We place our trust in the organisations we deal with on a daily basis. Many of these organisations have access to large amounts of our personal information. We assume that there are systems in place to protect consumers against the theft of that information by staff members. We assume that if a staff member did steal data, that the bank would treat the matter with urgency. We assume that the bank would press charges against the individual and try and recover all the stolen information.
We assume incorrectly.
About two weeks ago I was called by a guy called Riaan Geldenhuys. He is supposedly a financial planner and wanted to meet up to discuss policies etc. I was intrigued as to where he got my details from so I played along and then eventually asked him where he had found my number. His answer was, in context, quite shocking. He was an ex-Standard Bank employee and had a “list” from when he worked at Standard Bank.
If we ignore for a second the absolute idiocy of this guy actually telling me that, I was obviously left wondering what other information he had on me… I told him that I would report him and that I hoped the bank took him to court. He said he was “sorry”.
In a world where information theft is rife, bank fraud (using information theft) is all too common and everyone is legally married to at least two people they’ve never met, I would have thought that my reporting of this matter to the bank would have resulted in an urgent phone call from the fraud division, asking me for all the information and then a subsequent call a few days later telling me that this Riaan guy was going to court. But no. Typical of their lackadaisical concern for our privacy, the banks auto-responded and then a week later told me they were “looking into the matter”. I let them know that “looking into the matter” wasn’t good enough for me… I wanted to know that at the very least my, and their other customer’s, stolen information had been retrieved. Another week goes by and still, nothing but auto-responders and “we’re looking into it”s.
Eventually, in an incredibly bitter fit of resentment I succumbed and wrote about the issue on HelloPeter, a site I usually avoid because of their reputation of extorting businesses who can’t afford to pay to defend themselves.
Surprise, in a few hours I had a phone call. Now I was told I needed to go into a branch and fill in a form. When I made it clear that the chances of me doing so were similar to, well, just about anything very very unlikely, they then realised that they didn’t actually need me to go into the branch… With promises of swift action I wrote another long email, detailing the entire saga and hoping that it would finally result in some form of action.
Then this morning I am asked to email them either my bank account number or my ID number. The irony of me sending either over unencrypted email to the very bank that breached that information in the first place seemed to be lost on this new individual I was dealing with. Never mind the fact that I had given Standard Bank my account number numerous times, and never mind the fact that I am the only Jonathan Endersby in the country and never mind that really, my bank account has nothing to do with them investigating this Riaan Geldenhuys guy because lets face it, their internal audit logs are obviously quite sloppy, so assuming that they would specifically find detail that Riaan Geldenhuis had looked at my account is, well, optimistic.
To complicate (or obscure) matters, the bank (or at least Clinton who works in their Fraud Division) insists that the only way that anyone would have gotten access to my information would have been via an auditable system which has logs. I explained the retardedness of that statement, detailing how the emails I’ve sent with my information were obviously not tracked because they are apparently lost. Next I asked whether all their email is also linked to this magical system, because I’ve worked in a few banks and I know that the sales teams are big fans of Excel spreadsheets generated the Sales Manager and then emailed to pretty much everyone, including the tea-ambassadorial staff (corporate refreshment executives?). I suspect it is probably one of these lists that was stolen. Anyway, according to SBSA, if they can’t find access logs for Riaan Geldenhuys, “there is nothing we can do”.
Clinton also said that he was looking into whether Riaan Geldenhuys, financial planner guy, was ever employed by Standard Bank. He said they were investigating whether he was ever employed by Standard Bank by speaking to the division he worked in. Yes, that is exactly what he said. I almost shat my pants thinking that this guy is investigating fraud for Standard Bank. I’d like to assume he simply meant that they were speaking to HR, but I have suspicions.
To cut a long story short, I’ve lost hope that the bank will ever take this matter seriously and pretty much assuming that they have better things to do, like close at 3pm, than investigate information theft… I mean, it’s possibly only my id number, salary, home address, mother’s maiden name, signature, phone numbers, previous places of employment, information about the various insurance companies I use, who I invest with, previous addresses and all the account numbers for the various services I use…. I mean, you can’t do much with that information, can you?
#1 by trev on April 8, 2010 - 10:35 am
Quote
Bastards and I bank with them business and personal.
I have always viewed banks as evil and when choosing one I choose the least kakkest one!
I have a problem with ABSA at the moment with a very rude employee that harrassed me chasing after money I did not owe.
I use their actionline@absa.co.za email and also received automated responses. I have tried getclosure and tweeting about it. ABSA have ignored getclosure
HelloPeter was going to be next in my arsenal
#2 by Jonathan Carter on April 8, 2010 - 2:51 pm
Quote
@trev I’ve also e-mailed Absa’s action line a few times before, never getting anything but auto-responders. I don’t think hellopeter will help much, they obviously don’t care about their customers.
#3 by Deborah on August 26, 2010 - 10:56 am
Quote
I have just been a victim of card fraud and after spending a day between the police station and my branch have now followed up with Standard Bank’s fraud department to be advised that they have not received the information from my branch! It could take up to 10 days for the information to be sent by courier from Hyde Park to Johannesburg???? I am a single mother of 3 and am expected to carry the loss of R5,000 until these guys wake up! WTF????