I am trying to set up a direct debit with my water company, South West Water. The method they provide seems to me insecure.
Initially, their website directed me to fill in an on-line form giving your customer details (postal address, account number etc) but not bank details. I press "submit". Two weeks later I get an email, ostensibly from snipped-for-privacy@swwbusiness.co.uk although the header contains the line "X-Sender: snipped-for-privacy@salesforce.com". This addresses me by name, and correctly cites the information I supplied on the online form. The sender invites me to email her my bank details so that she can set up the direct debit.
Is it secure to do so, or should I take extra precautions?
That sounds very clumsy to me and I would still want ME to set up anything that will leave my account.
Re your other post, Clarkson, it sounds another 'entity' has mischievously compromised his account so would infer these entities should not be trusted.
The OP has expressed concern over security, I share his concern.
Whenever I am asked for that information, I send half in one message, and half, later, in another. Whether that helps, or I am being over cautious, I don't really know.
Any organisation approved to be able to setup direct debits would be mad to create one they couldn't prove you hadn't authorised, but e.g. if I knew you details I might be able to set up a fraudulent DD to pay £500/month to Battersea Dogs Home (ask Jeremy Clarkson!) but you would get the money back in an instant.
They don't have to "enter your account". But if f'rinstance you want to pay your electric provider via DD, you just give them your bank details and they set the DD up.
I'm not sure which entities have the authority to do that and how they get it.
You grant authority to the payee - they setup the DD.
You don't need their banking details for a DD. You would only need those for doing a BACS transfer or setting up a standing order.
While I agree it would be "nicer" if they collected the details in a more protected manor, there is not *that* much risk in disclosing just account number and sort code. Beyond setting up a DD (which you could reverse) or paying money into your account, there is not much someone can do without only that information.
What's clumsy about it? Less work for me to do. And a DD is *always* set up by the entity you are paying. You can give them authority over the phone (or possibly email or both, I'm not sure) but in any case it's then *they* who set it up. Not you.
Firstly, I doubt it would be "in an instant". DDs are for those who do not have the time or interest to keep a check on their money, and are happy to let someone run part of their personal finances. Would you go to a market stall, buy a bagful of fruit and veg, and tell the stallholder to take, unseen, the cost of the goods from your wallet, and then not check for several hours that the correct amount had been taken? That's effectively what a DD is, but substitute "days" for "hours". By the time you realised much more than what you thought had been withdrawn, you could be in financial trouble.
And that's another problem. The DD guarantee makes much of the fact that if an error is made, you are entitled to a full and immediate refund of the amount paid by your bank or building society. Nothing wonderful about that - if it wasn't refunded it would be theft or fraud, wouldn't it? But /would/ it? You authorised someone to take unspecified amounts at varying times. Where is the "error"? How long does it take the payee (or you) to find out their payment system was out by a decimal point, and removed £1000 instead of £100 from your account? Only if they accept there is an error do you get the money back.
And that leads to the final point which I have raised before and never had answered. What happens if you suffer financial damage from an excessive DD withdrawal which makes you effectively in default of other payments, as there is little or no money in your account to make those payments? Do you lose the goods on which those payments should have been made? Do you have to sue the payee(s) who made the error for damages?
I /might/ consider a DD if there was some way of limiting the amount a payee could take. For example, If my gas bill never exceeded £500 a quarter, I might accept a DD limiting any withdrawal to less than, say, £600. But as far as I am aware, no DD accepts a limit.
As you might guess, I don't do DDs. It costs me more on my bills (which annoys me) but I'm in control of my bank account, not someone else.
Well, I thought I was, until I read your post! :-(
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.