UKH

I've just noticed that the annual (individual membership) letter re BMC subscription renewal has not arrived (only becuase I saw the direct debit had been debited, and I realised I hadn't seen the usual/annual letter).  The amounts were as expected, so no quibble there.

I contacted the BMC office and had a swift response and had a swift replacement.

What appears to be the new style letter is a foldable A4 (ish) card/sheet, folded into 4, sealed on the long side, but open at the ends.  There is a membership card inserted into slots in the body of the card (which I suppose could slide out, but isn't very 'secure')

However, the first attempt at sending the renewal letter/'Member Pack' evidently didn't arrive, and is presumably on the floor of some sorting office, or on someone else's doormat, or worse.  The 'Member Pack' includes my full name, my full address, and bank details (except for 4 digits of the account number) re the direct debit. It occurs to me that this 'Member Pack' isn't terribly secure (being 'open' at both ends), that the method of delivery is not reliable (it's up to the BMC what carrier/medium they use to send this information), and the BMC are being a bit remiss in keeping my personal data safe and secure.  (Personally, I'd much rather have e-mail notification, and just the member card in an envelope, or perhaps even the membership card by e-mail/download as the LDWA have started doing this year, but noting that the LDWA have this year migrated to sientries).

What do the group think?  Am I being a little bit harsh on the BMC or do the BMC need to be a  bit more thoughtful about keeping personal data safe and secure.

I know BMC connected people do read UKH, so I'd be pleased to hear their input, and the input from UKH-ers generally before I decide to do something further.

Name and address are pretty much public domain information.

If you've ever used a cheque, your bank details are the same. Your bank security should not rely on the secrecy of those details.

Well, to compare….I sent my water proof jacket off to a company in Burnley and they wanted to enclose all my card details, including the security number…ffing don’t think so!

Banks use the Royal Mail to send bank statements and other communications that include your name address and full bank account details.

Maybe you should have a go at them rather than the BMC?

Shouldn’t have leaked though…

Thanks for the feedback and comments and up and downvotes.  Enough of a indicator of opinion

In response to a couple of points (since I should stand up and take them on the chin having posted in the first place)

• I've just looked, and I've written 3 cheques since April 2019, two of them to the same organisation for an annual sub where said organisation now accept BACS. So I probably don't leak details in that way.
• Banks do (still) send out hardcopy statements, but I believe in fully sealed envelopes.  I've not had a paper statement by post since 2011 (download pdfs instead)
• It might be possible to set up a direct debit with someone's name address, sort code and account number, and probably (if apocryphal evidence is to be believed) run for quite a while without getting noticed by the account holder.

I think I'll let sleeping dogs lie on this occasion, but maybe someone at the BMC saw this and it gave them cause for thought, or maybe discounted the ideas as being penned by a grumpy old get

When I used that company I wrote on the payment slip that I wanted to pay over the phone. No way I was going to pop that info into a parcel that could go missing!

After successfully guessing the four missing digits?

Didn't Jeremy Clarkson post his personal bank details in a newspaper a few years ago, just to highlight how they are of no use to anyone?

Then get made to look a fool when someone set up a modest d.debit to an environmental charity from his bank.

Yes bank details (especially partial ones) are if little use to anyone, but I agree that a sealed envelope would be better than one of those folded up things that look like junk mail.

He wasn't really made a fool.  The DD would have been reversed immediately as soon as he pointed it out as it was not set up with his authority - that's the Direct Debit Guarantee.  However so as not to look a selfish fool given that he's rich and could easily afford it, I believe he kept it going, at least initially.

I do think, though, that DDs should require a real time online or SMS authorisation as per 3D Secure etc.  If nothing else, reversing unauthorised ones must be a faff for the banks.

In Germany for example it's normal for all businesses to have their bank details on official communications like letters for payment purposes, and they haven't got any security provisions we haven't.

I know, right?

You're, ah, worried about your name and address being visible on something sent to you in the post? 🤨😉