mbna refuse to forget me

[mere]

I applied for an mbna credit card.

 

They demanded 3 months bank statements I asked why. They said to verify your income.

I said the agency I work through will certify my income, they insisted on the bank statements.

I said I wasn't prepared to hand over bank statements as I didn't need the credit and it was not worth it just for airmiles.

 

Because mbna upfront the obtaining of security information

I was now in a position where they had the same security information as the other credit card I have

(same password, mothers maiden name) plus they had all the account details.

Yes I said the same password, for me it is the lesser evil than having several passwords

that I now have to write down (which to me is a worse security risk).

 

When I called mbna to terminate my application they took me through security

in the course of which the operator repeated to me my entire password.

 

 

Now to my understanding they are not supposed to know this and it is an obvious security risk if they do.

I am accustomed to a bank accomplishing security checks by asking for certain characters of my password.

 

I pointed out that as I had terminated the application it was unacceptable for them to retain my security information and they should delete it.

That was 6 months ago.

 

 

Since then I have written and been sent responses where they have asked me to call.

When I call I am told that they want me to go through security and I tell them I'm not doing that because they shouldn't have that information.

 

 

So they have had a formal complaint and a Section 10 notice asking them to delete my information.

In the complaint I said I believed their security was lax and not competently administered a

nd put me at risk as they were holding the same information as other financial institutions who I do hold accounts with.

 

I wrote this letter at the end of April.

 

 

In July while I was abroad

I was alerted that somebody had obtained my password and attempted to access my credit card account online,

consequently my card had been cancelled and I would have to change m my password.

 

 

I rely totally on credit cards while abroad so was left more or less financially stranded by this.

 

In August mbna produced their letter full of regret and tell the ombudsman if you're not satisfied.

I told them that things had moved on - my account had been hacked

which was exactly the consequence I had warned them of and they were being held responsible.

I also told them they had not responded to the section 10 notice.

 

They replied denying receipt of the section 10 notice and said that in any event

they were required by the Consumer Credit Act to retain data about my application for a card.

I agreed but said that requirement does not extend to the security information that I told them to delete.

They said they would investigate the breach ... we take security very seriously blah blah...

 

7 weeks on (they said they needed 8 weeks to investigate)

mbna have never contacted me to ask what account was hacked or when..

. .so much for a rigorous investigation.

 

We are in a standoff.

I've told them they are responsible for the breach of the account

(note my bank account which they also have but doesn't share that password was not hacked).

To date they have not deleted my security information.

 

I am ready to take them on but am thinking of not basing my case on the Section 10 notice as it probably mean

I am not eligible to be heard in the small claims track.

I'll mention it but not seek remedy under it and I am hoping the ico will tell them to delete the data.

 

something to be wary of if you ever abandon an application with a financial institution.

[BazzaS]

I applied for an mbna credit card.

 

They demanded 3 months bank statements I asked why. They said to verify your income.

I said the agency I work through will certify my income, they insisted on the bank statements.

I said I wasn't prepared to hand over bank statements as I didn't need the credit and it was not worth it just for airmiles.

 

Because mbna upfront the obtaining of security information

I was now in a position where they had the same security information as the other credit card I have

(same password, mothers maiden name) plus they had all the account details.

Yes I said the same password, for me it is the lesser evil than having several passwords

that I now have to write down (which to me is a worse security risk).

 

When I called mbna to terminate my application they took me through security

in the course of which the operator repeated to me my entire password.

 

 

Now to my understanding they are not supposed to know this and it is an obvious security risk if they do.

I am accustomed to a bank accomplishing security checks by asking for certain characters of my password.

 

I pointed out that as I had terminated the application it was unacceptable for them to retain my security information and they should delete it.

That was 6 months ago.

 

 

Since then I have written and been sent responses where they have asked me to call.

When I call I am told that they want me to go through security and I tell them I'm not doing that because they shouldn't have that information.

 

 

So they have had a formal complaint and a Section 10 notice asking them to delete my information.

In the complaint I said I believed their security was lax and not competently administered a

nd put me at risk as they were holding the same information as other financial institutions who I do hold accounts with.

 

I wrote this letter at the end of April.

 

 

In July while I was abroad

I was alerted that somebody had obtained my password and attempted to access my credit card account online,

consequently my card had been cancelled and I would have to change m my password.

 

 

I rely totally on credit cards while abroad so was left more or less financially stranded by this.

 

In August mbna produced their letter full of regret and tell the ombudsman if you're not satisfied.

I told them that things had moved on - my account had been hacked

which was exactly the consequence I had warned them of and they were being held responsible.

I also told them they had not responded to the section 10 notice.

 

They replied denying receipt of the section 10 notice and said that in any event

they were required by the Consumer Credit Act to retain data about my application for a card.

I agreed but said that requirement does not extend to the security information that I told them to delete.

They said they would investigate the breach ... we take security very seriously blah blah...

 

7 weeks on (they said they needed 8 weeks to investigate)

mbna have never contacted me to ask what account was hacked or when..

. .so much for a rigorous investigation.

 

We are in a standoff.

I've told them they are responsible for the breach of the account

(note my bank account which they also have but doesn't share that password was not hacked).

To date they have not deleted my security information.

 

I am ready to take them on but am thinking of not basing my case on the Section 10 notice as it probably mean

I am not eligible to be heard in the small claims track.

I'll mention it but not seek remedy under it and I am hoping the ico will tell them to delete the data.

 

something to be wary of if you ever abandon an application with a financial institution.

 

Are you after advice, or making a statement rather than a question?

 

If for advice / a question : do you intend to listen to / take advice (potential respondees may wish to check out mere's other threads, closed by the site team as not assisting anyone, where mere argued with all advice given, leading to people wondering why they had actually posted .....)

 

For confirmation, the threads are

http://www.consumeractiongroup.co.uk/forum/showthread.php?434574-Forgot-my-railcard-discussion-thread&p=4629007#post4629007 and

http://www.consumeractiongroup.co.uk/forum/showthread.php?434150-Small-vs-Train-company-to-overturn-Unpaid-Fare-Notice&p=4625379#post4625379

 

If for advice that you are willing to listen to/ take : ("For starters") Did you send your section 10 request by a trackable service, or if not did you get proof of posting?