Financial Institution breach of DPA

Hi guys, I was just wondering what you think of my complaint at the moment. I found out my account had been compromised, no financial loss (yet) but my address had been changed by an advisor through telephone banking after an impersonator phoned up with my details. There is questions over where my details had come from, due to them knowing certain security details, I believe it was from inside the financial institution. However, they are arguing that is not the case, even though everything is pointing to it.

Some facts:
- I phoned up the day before all details got changed, explained that I was travelling and would not be back for a year. Passed security etc and got that note on my account.
- Next day, impersonator phoned up, could not give credit card number, just my details, they failed the telephone banking password but got asked 2 more generic questions (which the financial institution argues were guesses, they were not as the answers were against the norm).
- My address and telephone number were changed.
- They phoned back 10 minutes later and requested a new card/pin etc to the new address.
- This is when the account got blocked (so they state).
- I am abroad at the moment.
- My card was blocked, unable to use my card while travelling and was told that I needed to go into my local branch 8000 miles away to unlock my account.
- After 3 days of constantly phoning up, I finally get through to someone that helped me, explained what had happened etc and put everything back to how it should be.
- They have admitted it was a breach of data protection.
- They have admitted that there needs to be a review of procedures as it happened too easily without any security.
- The only layer of security for telephone banking that was there, was bypassed too easily by the call handler, and has then put me in a bad position.
- It will / could have affected my credit rating. It has affected my travelling, I have been unable to purchase a flight to attend my dads funeral.
- I have emphasised that the matter be taken further and investigating the telephone call I made the day before etc, if needs be I will file a police report etc.
- I have been offered £250 compensation, I personally believe this is not enough.

Where should I go from here? I have escalated it to final response, it was the idea of the complaint handler as I said that I am unsure what the precedence for such a breach of DPA.

Thanks guys

Comments

  • bigadaj
    bigadaj Posts: 11,531
    Name Dropper First Post First Anniversary
    Forumite
    Well most obvious question is what do you want?

    Without you having incurred any financial loss then realistically any compensation is limited to inconvenience and upset, so you are looking at a few hundred pounds I would a have said.

    Have you calculated the actual cost if sorting this out in terms of travel, phone calls etc as this would at least be an element that has left you out of pocket.
  • PeacefulWaters
    PeacefulWaters Posts: 8,495 Forumite
    - I have been offered £250 compensation
    Seems reasonable. Maybe a modest top up for any call costs and time?

    They've put things right and offered sizeable compensation.

    They're not going to tell you the outcome of any internal investigation. They would be the victims of any fraud, not you, so there's no point you going to the police.

    So other than somebody's head on a spike what are trying to achieve?
  • rpbster
    rpbster Posts: 2 Newbie
    Purely the security questions that they "guessed" could not have been guessed due to them being obscure. They only way you would have known them if you were me or had access to my account, bank side. For example the most common answer would be like 99% of people accounts, mine is the 1% answer. Therefore if it was a guess, the person would have guessed the same as the 99%. Not only that but my argument is also, if the additional security can easily be guessed then it is not adequate and it is the financial institutions fault for allowing a bypass of a critical security measure for someone to guess.

    It all seems like too much of a coincidence, especially with what was discussed the day before on the phone call I made to the bank. It adds up considerably overwhelming that it must have been an inside job. Not that I like to point fingers, I have look at it from multiple different angles and it all points to one way.

    Not only the fact of the inconvenience and stress it has put me under. Also that if my details have been compromised by a data leak from an advisor inside the call centre then all my other financial institutions are at risk, my credit file etc.

    You say that it is the financial institution that would be the victim, I agree in the end they would be not me. However due to the data that has been leaked it opens up so much more to happen to me, with my other financial institutions that I have accounts with etc.

    I want to get to the bottom of this. I want to find out where the data came from, as I am 100% sure it is not someone who has my basic details and guessed security. It is my data that has been compromised.
  • GarthThomas
    GarthThomas Posts: 164 Forumite
    You won't find out where it came from, you've suffered no financial loss, and they have offered generous compensation. You can ask for a bit more, but then just accept it, and move on.
  • PeacefulWaters
    PeacefulWaters Posts: 8,495 Forumite
    I want to get to the bottom of this
    It isn't going to happen.
  • bigadaj
    bigadaj Posts: 11,531
    Name Dropper First Post First Anniversary
    Forumite
    rpbster wrote: »
    Purely the security questions that they "guessed" could not have been guessed due to them being obscure. They only way you would have known them if you were me or had access to my account, bank side. For example the most common answer would be like 99% of people accounts, mine is the 1% answer. Therefore if it was a guess, the person would have guessed the same as the 99%. Not only that but my argument is also, if the additional security can easily be guessed then it is not adequate and it is the financial institutions fault for allowing a bypass of a critical security measure for someone to guess.

    It all seems like too much of a coincidence, especially with what was discussed the day before on the phone call I made to the bank. It adds up considerably overwhelming that it must have been an inside job. Not that I like to point fingers, I have look at it from multiple different angles and it all points to one way.

    Not only the fact of the inconvenience and stress it has put me under. Also that if my details have been compromised by a data leak from an advisor inside the call centre then all my other financial institutions are at risk, my credit file etc.

    You say that it is the financial institution that would be the victim, I agree in the end they would be not me. However due to the data that has been leaked it opens up so much more to happen to me, with my other financial institutions that I have accounts with etc.

    I want to get to the bottom of this. I want to find out where the data came from, as I am 100% sure it is not someone who has my basic details and guessed security. It is my data that has been compromised.

    The other possibility is that the breach is closer to home of course, or indeed is totally unrelated and isn't a breach. Are you sure it isn't friends, relatives or acquaintances that might be a possible source?
  • mt99
    mt99 Posts: 472 Forumite
    I know it was a long shot but when you called the day before I assume you gave your security details is there any chance you could have been over heard or even the line tapped or anything like that
  • £250 is awfully generous considering no error has occured.

    Whoever fraudulently changed your address has obviously satisfied your bank's security processes to the extent they were satisfied that they were taking a request from the genuine account holder.

    It makes no sense for this breach to be internal as the staff member involved would get caught and dismissed as there would be an evidence trail linking them to your account being compromised.

    As for getting to the bottom of it - how certain are you that you're not the point of compromise?
    DEBT FREE!

    Debt free by Xmas 2014: £3555.67/£4805.67 (73.99%)
    Debt free by Xmas 2015: £1250/£1250 (100.00%)
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.5K Banking & Borrowing
  • 249.9K Reduce Debt & Boost Income
  • 449.4K Spending & Discounts
  • 234.6K Work, Benefits & Business
  • 607.1K Mortgages, Homes & Bills
  • 172.8K Life & Family
  • 247.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards