to wonder if bank staff can access your accounts?

[lhastingsmua]

Of their own accord (not assisting you in any capacity)?

My ex now works at my main bank, as far as I know at a customer call centre and not in branch. He’s quite obsessive and knows I bank with this company. I’m concerned that he could search for my account and bring up my details, including my new contact information/address alongside my financial information (which would also show him where I now work and my salary.)

Please tell me I’m being silly and he cannot simply access my account without my authorisation?

He will be able to access any account but it is gross misconduct if he accessed yours just to spy on you. But if he doesn't have any of your account details, your address etc then he will find it very hard to find them.

Yep, he can definitely see all your accounts, spending history, transactions - the lot. I’d be moving away from them pronto.

It’s very easy to run a search on name and DOB to locate accounts btw

I know that, but my Barclaycard shows under my list of Barclays accounts when I access the app/online banking, so I’m not sure if it could show it on internal systems (even if it’s just the balance)

Fuck sake. Guess I’m changing banks then

Barclays will of course tell you that staff only access accounts for legitimate reasons, because that’s all they should be doing.

Have a look what deals you can get for switching elsewhere - you could be quids in

Someone who worked for a bank (again not in a branch) told me he could access any bank account, not just ones with his bank

This isn’t true.

I used to work for Barclays (not in branch) and couldn’t access anyone’s accounts as it wasn’t necessary for my role (Marketing). If he works in a call centre which deals with retail customer accounts then he will certainly be able to access yours (although as pointed out above it is a sackable offence).

They can but it's a sackable offence & audit would prove they'd accessed it

Highly unlikely. It would be highly unusual for audit to even look specifically at who has looked at what information. They check who has access to information and whether it’s appropriate for them to have access. External or Internal Audit probably wouldn’t consider looking at who had actually accessed the information unless there had been a fraud committed.

I have not worked in banking for a few years, but staff can access most accounts - except where I worked the not those of the really wealthy who had personal bankers.

People working for say HSBC cannot access accounts for those of NatWest.

You are not supposed to look up accounts unless the customer is in front of you, on the phone etc, but with the huge numbers of accounts the banks cannot keep up with who accesses what.

I would change banks

I've just changed banks and having worked in a bank in a previous before kids life I was stunned at how easy it is now.

It used to be very very easy to search on information and completely untraceable that you've looked, but even though things have moved on in the last 20 years I'd definitely switch in your situation.

I don't think it's fair to ring them to warn them. He hasn't actually done anything wrong.

I would change banks asap. If you don't you'll always be wondering if he's looking at your details.

^Of course I’m going to ring them to attempt to protect my privacy. We used to live together, he’s very aware that I bank with them and it would surprise me if he hasn’t already accessed my account. It’s my bank account, not my social media account, he shouldn’t have free reign to access it

unless there had been a fraud committed.

That’s key, I think. While I probably could go and look up friends and family accounts / see if my husband has any secret loans / credit cards etc, and get away with it Scot free - if someone ever made a complaint, the relevant audit trail could be dug up.

I wouldn’t do it. Just not worth it, and stalkerish to boot.

I’ve worked for Barclays in the past and although Barclaycard is technically a separate holding company Barclays employees can still see the account and the balance.

I wouldn’t change banks if you’re otherwise happy with them unless you’re frightened he’ll stalk you or something, he’s very unlikely to look because they make such a big deal of it being a sackable offence, people have been sacked for looking up their own accounts.

I’d put in a subject data request under the GDPA to see who’s accessed your accounts and when between the date you broke up and now, the bank keep a log of who accesses which accounts.

If he’s in a call centre then every single call is recorded and stored so if he accessed it and there’s no record of a call he’d be in big big trouble.

I worked for 2 major high street Banks, for 27 years.

He absolutely CAN access all of your data. He will be able to see your balance, all of your debit card transactions, your direct debits, standing orders and your address and salary (if it goes into said account), plus any linked credit cards and mortgages etc. It is very easy to do so.

It is NOT audited whatsoever, so I've no idea why a PP said that it was. And it is not a sackable offence. It's an ordinary run of the mill, daily thing to do.

So yeah, if you don't want him to have access, you will need to change your Bank.

PP who said that Bank staff can access the data of customers at other Banks, is talking absolute bollocks! What you can do, is call another Bank and ask them (about a customer), that if you were to present a cheque today, would there be enough money in a customers account to cover it, and they will tell you Yes or No, but that's it!
And you have to phrase it formally, ie. "If a cheque was in your hands today and in order, for Ihastings account, would this be paid" and they would say "yes" or "no, it would be returned RDPR" (return to drawer please represent) if not enough money in account or RD (if not enough money, and never likely to be , ie. don't represent this cheque, it's unlikely to ever be paid.

I wouldn't bother calling a call centre.

Write to the Data Controller at Barclays and state that you believe one of their employees may have broken or be going to break the Data Protection Act (about to be the General Data Protection Regulation) and access your personal information.

The Data Controller has a legal duty to protect your data and should trigger whatever audits are necessary to investigate.

You should be able to find the name of the Barclays Data Controllers on the register at the Information Commissioner's Office website: ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/

Depends what is role is but I’d definitely move banks if I were you.

Yep, he can.

I used to work for one of the major banks as a cashier, and you could easily input someone's details into the computer (name and DOB would be enough) to bring up their accounts and personal details.

Think about it, if customers approach the desk asking to input cash or check their account etc, the cashier needs to be able to access that info. they ask the customer to verify their identity but that's all, a cashier is in a position of immense trust and is trusted to only access accounts they need to.

So he could easily do it. And he wouldn't get caught either as there's nothing to say that you didn't come to his till at work and ask to check your balance. It's an offence to check someone's account willy nilly but the bank has no way of knowing that's what he's done.

If I were you I'd get in touch with the branch manager/customer service manager at the branch and explain what you've told us and ask them to ensure that he is audited and you don't give him permission to view your account. They'll keep an eye on it then hopefully and speak to him so he knows if he attempts it, it might be caught.

That doesn't stop him getting a colleague to do it though. But they may be able to audit your accounts and see who has accessed them and then can check with the individual what the purpose was.

Meanwhile, be changing banks! This is just to protect you in the meantime.

We weren't allowed to serve family or friends either for obvious reasons, so if someone came in that we knew personally we'd direct them to another cashier.

I don’t really know what the data controller will be able to do though - your ex needs this access to carry out his daily duties. They would probably suggest you move banks to be honest.

It is NOT audited whatsoever, so I've no idea why a PP said that it was. And it is not a sackable offence. It's an ordinary run of the mill, daily thing to do.

At our bank it was a disciplinary offence to access someone's account without good reason. You couldn't just sit there messing around looking up random people's accounts. The specifics elude me, but I believe it's due to a part of the data protection act which stipulates that your sensitive information must only be accessed by somebody with a genuine reason to do so.

It's the same within the NHS: you'd get disciplined if you were caught searching medical records for people you had no reason to be looking at (you can't just search for your neighbour to see what medical issues they have).

ClaudiaWankleman He needs access to customer accounts yes, but why would he need access to OP's account for his daily duties? Each individual account isn't open and viewable until you select to enter it. He can access every other account he needs to without opening OP's account.

And tbh he would be expected not to open the account of someone he knows personally, and pass the transaction onto a colleague anyway.

I used to work in a bank and I could look up accounts belonging to anybody. We were only allowed to be looking at accounts for our day to day work. Looking at staff accounts or accounts which were nothing to do with our work was a big no no. They were able to trace our log ins and know exactly what we had been looking at. And they did check up on us. Maybe they might do this to see if he has already been doing this. You could perhaps have a note put on file that he is not to be accessing any info regarding you. It would be seen as gross misconduct and a sackable offence. I would personally move my accounts. The switching service makes it quite seamless now.

It might be a disciplinary offence but that doesn’t mean anyone is monitoring it. Those rules are out in place mostly to avoid fraud (a major concern much longer than data protection!) and OP writing to the data controller won’t revoke her ex’s access.

I worked for a big bank for a long time. Yes I could access any account so wanted with just a date of birth and surname or their address.

Yes it is a sackable offence but they would only know what happened if they where specifically looking for it, managers have enough to do with monitoring our targets and training etc that it would be hard to catch because if you check an account they wouldn't know if you knew the person or not.

I would move banks

Every time a staff member accesses an account it leaves an imprint, btw, so the account can be audited and it can be shown who accessed it.