where does the bank get the data that no one gave it? / Hebrew

where does the bank get the data that no one gave it? / Hebrew

The scale of the disaster is becoming an incredible eagerness of Russian business to capture as much personal data of Russians as possible and imperceptibly make them the owners of services and services that are unnecessary, in our opinion.

Another wonderful story happened with our colleague. One day, he discovered that Tinkoff Bank was reminding him of his gas bill every month – directly with specific figures corresponding to the latest receipt.

Do we need to say that no one made such subscriptions deliberately?

The situation turned out to be quite common: acquaintances showed that tax bills, DIBDR fines and other things began to pile up in their personal bank accounts. And the bank carefully filed all invoices in a special new folder “Invoices for payment”.

Here is a place for your accounts in LC on the site (marked in green), we have already deleted all subscriptions to fines, bills and other tax assessments, and you can still have accounts.

And this is what the subscription to tax accounts looks like in the mobile application.

Unsubscribe button from such happiness could not be found. (unlike the program, there is a section for subscriptions/unsubscribes to this fantastic service in LK on the website).

The independence of the bank did not suit the colleague, and in a verbal scandal over the phone with the support service, he refused these subscriptions and asked to delete them.

Of course, he did not receive a clear answer to the question: where does the bank get the data and who gave it permission.

Based on on previously made payments, is it clear? Nishkom for the New Year.

Obviously questions and consents be damned in areas like personal finance and personal data!

But this was only the beginning of a mysterious story.

A month has passed! And it turned out that the prepayment of Gazprom bills, although it stopped being reflected in the slums of the personal office, nevertheless remained.

Now, when entering Gazprom details, the current payment amount automatically appears in the payment window:

Including, it is obvious that there is synchronization of client data between Tinkoff Bank and Gazprom structures. But on what legal basis it is conducted, who allowed it and why it cannot be refused – it is not clear at all.

Where does the bank get data from? Oh, you have no idea…

Anecdotal correspondence with support told us that:

a) The Bank considers itself capable of doing so because it is written in clause 3.2.1 of the Code of Civil Procedure that the bank may transfer information about the client to partners;

b) For some reason, the bank takes information about Gazprom’s accounts in the system of state municipal payments (or GIS GMP).

What? Yes! we have chests:

UKBO is the Terms of Comprehensive Banking Services, the main document that regulates all your relations with the bank. They are added to the contract, you cannot refuse them, the bank has the right to unilaterally change it as and when it wants. But all proceedings with the bank will take place in accordance with this document – you signed the contract for it. Don’t like it – don’t use it.

ДВС ГМП, or the State Information System on State and Municipal Payments, is intended for posting and receiving information on the payment by individuals and legal entities of payments for the provision of state and municipal services. It has nothing to do with utility payments, bank scams, or Gazprom structures.

Well, point c):

You can’t turn it off!

As we can see, Tinkoff bank’s customer support specialists refer to the fact that data is allegedly provided to them against their will by GIS GMP (we are still laughing) and the counterparty, or Gazprom.

And what about Gazprom?

And the Gazprom structure assured that they do not provide any customer data to anyone and have no relation to such a bank transaction.

There is a letter (they simply replied to the e-mail, but from the official address):

Oh_oh

Including, the data is synchronized in an excellent way.

No one is involved in this!
Well, isn’t GIS GMP…

…and how surprised the Federal Treasury was!

We think that the Federal Treasury, which is responsible for GIS GMP, and where we sent the request on our topic, was the most surprised in this situation.

And we received a written answer about non-involvement in everything that is happening (which is, the GMP is, in principle, about something else).

Is everyone lying?

Managers of the bank’s support service, referring to GIS GMP, obviously broadcast to customers any nonsense in response to claims (in our subjective opinion).

But this does not cancel the question: how does the bank obtain data about its client’s accounts in the structures of Gazprom, which informed us that it does not provide data to third-party organizations.

We requested the bank’s logs – electronic records of actions in the personal account – on the date when our “subscription” was allegedly made. The answer we received was not unexpected:

Therefore, let’s take a look at the bank documents, which probably contain so much that the managers probably don’t know what’s there.

The legal side of the issue

In the course of the investigation, we found the following document: it is an instruction regarding the bank’s services for paying for housing and communal services services. In particular, it is precisely about subscriptions to information about payments or automatic payments. Our general citizen view did not see any crime, but our lawyer told us a terrible thing. 👿

Based on the text of the document, it turns out that the bank believes as follows:

  • when the customer enters the details of his unique personal account, TIN and other identifiers, he thereby takes a conclusive action and confirms his consent to the service with all accompanying permissions and consents.

That’s it, that’s it.

And it would seem, what an innocent phrase in the context: “We will check the invoices issued to you and will now regularly check new ones.” And it is worth entering the personal account in the details of a regular payment and clicking “continue” – and immediately unknown services are in your pocket, and personal data is completely unknown to whom (at least – we do not know).

The most surprising thing is that it is “not technically possible” to disable this subscription – and this is another action that is categorically incomprehensible to us.

However, Tinkoff Bank has been repeatedly noticed by us in an extremely loose interpretation of the limits of its rights and the rights of its customers. We wrote earlier about how all services under the Tinkoff brand include in their contracts clauses on the unhindered transfer of personal data of customers to any third party at their requestwhich seems to us to be seen as ignoring the very existence of the “Personal Data Act”. The other day we wrote about another great prank of this bank. consent to the service after displaying stories in the application. This also still does not fit well in our heads.

And is it not possible in a humane way?

The need to pay housing services or taxes is somehow perceived by the bank as an object for incomprehensible actions with personal data of customers. And if you understand – why do they need a bank?! and still obtained in a similar hidden (in our opinion) way – we are not in a position to do so, so we are naturally afraid of the origins of such abundant arrays of personal data. The entire past and current year showed us how Russian business knows how to store personal data of customers: no way, as it seems to us. Therefore, increasingly bold attempts to collect and link our data into huge arrays against our will (in our opinion) cause us not just fear, but panic.

We still don’t understand what it means to ask for user consent in a TRANSPARENT and UNIFORM manner. That is, directly: “Can we ask for data related to your utility bills here and there and tell you the amount to pay”? Maybe it will be convenient for someone, and for someone it will be an opportunity to give up such incredible happiness.

And we urge you to never, ever ask for consent related to personal data in a “package” with other services. Who even came up with the idea “By clicking the “pay” button, you agree to …” [кучу дополнительных услуг]? By clicking “pay”, you can agree to pay ONLY. Please create separate buttons for the rest. Modern software tools allow this.

Well, what is going on with your data management there, if you can’t even explain to us in an understandable way what data you have and where it comes from?

Related posts