Personal Finance

Why do banking associates ask for confidential information via email?

  • Last Updated:
  • Aug 14th, 2018 6:44 pm
[OP]
Jr. Member
Oct 16, 2013
151 posts
10 upvotes
Toronto, ON

Why do banking associates ask for confidential information via email?

I've done a few personal loans, mortgages, related stuff with Meridian. What I find really puzzling is why I'm consistently asked for highly sensitive information to be sent via email.

We're talking about stuff like CRA's Notice of Assessment, driver's license, pay stubs, etc.

In each and every request I get, I've asked the reps to provide a secure link for upload or use encrypted email. I'm always told that their email is already secure (I don't expect an understanding of how email servers work), and that additional measures aren't needed. (I've worked with 4 different associates over the last 2-3 years.)

Anyone have any idea if it's lack of training or just that they truly don't have the proper mechanisms for receiving sensitive data? I'd be surprised if it's the latter.

The last time I was requested for the info, I refused to send my information via email. Instead, I sent the associate a link to my personal web server where she could download the encrypted docs (I texted her the password). She was furious as she felt the process was a waste of time, as she needed to get her IT department involved (which I didn't feel sorry about).

From my perspective, once you email information such as these via email (as attachments), the room for trouble is huge... it's just a recipe for disaster.

How do you all handle requests like these?
22 replies
Sr. Member
Jul 19, 2004
718 posts
80 upvotes
Vancouver
Then I would:

1.Fax it
2.Mail it
3.Drop it off at the branch

I wouldn't expect the people at the branch to know how their IT system works. I would ask head office instead and see if you can get the answer you want.
Deal Addict
Nov 22, 2015
3282 posts
2230 upvotes
Just drop it off in person if it's such a big deal.

Most banks didn't even accept digital documents at all until a few years ago.

Why would someone go through the trouble to specifically target/intercept your notice of assessment?
Member
Jun 10, 2013
400 posts
149 upvotes
I've had this with the HR dept of my previous company. It's even worse for banks. I put it down to ignorance of how the internet works, and lack of care because it isn't their data.
Deal Addict
Nov 22, 2015
3282 posts
2230 upvotes
Ultimately, if you're the one sending the information, it's on you (not the reciever) to send it securely...
Moderator
User avatar
May 8, 2009
6914 posts
3062 upvotes
45.420833°N, 75.69°W
someone16 wrote:
Aug 11th, 2018 8:31 pm
Then I would:

1.Fax it
2.Mail it
3.Drop it off at the branch

I wouldn't expect the people at the branch to know how their IT system works. I would ask head office instead and see if you can get the answer you want.
Jucius Maximus wrote:
Aug 11th, 2018 8:43 pm
I fax the information.
OP never mentioned fax as an option afaik. As a new Meridian member myself, I find it odd that they don't accept correspondence via fax (at least with regards to my account). I had to send external account linking requests via secured message via their online banking.
eBay profile| Motorola phone. Linux on 2xcomputers. Brew beer & wine @home.
DUCA thread | Simplii Account Linking | Make CCTS Claim | Max on Koodo Referrals Thread
Deal Addict
User avatar
Aug 3, 2009
1752 posts
270 upvotes
Nova Scotia
I guess ive never really considered noas and paystub sensitive: this stuff is filed in family courts across the country daily and is all public.

That said it is your information and you should have the option to fax.
Deal Fanatic
Jul 1, 2007
8060 posts
893 upvotes
Having worked at banks and wealth management firms:

-At the bank back in the day they were very cautious about e-mail. It's for this reason that they generally preferred things faxed over scanned (and I'd get laughed at by clients when I asked them to fax something, "okay, let me get back in my time machine to 1990"). They didn't allow all staff, only management level, to use e-mail that had external access (lower level staff meanwhile could only message via an internal app). All of this I think they've eased up on in more recent years as communicating by e-mail with clients just became more the norm.

-In terms of the OP's preference to utilize a higher level of security, that's anyone's prerogative. You have the choice, for convenience, to simply send things via e-mail and take a minute, almost insignificant level of risk... or you can take the less convenient routes mentioned above, such as dropping things off at the branch. It's kind of like taking the risk of using a car or bus to get to a destination as opposed to walking, which is probably statistically safer.
Money Smarts Blog wrote:
Nov 29th, 2010 11:18 am
I agree with the previous posters, especially Thalo. {And} Thalo's advice is spot on.
Deal Addict
User avatar
Mar 16, 2010
2506 posts
1102 upvotes
Burlington
What's a fax machine?
Newbie
Aug 15, 2009
44 posts
12 upvotes
Montreal
Or password protect your documents and have the bank call your for it ?
Deal Addict
Jul 3, 2017
2994 posts
2042 upvotes
Fax isn't secure either, it's just insecure in a different way. You're sending your sensitive document to a phone number. It could be an unattended fax machine in a common area where 1000 people from different departments have access to it, not to mention visitors, janitorial staff, and anyone who goes through the recycling bin looking for discarded copies. These days it's very common for it to be a fax-to-email service, so your fax is going to become an email anyway, after passing through a third-party service of unknown location and security.

Obviously email goes through many intermediate servers, not under your control, and due to its ancient historical design it's not usually encrypted in any way. On the plus side only sophisticated hackers would have the ability to dip into the internet data stream and pull out sensitive emails. It's much more likely to be harvested from your system or the destination system. Unfortunately emails tend to sit around in some sort of backup file forever, unencrypted and just waiting to be harvested. As the DNC and Hillary Clinton discovered.

It would be nice if you could dictate security requirements to the information requester, but it's usually a large corporation or government agency. They're generally clueless about security, unable to do anything to improve it even if they personally appreciate the issues, and officially the organization doesn't care what you want. At best if it's a personal request, I can sometimes send them an AES-encrypted pdf document (still not totally secure) and give them the password separately.

But it does sting a bit when a bank acts all holier-than-thou about security, presuming to lecture us about basic security when their own is full of holes. Or worse, when your account gets hacked and they claim that it's impossible that their security could have been breached, so it must be the client's fault.
Member
Oct 26, 2003
230 posts
20 upvotes
Ottawa
raywired wrote:
Aug 11th, 2018 6:26 pm
Anyone have any idea if it's lack of training or just that they truly don't have the proper mechanisms for receiving sensitive data? I'd be surprised if it's the latter.
It's very simply. It's your information that is at risk, not theirs.

At the very least, they should use a service like Canada Post's ePost Connect. They pay a licence fee which enables them to open a conversation with you on your (free) ePost account.
Newbie
Nov 14, 2014
23 posts
7 upvotes
Mississauga, ON
raywired wrote:
Aug 11th, 2018 6:26 pm
In each and every request I get, I've asked the reps to provide a secure link for upload or use encrypted email.
Most, if not all banks have this available to use, your average branch employee probably just doesn't know how to use it, or possibly even that it exists. It's much more frequently used in commercial/private banking business lines.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)