The New Top Easy Access Savings Discussion Area

pandh

flaneurs_lobster said:

pandh said:

I'm very concerned about Chip's policies and use of personal financial data. Currently it looks like they want access to bank accounts to view transactions so they can sell these to data brokers for highly targetted marketing.

Their privacy policy allows them to share this data with anyone they deem appropriate. I can't link to their Privacy Policy but you can find it on their site.

T‍hey don't explicitly say they do it but it's very clear from the wording in the policy on data sharing, and also this point from section 21. Withdrawing consent: "Chip will not disclose your information to any third party for marketing purposes, without your further consent." Clearly if you can withdraw consent for this then it means they are doing it.

I understand your concerns but with this type of app-based multi-faceted (savings, investments) products having a need to crawl all over your connected bank account(s) I think you can nullify any intelligence gathering by only connecting a "dummy" account. 

Mine's a Tesco Clubcard Pay+ account, it's sole purpose is to act as an intermediary between Chip and my "proper" accounts. 

That's a good idea, thanks.

Though I do think Martin should look into this. Chip are requesting far more data via the Open Banking API than is needed for verification and their manual anti-fraud check amounts to sending a bank statement and photo ID via insecure email.

masonic

pandh said:

flaneurs_lobster said:

pandh said:

I'm very concerned about Chip's policies and use of personal financial data. Currently it looks like they want access to bank accounts to view transactions so they can sell these to data brokers for highly targetted marketing.

Their privacy policy allows them to share this data with anyone they deem appropriate. I can't link to their Privacy Policy but you can find it on their site.

T‍hey don't explicitly say they do it but it's very clear from the wording in the policy on data sharing, and also this point from section 21. Withdrawing consent: "Chip will not disclose your information to any third party for marketing purposes, without your further consent." Clearly if you can withdraw consent for this then it means they are doing it.

I understand your concerns but with this type of app-based multi-faceted (savings, investments) products having a need to crawl all over your connected bank account(s) I think you can nullify any intelligence gathering by only connecting a "dummy" account. 

Mine's a Tesco Clubcard Pay+ account, it's sole purpose is to act as an intermediary between Chip and my "proper" accounts. 

That's a good idea, thanks.

Though I do think Martin should look into this. Chip are requesting far more data via the Open Banking API than is needed for verification and their manual anti-fraud check amounts to sending a bank statement and photo ID via insecure email.

I don't think Martin is the right person to be looking into the security practices of savings providers. It is not his area of expertise.

Things may have changed, but back in the early days when I was using Chip, I don't think they were asking for more than account name and balance to link and verify an account. The whole wealth score thing would give me pause today, but fortunately there are other options available.

friolento

pandh said:

flaneurs_lobster said:

pandh said:

I'm very concerned about Chip's policies and use of personal financial data. Currently it looks like they want access to bank accounts to view transactions so they can sell these to data brokers for highly targetted marketing.

Their privacy policy allows them to share this data with anyone they deem appropriate. I can't link to their Privacy Policy but you can find it on their site.

T‍hey don't explicitly say they do it but it's very clear from the wording in the policy on data sharing, and also this point from section 21. Withdrawing consent: "Chip will not disclose your information to any third party for marketing purposes, without your further consent." Clearly if you can withdraw consent for this then it means they are doing it.

I understand your concerns but with this type of app-based multi-faceted (savings, investments) products having a need to crawl all over your connected bank account(s) I think you can nullify any intelligence gathering by only connecting a "dummy" account. 

Mine's a Tesco Clubcard Pay+ account, it's sole purpose is to act as an intermediary between Chip and my "proper" accounts. 

That's a good idea, thanks.

Though I do think Martin should look into this. Chip are requesting far more data via the Open Banking API than is needed for verification and their manual anti-fraud check amounts to sending a bank statement and photo ID via insecure email.

Even if he did look into it, what would you expect him to do? Any financial provider is free to offer products which make use of the data available via the open banking API. As consumers, we are free to choose those products that suit our requirements. You are not forced to take out any account you don’t like for whatever reason. 

Dizzycap

friolento said:

pandh said:

flaneurs_lobster said:

pandh said:

I'm very concerned about Chip's policies and use of personal financial data. Currently it looks like they want access to bank accounts to view transactions so they can sell these to data brokers for highly targetted marketing.

Their privacy policy allows them to share this data with anyone they deem appropriate. I can't link to their Privacy Policy but you can find it on their site.

T‍hey don't explicitly say they do it but it's very clear from the wording in the policy on data sharing, and also this point from section 21. Withdrawing consent: "Chip will not disclose your information to any third party for marketing purposes, without your further consent." Clearly if you can withdraw consent for this then it means they are doing it.

I understand your concerns but with this type of app-based multi-faceted (savings, investments) products having a need to crawl all over your connected bank account(s) I think you can nullify any intelligence gathering by only connecting a "dummy" account. 

Mine's a Tesco Clubcard Pay+ account, it's sole purpose is to act as an intermediary between Chip and my "proper" accounts. 

That's a good idea, thanks.

Though I do think Martin should look into this. Chip are requesting far more data via the Open Banking API than is needed for verification and their manual anti-fraud check amounts to sending a bank statement and photo ID via insecure email.

Even if he did look into it, what would you expect him to do? Any financial provider is free to offer products which make use of the data available via the open banking API. As consumers, we are free to choose those products that suit our requirements. You are not forced to take out any account you don’t like for whatever reason. 

Chip are not alone and are within their rights to ask for additional data / information. Trading 212 also require additional data & documents as a way of actually protecting you and the payments made from & to your bank account via your T212 account - It's not just about potential money laundering etc. I chose T212 and I have also chosen to abide by their requirements when they need to update data. Financial regulations are forever changing and are becoming much tighter, so it's go with it or chose not too, if you really don't feel comfortable.

pandh

I don't think Martin is the right person to be looking into the security practices of savings providers. It is not his area of expertise.

Things may have changed, but back in the early days when I was using Chip, I don't think they were asking for more than account name and balance to link and verify an account. The whole wealth score thing would give me pause today, but fortunately there are other options available.

It was more about a product being recommended by MSE where there's at least some assumption that they're handling private data correctly. All current evidence says they're not.

pandh

friolento said:

Even if he did look into it, what would you expect him to do? Any financial provider is free to offer products which make use of the data available via the open banking API. As consumers, we are free to choose those products that suit our requirements. You are not forced to take out any account you don’t like for whatever reason. 

True, but he should warn that all your transaction data will be added to a financial marketing database. I don't see how everyone thinks this is okay?!

friolento

pandh said:

I don't think Martin is the right person to be looking into the security practices of savings providers. It is not his area of expertise.

Things may have changed, but back in the early days when I was using Chip, I don't think they were asking for more than account name and balance to link and verify an account. The whole wealth score thing would give me pause today, but fortunately there are other options available.

It was more about a product being recommended where there's at least some assumption that they're handling private data correctly. All current evidence says they're not.

MSE only list savings accounts based on rate, not on service levels or privacy or anything else.

pandh

Dizzycap said:

Chip are not alone and are within their rights to ask for additional data / information. Trading 212 also require additional data & documents as a way of actually protecting you and the payments made from & to your bank account via your T212 account - It's not just about potential money laundering etc. I chose T212 and I have also chosen to abide by their requirements when they need to update data. Financial regulations are forever changing and are becoming much tighter, so it's go with it or chose not too, if you really don't feel comfortable.

They may not be alone in doing this, but they are not within their rights. If you actually read the relevant regulations you'd find that companies, including financial institutions, are not free to require whatever private data they want. They are holding money ransom that they won't release without giving them excessive amounts of private information.

For example, I can sign up for a Tesco bank account or transfer money between any of my existing current accounts, savings accounts, ISAs, etc without any of the issues that Chip are causing. If you want to see how the Open Banking API actually works and can be used with minimal data requirements see the docs for TrueLayer who are used by Chip: https://docs.truelayer.com/docs/scopes

It's only a matter of time before a major data breach at one or more of these data brokers triggers a wave of identity theft scams. For example, here's how one UK data provider describes the data they hold: "Our data encompasses extensive consumer profiles, including demographics, purchasing behaviours, and contact information."

masonic

pandh said:

I don't think Martin is the right person to be looking into the security practices of savings providers. It is not his area of expertise.

Things may have changed, but back in the early days when I was using Chip, I don't think they were asking for more than account name and balance to link and verify an account. The whole wealth score thing would give me pause today, but fortunately there are other options available.

It was more about a product being recommended by MSE where there's at least some assumption that they're handling private data correctly. All current evidence says they're not.

I don't believe there is any evidence that they are not handling data in line with their legal and regulatory obligations. Just speculation from an individual that they may be involved in clandestine activities, based on evidence that other companies have misused data in the past. Such an accusation could be levelled at any organisation. MSE should not be choosing which products and services it recommends on the basis of rumour and speculation. Only the FCA has the powers to obtain actual evidence of wrongdoing. MSE has no choice but to rely on information provided by the firm and the fact that they are authorised by the FCA.

It is obviously up to the customer to decide what information they are comfortable sharing, and to choose products that fit their needs. Others should not be deprived from taking advantage of those products just because the more paranoid among us (and I include myself in that number) don't consider it a good enough trade-off at the present time.

Bridlington1

@soulsaver

GB Bank EA 4.70% £1k min open, then £1 min. now under review and not available to new applications.