How broken is the banking system?

Jeremy Clarkson - we should all have his simple naivete and faith in the systemMy kid and I love watching Top Gear - me, because it's nice to see him interested in a very traditional British TV programme (in the US, you can find it on BBC America), and him, because he just loves cars - particularly high-performance ones.

So I have to admit to having a little chuckle as I find what's been going on in the life of its host, Jeremy Clarkson.

Well, in the wake of the recent loss of 25 million child benefit case records by the UK Government's HMRC (tax and customs) department... what, you didn't hear about it?

Okay, I'll admit, I didn't report on it, because I figured the world and his wife had already heard all there was to hear on the story. Cut to the chase - someone at the HMRC received a call from someone at the NAO (National Audit Office), asking for some records. Rather than asking if they were supposed to be handing those records over, or if the NAO actually had any rights to receive the records, the "junior official" involved sent a couple of disks ... in internal mail (which turned out not to be so internal, having been contracted out to a courier) to the NAO.

The NAO called back after a few days, asking where their data was.

The junior official sent another copy!

At this point, somebody told someone, and a big stink got raised that there was all this data out there - 25 million records, 7.5 million families, containing names, addresses, bank account numbers, national insurance numbers (NI numbers - that's our equivalent of Social Security Numbers or SSNs).

Okay, so in the wake of all this, lad Jeremy decides he's fed up of all the press coverage of the waste of time investigation into the whole loss of two miserable little CDs.

He declares, in one of the UK national newspapers (the one with semi-naked women on one of its inside pages), that it's all a load of fuss over nothing - even goes so far as to call it a "palaver" (which is not, apparently, a knitted garment - that would be either a pullover, or a balaclava).

Mr C even goes so far as to publish his own bank account number. With sort code (aka bank routing number, to those of us in the USA).

"All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing,"

See - I told you he called it a palaver.

Sadly, as the BBC (don't they broadcast Top Gear, or something?) reports, "Clarkson stung after bank prank". I guess we couldn't predict that.

"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account,"

After explaining to some disbelieving friends how this could have happened, I realised that not everyone has had the chance to run their own business, and see what a mess the banking system is. We all assume that the banks have our best interests at heart, and operate securely in ways that ensure we can't lose a penny.

Not really, no. They work (mostly) on the basis that it's cheaper to refund your money if you notice a problem and complain, than it would be to fix the problem in the first place.

Here's a simple explanation of how "direct debit" (in the US, "automated payment") works:

Most commonly you would complete a written Direct Debit Instruction, obtained from the organisation you wish to pay and return it to them for onward transmission to your bank. Some direct debits may be set up over the phone or via the Internet. In these cases the organisation must subsequently write to you confirming what has been agreed.

So, the receiving organisation claims to the bank that someone claiming to be the account holder requested them to withdraw money from the account.

Note "claims", because there's no proof at that stage.

It's not even as workable as "you write to the bank requesting they allow a direct debit from your account" - the bank has no opportunity to interact with the customer except by sending them their next bank statement!

That's broken - but then again, I've written before about how broken the credit card system for web purchases is. Again, the actual issuing bank, the one with whom you have a relationship, and who could validate your identity, is kept out of the transaction until it's already finished.

What would be super is if a celerity like Jerembly Clarkson would start a campaign to have the banks be required to all team up and do a properly secure set of protocols for credit card and payment authorisations. Then merchants like me wouldn't whine about repeated charge-backs that we can't actually refute, and people like him, ignorant about the truth of the banking industry's inability to secure the very money they are entrusted with, wouldn't go handing out money willy-nilly to random charities just to prove that his trust is woefully misplaced.

I just don't think it'll happen.

I hope there was only £500 in the account, and that Mr Clarkson has already closed that account, and opened one whose number he will keep secret, sharing only with the bank, the company that prints his cheques, everyone he ever pays by cheque... now there's another broken system.

Published Mon, Jan 7 2008 21:22 by Alun Jones
Filed under: , ,

Comments

# re: How broken is the banking system?

I'm slightly curious about your side comment that what the UK calls direct debit the US calls automated payment.

In NZ we have both direct debit and automatic payments, which are two different things.

Direct debits are controlled by the business, although you do have to fill in an authorization form which at least *looks* as if it goes to your bank.  The business gets to decide how much to withdraw and when, and if they remove the wrong amount the bank doesn't want to know.

Automatic payments are controlled by you; you go to the bank and tell them who, how much and how often.  The money can be sent to any bank account, it doesn't have to be a business.

Doesn't the US have what we would call automatic payments?  Or are they just called something else?

Tuesday, January 08, 2008 2:50 PM by Harry Johnston

# re: How broken is the banking system?

I wasn't able to find as much information about the names of US automatic payment processes and their differences as I was for the English banks.

However, I did find enough to reassure me that what I knew about the Automated ClearingHouse (ACH) payment methods was true - with a routing code and a bank account, it is possible to initiate a transaction without requiring any information from the account holder.

From my perspective, I'm not sure that it matters much what to call it, as much as it matters that there is a method whereby money can be removed from your account knowing only the account number and routing code. The routing code is public information, and the account number is shared with everyone you have ever paid by cheque.

Yet again, it's an example of a system that should be secure, but which relies on the belief that a number is secret, despite its being widely disseminated.

Tuesday, January 08, 2008 3:41 PM by Alun Jones

# re: How broken is the banking system?

Of course, in retrospect, although Jeremy Clarkson is, to quote a number of sources, "not known for spending a great deal of time in thought before opening his mouth", that's a public persona that he's spent a great deal of time cultivating.

One hopes that he left £500 sitting in an otherwise empty, inactive bank account, whose number he exposed, knowing that either it would sit there unmolested to prove him right, or someone would pretty quickly demonstrate how wrong he was. If the latter were the case, he'd educate a few people, and promulgate the theory that he's a mouthy so-and-so who isn't remotely qualified to comment on the security of the banking system.

Neither outcome is damaging to Mr Clarkson - either he's proven right, and all he has to show for it is the loss of interest on £500, or he's proven wrong, and gets to make it into the papers once again.

Of course, my boy and I would rather he did so by sending a Mini Cooper down a ski-jump, or turning a Reliant Robin into a space shuttle (did you miss those episodes?)

I can't thank Jeremy Clarkson enough - he has demonstrated to the world the necessity for data security. My hat's off to you, sir.

Wednesday, January 09, 2008 12:59 PM by Alun Jones

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: