They want to see my personal life before being my client
Discussion
Evening!
Back in April I asked about IR35 for an IT contract I was offered and got some very helpful answers. See https://www.pistonheads.com/gassing/topic.asp?h=0&...
Since then accepting their offer, I've been in in a long-running vetting process and it's still not over. They've asked to see some legal documentation, they've done some DBS checks on me, and now they are asking for three months of my most recent bank statements, uninterrupted. I've asked why they want them, who will get to see them, how the data will be stored, and for how long, and they will only give me the most vague answers back. As it's a financial institution, I actually thought it was a test to see how free I am with confidential information, but it turns out that they actually want to see my statements. To make matters worse, they are insisting that I either email them or fax them.
I've offered to take my statements along in person and show them to a person who can examine them in depth and make a decision, but they are refusing. Either I email them, fax them or walk away. And I'm not willing to do the first two. They have said that they want nothing but PDF or image files attached to the email, but this strikes me as pure madness. I have archived my files in a 7zip file encrypted with AES256 encryption, and will send the decryption key separately. Zip with the default zipcrypt is as easy to break as an eggshell, so that's out. Let's see what they come back with.
I have nothing to hide, but equally the potential for loss through fraud is massive should this data get into the wrong hands. I literally can't believe this institution is so lax about the security of people who might potentially work for them. And it's not as if they will be my employer. They would be my client!
Do you think I'm taking my privacy and security too seriously? I'm very curious as their expectation that I will just email my statements leads me to believe that other people don't see this as a problem!
Thanks!
Back in April I asked about IR35 for an IT contract I was offered and got some very helpful answers. See https://www.pistonheads.com/gassing/topic.asp?h=0&...
Since then accepting their offer, I've been in in a long-running vetting process and it's still not over. They've asked to see some legal documentation, they've done some DBS checks on me, and now they are asking for three months of my most recent bank statements, uninterrupted. I've asked why they want them, who will get to see them, how the data will be stored, and for how long, and they will only give me the most vague answers back. As it's a financial institution, I actually thought it was a test to see how free I am with confidential information, but it turns out that they actually want to see my statements. To make matters worse, they are insisting that I either email them or fax them.
I've offered to take my statements along in person and show them to a person who can examine them in depth and make a decision, but they are refusing. Either I email them, fax them or walk away. And I'm not willing to do the first two. They have said that they want nothing but PDF or image files attached to the email, but this strikes me as pure madness. I have archived my files in a 7zip file encrypted with AES256 encryption, and will send the decryption key separately. Zip with the default zipcrypt is as easy to break as an eggshell, so that's out. Let's see what they come back with.
I have nothing to hide, but equally the potential for loss through fraud is massive should this data get into the wrong hands. I literally can't believe this institution is so lax about the security of people who might potentially work for them. And it's not as if they will be my employer. They would be my client!
Do you think I'm taking my privacy and security too seriously? I'm very curious as their expectation that I will just email my statements leads me to believe that other people don't see this as a problem!
Thanks!
cs174 said:
Tell them they are welcome to do their own background checks but you need to draw the line at providing bank statements. They are an employer/client. What on earth do they need your bank statements for that that they can't get from a credit check, DBSS etc.? I don't think there's any risk of fraud whatsoever but your bank statements are none of their business. Stick to your guns buddy.
So, having read your other post, is this position inside or outside IR35?
Despite the fact that I have a few clients and will continue to do work for and invoice those other clients, it's caught by IR35 and they insist that I provide my services through an umbrella company. So I will be employed by the umbrella company of my choosing and that company will invoice the client.So, having read your other post, is this position inside or outside IR35?
toasty said:
If you don’t want to let them investigate then walk.
Unless it’s your dream role, there’s plenty of other jobs going.
It's not my dream role, but this particular company are headquartered in certain a Southern European country in which I would like to retire one day. This might be a way of gaining a foothold which might be necessary now that Brexit had destroyed my plan to eventually leave Blighty for a better climate and much better food.Unless it’s your dream role, there’s plenty of other jobs going.
I'm reluctant to let them investigate as even my medical records don't reveal as much about my lifestyle as my bank statements do. What I absolutely object to is sending them via open unencrypted email, where they can be intercepted by every hacker aged 10 years old and above. To the person who posted the tinfoil hat - how do you think passwords get breached and you end up getting loads of spam email. Hackers have vast networks of bots scanning the internet for information useful for committing fraud.
Austin_Metro said:
Download it into xls, filter it for relevance and send it to them with account details deleted.
Can’t see it is anything to do with them.
Nope, they want to see it with all formatting and logos unmolested as if it just dropped through my letterbox. I don't get paper statements but they do accept PDF statements, with all formatting and logos intact.Can’t see it is anything to do with them.
Dog Star said:
LunarOne said:
I'm reluctant to let them investigate as even my medical records don't reveal as much about my lifestyle as my bank statements do. What I absolutely object to is sending them via open unencrypted email, where they can be intercepted by every hacker aged 10 years old and above. To the person who posted the tinfoil hat - how do you think passwords get breached and you end up getting loads of spam email. Hackers have vast networks of bots scanning the internet for information useful for committing fraud.
This is pure comedy - how is it going to compromise your password? What will these shadowy “hackers” glean from your statements? Your name, address and account number? And do what? Or are your bank statements full of transactions to uberkinky or something? Zip keys 
Are you just being massively silly to prove how much you take security seriously? You just sound paranoid and silly and like you’re trying to big up your IT skills. If I was at the receiving end of your ridiculous objections I’d be seriously wondering what you’d be like to work with and considering retracting the offer.
I'm also guessing you don't remember this:
https://www.autoblog.com/2008/01/07/jeremy-clarkso...
Caddyshack said:
hajaba123 said:
Seems like a massive over reaction to a non existent issue
I am with you on this one. I don’t think much fraud would go on within a bank where they steal info from a bank statement nor email hackers. People are right to be cautious but can be a bit over the top. Most mortgage companies need 3 months bank statements and they have sophisticated credit bureau info. Santander are one of the rare lenders that do not look at bank statements but they do things like companies house searches etc for self employed so suspect they know a lot about banking anyway.
Anyway, the company in question have agreed to my proposed encryption method and I have supplied the data they requested plus the encryption key provided to them separately. I'm still not particularly thrilled to give them my private information, but I feel happier that I have struck a balance between security of my information and their requirements.
Thanks everyone for your input!
craigjm said:
Mr Whippy said:
On the job, why not just make up statements?
Trim out the fat. Look boring. If they’re having to ask then they’ll never know any different any way.
Yeah that will look good to a potential employer!Trim out the fat. Look boring. If they’re having to ask then they’ll never know any different any way.
Honestly if the OP is that bothered just move on and get something else, forever more strike off potential employers that want to see your bank statements and console yourself that your principles will potentially impact your career. Your call it’s really as simple as that it doesn’t need loads of pages on an Internet forum
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff