The other day I received a statement from a financial services company with whom I have a small amount of business. Nothing unusual in that, other than the accompanying leaflet that set out a new process they were adopting to deal with address changes.
Back in the good old days, an address change could be accommodated by a trip to a bank branch, or a letter that would, by its very nature, include a signature that the institution could check against their records. Not any more with this institution. Now,
they require not only a letter but also copies of a number of items that will verify the details, which include: passport, driving licence, council tax bill, utility bills, and so on. Additionally, because they do not want the originals, they require the
copies to be verified by any one from a list that includes: lawyers, doctors, bankers, teachers, members of the armed forces, etc.
My first reaction was irritation that we were getting to such a state where a simple letter, containing my signature, couldn’t be used as sanction to change my address. But then of course some organisations either never collect a signature or don’t store
one any more, so it isn’t surprising that they won’t use this method. Then I got to thinking about the flaws in this process.
First, it would take time from my having moved house to get to the point where I had enough of the necessary documentation to copy and send. For instance, how long does it take to get a passport or driving licence changed? How long will it take to get
a utility bill after having moved house? In that elapsed time, the institution could well have already sent my statement to the wrong address, simply because I couldn’t gather the ‘evidence’ fast enough to request a change in my details.
Second, how difficult is it, in this digital age, for a fraudster to mock up a utility bill or two anyway? For that matter, because they would only need a copy, they could presumably frag up a passport too…
Finally, I could get any Tom, Dick or Harry to verify the copies, as there’s no process to ensure that whoever verifies the documents is who they say they are. What’s the point, therefore, in getting them verified by unverifiable people?
It’s a measure of how deep fraudsters are now digging in order to relieve us of our money; so much so that I wonder where it will really all end. Maybe we’ll have to call at a branch in future and take a lie detector test, or something, before we can change
any static details. Or, maybe we need to either go back to old-fashioned values and make these institutions collect and store signatures, or start using properly secure digital identification methods to effect changes like this.
I guess some good old-fashioned stringent punishment of fraudsters wouldn’t go amiss either, when they are caught…