The big corporate lie: its called “customer security”

It may be that i have got it wrong over this name change lark. No: not the principle. Rather, the general approach. Because i have made the mistake of approaching big business (and financial institutions) as though they are reasonable types, who would rather not humiliate and mistreat their customers. When in fact they are all, mostly, a bunch of bastards.

And the bottom line is, really, the bottom line.

Let’s explain. I’ve been a bit quiet on name change for a bit not because i’ve been doing nothing but, au contraire, because i’ve been doing a lot of something. That has involved talking to government (of which more later) and also widening the number and rank of financial institutions i have been talking to at quite senior level.

Sometimes on my behalf. Increasingly, though, on behalf of others.

The security comfort blanket

And the issue – the collision of values – has been pretty much this. First, many recognise that it is a bit of hassle…and procedures could be better. Many, though, instantly shoot back some sort of PR garbage about having the best interests of their customers at heart and how its all done thoughtfully and in the best possible taste. Or words to that effect.

Somewhere in there is some guff about “security”…and that is understood, by those who appeal to the security comfort blanket for justification, as capping all other arguments. A bit like government.

We’re taking away your right to demonstrate in public/ walk the streets/ breathe and…its all for your own good because of “security”. As though once the s-word has been uttered, nothing else can possibly matter.


Except that is a mistake. Cause i just happen to be a girl with a couple of decades of IT security experience under my belt and, quite frankly, if any manager of mine told me that they were demanding deed polls or marriage cert’s because it somehow enhanced a company’s security…they’d be complaining of carpet burns for a month (from the carpeting i’d give them, see!).

The idiocy of current process

Why? Well, consider: if i want to transfer money, i could write a letter to a bank using my recognised name, on a piece of paper with my name , address, account details and signature on and…chances are they’d do as asked.

On t’other hand, if i handed in a scrap of paper asking them to do ditto which had been signed and witnessed by someone i’d met five minutes previously, with no security as to who the witness was or any more identifying details as to who I was…they’d kick me out the door.

Except when it comes to name change, its all topsy-turvy. The letter containing all manner of secure and checkable info holds no water. The anonymous scrap of paper is king.

Can that be right?


Legal, honest, decent – so long as it doesn’t cost

Let’s digress with a related tale from about ten years back. I was providing advice and consultancy for a major UK corp. You’d know their name: also the name of their MD, who was in the room at the time (because he has lately – and publically – been accused of crim activity). I’ll say no more.

I’d just done a presentation explaining that his company just wasn’t Data Protection compliant. By a long chalk.

So, he fired back, what would it cost to make it so? Quick consult with techy present, much back of envelope scribbling, and two minutes later, my best guesstimate: between a quarter and half a million sterling.

And what would it cost if they were hauled before the Information Commissioner. Honestly? Typical fine back then was in the hundreds of pounds…and then only after months and years of second chances.

In which case, he said, we’ll risk it. His company’s policy from that meeting was not stated – but unofficially it was very clearly to ignore the law on data protection.

Since when, things have changed. The DPA has bigger teeth. The FSA has got in on the act too, as have, in the US, similar regulatory bodies. Fines of several hundred thousand pounds have begun to appear and, magically, companies which once couldn’t give a damn about data protection are taking notice.

Its the bottom line, stoopid

Which brings us back to name change and my mistake. Because i did think companies would rather not upset their customers. Silly me!

And that companies might wish to comply with Equality Law. How foolish!

Of course they don’t. Because both the above are about some degree of altruism and niceness.

So, instead, in 2012, i am beginning a new campaign. The use of deed polls and other cert’s to validate name change is just stupid. Its NOT secure. If anything, it makes financial institutions MORE insecure, making identity fraud easier and achieving nothing other than a paper trail that these organisations can use to pretend they did something.

Which they aren’t.

So in future, faced with intransigent org’s, i think i’ve had it with Equality. Instead, its going to be about security. And negligence, in embedding procedures that make our lives less secure. And various financial ombedsmen.

Let’s see if that one plays any better. đŸ™‚



2 Responses so far »

  1. 1

    Paula TransPanther said,

    yup.. agreed.. anybody can go and do a £5 deed poll containing nothing except 2 names.. never is the original name checke or verified against any other form of idd.. it’s never registered anywhere.. pay your fiver, get the stamp.. and thats your name……… on paper.. use it for whatever fraud purpose and throw it away and forget it!!! Funny how a birth certificate isn’t accepted proof of identity, yet look at what it is used to obtain which is……

    Security is paid lip service and only used as a lie to make lives difficult. Say I want to change MY NAME on MY bank account why would I lie? If I just walk in, give the “relevant name” and “memorable date” and 2 of 4 numbers from the account security code. thats that for every other account access purposes.. except changing the NAME on it!!!! It’s lodge of stoopid time sometimes.

    • 2

      Polly Conroy said,

      Except for a few specific situations (transfer of land and something to with barristers), there is no legal requirement in England and Wales to enter into any particular documentation for a change of name. Indeed, no documentation is legally necessary at all. It is enough to announce to the world that your name is now Pippi Longstocking. That’s it. Done. Of course there are a few caveats against changing your name for the purposes of fraud, but the principle remains valid.

      Of course, various organisations will have their own preferences about what documentation they need to see, which is absolutely fine if you signed an agreement to their conditions.

      About 12 years ago, I changed my name. I told lots of people and they almost all accepted my letter (signed in my former name as well as my new name) as sufficient evidence. The exceptions were Charing Cross Hospital, my solicitor (in connection with the sale of land) and Mastercard.

      Mastercard insisted on a Deed Poll. I argued that legally they did not need it and that they had not seen comparable documentation when I opened the account (so they have no ‘verified’ proof of the name I was changing from) and that I had signed nothing that would indicate my acceptance of their particular internal corporate rules in connection with changes of name.

      Many phone conversations later, much misinformation from their end, many calls not returned, involvement of their legal department and they finally conceded and awarded token compensation which I had not asked for. I had, by that time, got a Deed Poll, but it had become a point of principal that I would not be bullied.

      Nowadays of course, you have to provide evidence of who you are when opening an account, but that was not the case 35 years ago, at least to nothing like the same degree.

      Bullies and bastards.

Comment RSS · TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: