Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Is it now safe to send bank statements etc by email

A virtual pub for off topic, light hearted pub related banter and discussion. No trainers
mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Is it now safe to send bank statements etc by email

#447519

Postby mc2fool » October 3rd, 2021, 4:17 pm

Sunnypad wrote:
mc2fool wrote:BTW, you probably have a method of sending them a secure copy of your bank statement by email....

If you have Microsoft Word then you can scan in the statement into Word and then password protect the document. In my version of Word 365 you click on File then Info and then Protect Document and then Encrypt with Password. Other versions may have it elsewhere (or not at all for earlier ones).

Choose a password that's something they'll know and then email them the document with the explanation that it's password protected and the password is (e.g.) your NI number, which they have on file for you.

Is that still easy enough to hack though, the password mechanism. I honestly don't know, hence the question.

If someone knows how to intercept the mail, it seems they'd also get round this easily?

It depends on the version of Microsoft Word you have. In earlier versions the passwords were easy to crack, and on a quick search you'll find plenty of tools online to do so, but the more modern versions use the same (or in some cases better!) level of encryption as used by banks online services and are all but impossible to crack, unless you have the resources of the CIA and lots of time. https://en.wikipedia.org/wiki/Microsoft_Office_password_protection

The weakness is in fact in that the password, rather than being a long string of random characters, must be something that AJBell have on record, and if you choose something like your NI number, your phone number, your date of birth, etc, it's possible that the interceptor already has or can obtain that information by other means. How paranoid are you? ;)

I suppose you could get cleverer about it and make the password something that is less "public" data than the items mentioned above but something AJBell will still know ... e.g. the ISIN of the investment you bought on dd-mmm-yy.

Sunnypad
Lemon Slice
Posts: 744
Joined: November 4th, 2016, 1:17 pm
Has thanked: 153 times
Been thanked: 309 times

Re: Is it now safe to send bank statements etc by email

#447531

Postby Sunnypad » October 3rd, 2021, 5:14 pm

I am very paranoid :lol:

The whole reason banks shifted online is to make us liable for errors though, surely

Fluke, interesting, I'm wondering why they don't just pay to linked bank account.

If they want further proof of address, they could ask for a recent utility bill.

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Is it now safe to send bank statements etc by email

#447532

Postby pje16 » October 3rd, 2021, 5:23 pm

I have sent documents to AJ Bell via secure messaging and had no problems

swill453
Lemon Half
Posts: 7962
Joined: November 4th, 2016, 6:11 pm
Has thanked: 984 times
Been thanked: 3643 times

Re: Is it now safe to send bank statements etc by email

#447534

Postby swill453 » October 3rd, 2021, 5:25 pm

pje16 wrote:I have sent documents to AJ Bell via secure messaging and had no problems

Have you? I haven't seen a way to do that.

Scott.

swill453
Lemon Half
Posts: 7962
Joined: November 4th, 2016, 6:11 pm
Has thanked: 984 times
Been thanked: 3643 times

Re: Is it now safe to send bank statements etc by email

#447535

Postby swill453 » October 3rd, 2021, 5:27 pm

mc2fool wrote:The weakness is in fact in that the password, rather than being a long string of random characters, must be something that AJBell have on record, and if you choose something like your NI number, your phone number, your date of birth, etc, it's possible that the interceptor already has or can obtain that information by other means. How paranoid are you? ;)

I suppose you could get cleverer about it and make the password something that is less "public" data than the items mentioned above but something AJBell will still know ... e.g. the ISIN of the investment you bought on dd-mmm-yy.

The password could be sent by their secure messaging service.

Scott.

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Is it now safe to send bank statements etc by email

#447548

Postby pje16 » October 3rd, 2021, 6:35 pm

swill453 wrote:
pje16 wrote:I have sent documents to AJ Bell via secure messaging and had no problems

Have you? I haven't seen a way to do that.

Scott.

Login
Under My account
Update My Deatils
Secure Meassages
New Message
Oh, see what you mean there's nowwhere to attach a file
I'm sure there used to be :roll:

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Is it now safe to send bank statements etc by email

#447549

Postby pje16 » October 3rd, 2021, 6:38 pm

Oh I remember now it was when I was transferring shares to them, it must have been under that process

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Is it now safe to send bank statements etc by email

#447557

Postby mc2fool » October 3rd, 2021, 7:11 pm

Sunnypad wrote:I am very paranoid :lol:

The whole reason banks shifted online is to make us liable for errors though, surely

Well that's definitely paranoid! I think, rather, that the whole (at least 95%) reason banks shifted online was to be able to close branches and lay off staff and, so, cut costs.

swill453 wrote:The password could be sent by their secure messaging service.

Good idea! :D

Sunnypad
Lemon Slice
Posts: 744
Joined: November 4th, 2016, 1:17 pm
Has thanked: 153 times
Been thanked: 309 times

Re: Is it now safe to send bank statements etc by email

#447826

Postby Sunnypad » October 4th, 2021, 6:08 pm

mc2fool wrote:
Sunnypad wrote:I am very paranoid :lol:

The whole reason banks shifted online is to make us liable for errors though, surely

Well that's definitely paranoid! I think, rather, that the whole (at least 95%) reason banks shifted online was to be able to close branches and lay off staff and, so, cut costs.

swill453 wrote:The password could be sent by their secure messaging service.

Good idea! :D


Oh I'm not the only person who thinks that by any stretch
I'm sure staffing is a factor but every senior level person says the same

We are now responsible for the safety of our money in a way that was unthinkable before.

Fluke
Lemon Slice
Posts: 608
Joined: November 4th, 2016, 8:51 pm
Has thanked: 61 times
Been thanked: 137 times

Re: Is it now safe to send bank statements etc by email

#448236

Postby Fluke » October 6th, 2021, 10:35 am

Just to round off, I've had a reply from AJBell to my query about the safety of emailing bank statements, they didn't address the security question but said that it was a computer generated message and that they could see a payment had previously been made to the account and so no further checks were needed. I'd already put a copy of a statement (header only) in the post, let's hope it just gets shredded hey.

This morning I contacted a local dentist asking if they are taking on new patients, they said yes and invited me to fill out the medical information form and return it by email. I declined and I answered their questions over the phone.

I think this is a scandal waiting to happen.

Alaric
Lemon Half
Posts: 6031
Joined: November 5th, 2016, 9:05 am
Has thanked: 20 times
Been thanked: 1398 times

Re: Is it now safe to send bank statements etc by email

#448241

Postby Alaric » October 6th, 2021, 10:46 am

Fluke wrote: said that it was a computer generated message and that they could see a payment had previously been made to the account and so no further checks were needed.


It sounds as if they need to give fresh instructions to the computer which is generating messages. Either that or review the messages before sending them unnecessary demands.

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Is it now safe to send bank statements etc by email

#448249

Postby pje16 » October 6th, 2021, 11:02 am

Computer systems are only as good as those who programmed them - there's your problem :lol:

Midsmartin
Lemon Slice
Posts: 777
Joined: November 4th, 2016, 7:18 am
Has thanked: 211 times
Been thanked: 491 times

Re: Is it now safe to send bank statements etc by email

#448255

Postby Midsmartin » October 6th, 2021, 11:23 am

I think your data is equally, or even more at risk once it's recorded on the recipient company's systems, rather than while it's in transit. And that risk is the same whether you provide the data by email, on paper, or over the phone.

gryffron
Lemon Quarter
Posts: 3605
Joined: November 4th, 2016, 10:00 am
Has thanked: 550 times
Been thanked: 1583 times

Re: Is it now safe to send bank statements etc by email

#448403

Postby gryffron » October 6th, 2021, 9:37 pm

Midsmartin wrote:I think your data is equally, or even more at risk once it's recorded on the recipient company's systems, rather than while it's in transit. And that risk is the same whether you provide the data by email, on paper, or over the phone.

I disagree about the scale of the risks. Emails are essentially public, since you have no control of the routing, and any server it passes through can read the contents, and pass them to anyone else. You should always think of an email as a postcard, rather than sealed in an envelope. Clearly, there is some risk of the recipient being hacked, but it is MUCH less public than email.

Gryff

Midsmartin
Lemon Slice
Posts: 777
Joined: November 4th, 2016, 7:18 am
Has thanked: 211 times
Been thanked: 491 times

Re: Is it now safe to send bank statements etc by email

#448405

Postby Midsmartin » October 6th, 2021, 9:58 pm

I'm interested in this.. Perhaps it's another thread, but I've never read of a case where email was read in transit for criminal/fraudulent purposes, though I'm sure GCHQ and the like can do so. Perhaps this is because you might never discover it has happened; it would be hard to prove.

On the other hand, I'm well aware of leaks of data retrieved from hacked company data stores of various sorts. Cloud email accounts can be broken into, particularly without two factor authentication, but in that case the data has not been read in transit, but after receipt.

elkay
Lemon Slice
Posts: 281
Joined: November 5th, 2016, 1:50 am
Has thanked: 737 times
Been thanked: 129 times

Re: Is it now safe to send bank statements etc by email

#448409

Postby elkay » October 6th, 2021, 10:39 pm

Emails are essentially public


I don't believe this is the case. In the last few years there has been a big move to end-to-end encryption between sender and recipient, using TLS.

My workplace added a function to Outlook that checked that encryption was in place before sending an email. Initially there were a lot of recipients we couldn't send emails to, because the encryption was not in place. One of the more common problem recipients was btinternet email addresses. In recent years, I have seen very few recipients where end to end encryption wass not in place.

For my personal email, I use gmail. A few years ago, I recall seeing a red padlock with a line through it indicating that the recipient email server did not use TLS. Now when I look in my mailbox, I can't find any.

More info here...
https://www.google.com/search?q=is+my+e ... e&ie=UTF-8

The caveat is - the encryption is between the servers. So potentially, the management of the server is where the risk lies.

I am quite happy emailing confidential documents from gmail to my daughter's hotmail account, because I trust that the encryption works, and that the documents are safe on their servers. If either is not the case, I think there are much bigger problems...

I would be more hesitant about sending and receiving confidential documents to a small business who managed their own email servers.

That's my thoughts, but if I'm wrong, as usual there will be someone with expertise along to put me right...

elkay

elkay
Lemon Slice
Posts: 281
Joined: November 5th, 2016, 1:50 am
Has thanked: 737 times
Been thanked: 129 times

Re: Is it now safe to send bank statements etc by email

#448411

Postby elkay » October 6th, 2021, 10:45 pm

I should add...I am surprised that anyone asks for confidential information to be emailed. That would be presuming that the client is using a mail service that provides encryption automatically. That is more than likely the case...but the potential issues are there.

My own employer and my brother's company have both added mechanisms for secure upload of documents, and I would expect this should be the norm. It takes ownership of the risk rather than depending on a third party.

elkay

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Is it now safe to send bank statements etc by email

#448423

Postby mc2fool » October 6th, 2021, 11:38 pm

elkay wrote:In the last few years there has been a big move to end-to-end encryption between sender and recipient, using TLS.

Not quite. It's a good point that hop-by-hop transport level encryption has been increasingly used for email delivery, but it's not end-to-end.

There is no end-to-end connection in the delivery of emails; at it's simplest it's sending client to sending server, which stores the message and then sends it at its own convenience to the receiving server, which stores the message until it's collected by the receiving client. Each of the connections are (can be) encrypted but the email itself is not.

To get end-to-end encryption between sender and recipient requires encrypting the email itself and that's PGP.

Mike4
Lemon Half
Posts: 7084
Joined: November 24th, 2016, 3:29 am
Has thanked: 1637 times
Been thanked: 3791 times

Re: Is it now safe to send bank statements etc by email

#448437

Postby Mike4 » October 7th, 2021, 6:58 am

mc2fool wrote:To get end-to-end encryption between sender and recipient requires encrypting the email itself and that's PGP.


Would attachments be encrypted as well as the content of the email message?

Thanks.

servodude
Lemon Half
Posts: 8271
Joined: November 8th, 2016, 5:56 am
Has thanked: 4435 times
Been thanked: 3564 times

Re: Is it now safe to send bank statements etc by email

#448442

Postby servodude » October 7th, 2021, 7:39 am

Mike4 wrote:
mc2fool wrote:To get end-to-end encryption between sender and recipient requires encrypting the email itself and that's PGP.


Would attachments be encrypted as well as the content of the email message?

Thanks.


Yes
For email attachments are effectively converted to text and sent in the message

-sd


Return to “Beerpig's Snug”

Who is online

Users browsing this forum: No registered users and 4 guests