"NY" wrote in message
o.uk...
"whisky-dave" wrote in message
...
I have savings with one company who will accept a fax of a signed
letter
in lieu of it being sent by post, but will not accept an emailed scan
of
the same letter. Work that one out! They are both images of the same
written document, just sent via different technology.

Good reason to dump those dinosaurs.

faxes are more difficult to fake, I wouldn't dump them, I'd rather they
are careful than just accepting anyhting as proof.
It's not like emails are dufficult to forge.

Faxes are dead easy to forge if you have the will and the intent. When I
had to fax a letter of authority to cash in some of my savings, I didn't
use a dedicated fax machine because I don't have one and I wasn't going to
make a special journey into town to pay to use the one in library. Instead
I used the fax modem in my laptop and "printed" a scan of the signed
letter - I faxed exactly the same scan that I would have emailed to them
if they'd have accepted emails: identical data sent by a different means.

If I'd had criminal intent I could have pasted a scan of someone else's
signature copied from a scan of another unrelated document - easier and
less obvious if you do it digitally rather than with scissors and glue :-)

I think companies only accept faxed authorisation on the incorrect
assumption that all faxes come from dedicated scan-and-fax devices,
without any intermediate computer process that could manipulate the scan.


The situation is even more absurd nowadays. As long as I email my signed
document to a financial advisor (whom I've never met, only corresponded
with by email) for him to forward to the share-dealing desk, it is
accepted. If I send the same scan directly to the dealing desk, it is not.
Given that the advisor has never met me or witnessed me sign anything,
it's placing a spurious level of trust on the route by which the document
has been sent.

Not that I'm complaining. They have my postal address, email address and
bank details on file, and would almost certainly refuse to send money to a
different account unless I sent them a voided cheque as proof of owning
the account.

Having recently moved house, I've had to do a lot of changing of my
address on various companies' databases. Most will accept authorisation
over the phone (if it's membership of a society or subscription to a
magazine rather than anything financial) but some require me to write in.
One would only accept the authorisation if I quoted an ID that they posted
to me old address and which I then received via a Royal Mail redirection.

As with so many things, it's a trade-off between security to the company
and convenience to the punter.

I did relatively recently have one bank, Citicorp, when I had managed
to have my account locked due to their stupidity, demand that I write
them a physical letter before they would unlock the account.

Just a week or so ago another which had also locked my account,
said that if I couldnt answer the security questions over the phone
call successfully, I would have to go in to the physical branch. But
I did get all but one question right. The one I didnt was the account
number. That banks has lots of different numbers, different one for
the account itself, for the debit card and also another security number
and it wasnt at all clear which number they were asking for.

I now have an extra field in my database with the name they use
for a particular number which should fix that problem if they dont
start calling a particular number by a different name later, which
is always possible.