights around compensation for banks making mistakes like this?

Its about data privacy not consumer rights.

There is a reasonable prospect that it would be seen as a data breach and as such you would be able to claim damages equal to the amount of money you've lost as a consequence of the breach. If thats £0 then thats how much you can claim though a bank is likely to give you £25 or such as basic compensation for a complaint assuming they accept they were at fault.

So as Op is stating then. Any post that goes to the wrong address is a data protection breach.

Sadly many banks systems do not talk to each other. Mortgage may also not be provided by the bank.

Such as Co-op bank. Their mortgages are provided by Platform, who are part of the Co-op, but not using the same systems.

eskbanker

born_again said:

DullGreyGuy said:

michael32253 said:
This feels like a data protection breach.

Does anyone know if there is anything under consumer rights around compensation for banks making mistakes like this?

Its about data privacy not consumer rights.

There is a reasonable prospect that it would be seen as a data breach and as such you would be able to claim damages equal to the amount of money you've lost as a consequence of the breach. If thats £0 then thats how much you can claim though a bank is likely to give you £25 or such as basic compensation for a complaint assuming they accept they were at fault.

So as Op is stating then. Any post that goes to the wrong address is a data protection breach.

Sadly many banks systems do not talk to each other. Mortgage may also not be provided by the bank.

Such as Co-op bank. Their mortgages are provided by Platform, who are part of the Co-op, but not using the same systems.

Think you may have misunderstood - DGG was agreeing that it's a data protection breach, but highlighting that these are dealt with under data privacy legislation rather than consumer rights as such.

And while you're undoubtedly right that under the bonnet there will be plenty of examples of inadequate systems integration, that is of course absolutely no excuse for acting unlawfully by failing to comply with the mandatory DPA, i.e. if an organisation's systems aren't up to the job of protecting personal data then appropriate manual provisions must be implemented....

born_again

Many do, but as I pointed out Co-op mortgages are in reality a totally separate entity. As such would not update details to co-op bank.

eskbanker

born_again said:

Many do, but as I pointed out Co-op mortgages are in reality a totally separate entity. As such would not update details to co-op bank.

It's probably not particularly useful to debate Co-op if OP is with Nationwide, but presumably anyone holding both a mortgage and a current account with Co-op is made aware of the fact that they're dealing with totally separate legal entities, each of whom would need to have its own independent ICO registration....

goater78

It is not a data protection breach to send a debit card to a previous customers address because the customer has not updated their address.  Assuming that updating your address on one account will update on all accounts is naïve at best.

I also don't really understand how they can change your bank accounts address but not your debit card address.  The debit card address will be your current account? 

I assume you mean they changed the address on your mortgage but not your current account.  I don't think that is surpising as not everyone who buys a mortgage would actually move into that house so I can see why you would have to update your bank account address separately.