How broken is the banking system?
My kid and I love watching Top Gear - me, because it's nice to see him interested in a very traditional British TV programme (in the US, you can find it on BBC America), and him, because he just loves cars - particularly high-performance ones.
So I have to admit to having a little chuckle as I find what's been going on in the life of its host, Jeremy Clarkson.
Well, in the wake of the recent loss of 25 million child benefit case records by the UK Government's HMRC (tax and customs) department... what, you didn't hear about it?
Okay, I'll admit, I didn't report on it, because I figured the world and his wife had already heard all there was to hear on the story. Cut to the chase - someone at the HMRC received a call from someone at the NAO (National Audit Office), asking for some records. Rather than asking if they were supposed to be handing those records over, or if the NAO actually had any rights to receive the records, the "junior official" involved sent a couple of disks ... in internal mail (which turned out not to be so internal, having been contracted out to a courier) to the NAO.
The NAO called back after a few days, asking where their data was.
The junior official sent another copy!
At this point, somebody told someone, and a big stink got raised that there was all this data out there - 25 million records, 7.5 million families, containing names, addresses, bank account numbers, national insurance numbers (NI numbers - that's our equivalent of Social Security Numbers or SSNs).
Okay, so in the wake of all this, lad Jeremy decides he's fed up of all the press coverage of the waste of time investigation into the whole loss of two miserable little CDs.
He declares, in one of the UK national newspapers (the one with semi-naked women on one of its inside pages), that it's all a load of fuss over nothing - even goes so far as to call it a "palaver" (which is not, apparently, a knitted garment - that would be either a pullover, or a balaclava).
Mr C even goes so far as to publish his own bank account number. With sort code (aka bank routing number, to those of us in the USA).
"All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing,"
See - I told you he called it a palaver.
Sadly, as the BBC (don't they broadcast Top Gear, or something?) reports, "Clarkson stung after bank prank". I guess we couldn't predict that.
"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account,"
After explaining to some disbelieving friends how this could have happened, I realised that not everyone has had the chance to run their own business, and see what a mess the banking system is. We all assume that the banks have our best interests at heart, and operate securely in ways that ensure we can't lose a penny.
Not really, no. They work (mostly) on the basis that it's cheaper to refund your money if you notice a problem and complain, than it would be to fix the problem in the first place.
Here's a simple explanation of how "direct debit" (in the US, "automated payment") works:
Most commonly you would complete a written Direct Debit Instruction, obtained from the organisation you wish to pay and return it to them for onward transmission to your bank. Some direct debits may be set up over the phone or via the Internet. In these cases the organisation must subsequently write to you confirming what has been agreed.
So, the receiving organisation claims to the bank that someone claiming to be the account holder requested them to withdraw money from the account.
Note "claims", because there's no proof at that stage.
It's not even as workable as "you write to the bank requesting they allow a direct debit from your account" - the bank has no opportunity to interact with the customer except by sending them their next bank statement!
That's broken - but then again, I've written before about how broken the credit card system for web purchases is. Again, the actual issuing bank, the one with whom you have a relationship, and who could validate your identity, is kept out of the transaction until it's already finished.
What would be super is if a celerity like Jerembly Clarkson would start a campaign to have the banks be required to all team up and do a properly secure set of protocols for credit card and payment authorisations. Then merchants like me wouldn't whine about repeated charge-backs that we can't actually refute, and people like him, ignorant about the truth of the banking industry's inability to secure the very money they are entrusted with, wouldn't go handing out money willy-nilly to random charities just to prove that his trust is woefully misplaced.
I just don't think it'll happen.
I hope there was only £500 in the account, and that Mr Clarkson has already closed that account, and opened one whose number he will keep secret, sharing only with the bank, the company that prints his cheques, everyone he ever pays by cheque... now there's another broken system.