How A Bank Gave My Data To A Marketing Firm Before The Signup Process Was Complete

Posted: Jan 10 2014, 9:01am CST | by , in News


How A Bank Gave My Data To A Marketing Firm Before The Signup Process Was Complete
Photo Credit: Forbes

As someone who recently moved to Washington, D.C., after three years in London and many more in Norway, and is currently playing the waiting game that is U.S. immigration, I received my social security number earlier this month. Applying for a bank account was next on my list.

Before I had completed the online application–and without ever submitting the form–my personal information had been given to a third party for marketing purposes. As I dutifully entered my details, including my full name, address, social security number and phone number, into the form, the website was quietly sending the information back to the bank using a few clever lines of code.

A close friend had recommended the brokerage and banking company Charles Schwab a few months prior. I was less than impressed by their weak password policy, which says passwords can be no longer than eight characters, no shorter than six and without any symbols, but my friend’s strong recommendation and the promise of a free security token for two factor authentication had me convinced that Schwab would be a good place to bank with.

I was halfway done with step two of the application when I realized I would be unable to complete it online. The form asks for a U.S. driver’s license, something I don’t have yet. After confirming this with a Charles Schwab employee through the live chat on the website, I closed the page and went to fill out the form manually instead. Little did I know that Schwab had already created a profile for me in their system, even though I never clicked the “save” or “submit” button.

The following morning, I received an email from Charles Schwab reminding me that I had not completed the online application. I ignored it. A day later, I received a phone call from Q & A Research, Inc., a marketing research supplier, telling me they were doing a survey on behalf of Charles Schwab and would like to ask me some questions. I hung up.

It reminded me of the story of how Facebook tracks what users type, even if they never post it (in reality, Facebook will only see that a user canceled a post, not what he or she had written). In some ways, this was my fault. I should have read the Privacy Notice, the Terms of Service and the disclaimer written in a small font. I should not have assumed that information would only be transmitted once I hit submit.

“This is not standard practice,” said the Charles Schwab customer service representative I spoke to on Wednesday, clearly unaware of the bank’s own Privacy Notice. “We don’t know how this happened,” he added after speaking to his manager. The representative went on to explain that he could update my profile to limit the sharing of my personal information.

I was surprised to learn that I already had a profile. Had I filled out the application by hand to begin with, and then ripped it apart and thrown it in the trash, Schwab would never have known.

“It could be that only contact details of ‘fleeing’ applicants are used to try and figure out why they fled,” says Joseph Lorenzo Hall, Chief Technologist at the Center for Democracy and Technology. “But the transmitting of certain elements of that form before submission, like social security numbers, seems especially dangerous.”

When asked to comment on this practice, Sarah Bulgatz, Charles Schwab’s Director of Public Relations, emailed me a screenshot of the disclaimer with a hand-drawn blue arrow pointing to the Privacy Notice. My followup email went unanswered.


You can follow me on Twitter and email me (GPG public key).

Source: Forbes

You May Like


The Author

Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




Leave a Comment

Share this Story

Follow Us
Follow I4U News on Twitter
Follow I4U News on Facebook

Read the Latest from I4U News