Refund asking for bank details

weedyt

I am trying to cancel an insurance policy. They say they can't refund it onto the card I paid with and are asking for my account details. This seemed odd, but I could be worrying too much. Is it safe to give them the details?

Silverking

The company I work for recently stopped taking card details for refunds too. I think it's to do with all the PCI compliance regulations. Most of our card payments are done via tokens so all the card details are encrypted and can be refunded without taking any details. Previously we would only take card details where customers paid cash or said the account linked to their card had closed. We also are asking for bank details so we can do BACS refunds, all you should need to provide is the account name, account number and sort code. I don't believe there should be any risk to this.

35har1old

weedyt said:

I am trying to cancel an insurance policy. They say they can't refund it onto the card I paid with and are asking for my account details. This seemed odd, but I could be worrying too much. Is it safe to give them the details?

Do you have more than one account and if you do use one for this can of transfer into the least used keeping very little in it reducing any risk

user1977

What risk do you think there might be? It's substantially safer than them having card details.

Teapot55

The key is ‘never click on a link in an email’. Also ‘never give your card details to someone who has just phoned you’. 

If you’re on the insurance company’s website that you’re logged in to and the webform asks for your bank details or if you phoned the insurance company and they asked for them that’s different. 

DullGreyGuy

weedyt said:

I am trying to cancel an insurance policy. They say they can't refund it onto the card I paid with and are asking for my account details. This seemed odd, but I could be worrying too much. Is it safe to give them the details?

So you trusted this company to payout £10m on your behalf if you ran someone over... payout £300,000 if your home burnt to the ground... but you are concerned about giving your bank details to them?

Obviously follow normal checks to ensure it is from your insurer and not a scammer but there is little people can do with bank details, certainly much less than card details which you already gave them.

weedyt

Thank you for the genuinely helpful replies.

It's not a situation I've encountered before, and as paying by card doesn't actually give merchants access to card details, it was something I wanted to check.

DullGreyGuy

weedyt said:
and as paying by card doesn't actually give merchants access to card details, it was something I wanted to check.

This depends very much on the merchant's setup but traditionally you'd read the card number over the phone or type it into the website and therefore they very much do have access to your card details. 

Because of the rules on how card details need to be secured some choose not to take them, none should be storing the CVV, many call recording systems are tied to the computer so when the agent goes to the card fields the recording stops etc but the rules get more stringent overtime and whilst you are fairly safe with a registered insurance firm because of them being so heavily regulated there are others who are much slower to conform to new rules.

To give an example, back in my web dev days a customer asked for a form that captured all the card details. They didn't ask for SSL security and they wanted the form to email the details (over standard email) to them so they could put them through the PDQ they had in their shop. Obv I refused this but he could easily have gotten another developer to create this as a change to the system.