Share this content

Encrypted certificate not accepted by lender

Tried to send an encrypted mortgage certificate but the lender will not accept it

Didn't find your answer?

Search AccountingWEB

We have sent an encrypted mortgage certificate to a well-known large building society but have received a response that they cannot accept encrypted or password protected documents. This is urgent so we would prefer not to rely on the post. They have suggested that we merely scan and email it (obviously without encryption). Do others consider that in view of the urgency it would be reasonable to send it unencrypted?


Please login or register to join the discussion.

21st Nov 2018 14:34

Get the client's permission.

Let him decide if it's urgent.

Or fax it.

Thanks (3)
21st Nov 2018 14:37

Unencrypted email is about as secure as posting a letter without an envelope round it.

If the client wants you to do it then do it, but get their written consent.

Thanks (1)
21st Nov 2018 14:43

In these situations one has to be pragmatic. Take your client's instructions. S/he steers the outcome.

It strikes me as strange, when these financial institutions simply try to rewrite the rule book. GDPR, effective 25th May 2018, was intended to strengthen, not weaken, the existing arrangements and, this "well-known" large building society, appears to want to play fast and loose, with the ruling. Am I surprised? No, I'm too old for that.

Thanks (1)
to Chris.Mann
21st Nov 2018 14:47

A wee email to ICO explaining that the lender expressly forbids sensible data security precautions might be in order.

If you don't name your client you don't need to encrypt that one :)

Thanks (1)
21st Nov 2018 15:00

Send a fax - that's secure. It's the future!

Thanks (1)
to alan.rolfe
22nd Nov 2018 12:10

alan.rolfe wrote:

Send a fax - that's secure. It's the future!

Strange how "embracing technology" somehow makes us more vulnerable.

Thanks (1)
21st Nov 2018 15:05

My view is that it is your responsibility to deal with sensitive information with care or else it will be you who has to answer to ICO.

You can send this encrypted to the client and get him to get this to its destination.

If client does did not follow rules it is a client problem and it the client that needs to have this with the lender.

Faxing a document gets over the encryption issue, in case this is possible as no one can intercept the information sen this way.

Thanks (1)
By John R
21st Nov 2018 15:42

Thanks all.

Rightly or wrongly, I decided to send it by fax.

Thanks (0)
to John R
21st Nov 2018 17:52

Did you have to go to the library and pay 10p?

Thanks (0)
to atleastisoundknowledgable...
22nd Nov 2018 11:58

We still send a monthly fax to the Bank of Scotland for them to pay a clients wages

Thanks (0)
By Briar
22nd Nov 2018 15:59

I had this same problem with Nationwide a month ago. The mortgage adviser seemed completely unaware of GDPR! After I had insisted that he get in touch with his IT guys, an encrypted email facility was made available (which they had all along but he had not been aware of it). They sent me an encrypted email to reply to. Then the mortgage adviser emailed me the password. Aghh!!!

Ended up posting it.

Thanks (1)
27th Nov 2018 10:21

Many companies firewalls and virus protection prevent encrypted emails.

As to a fax being secure. I had a good laugh. Any one on the phone line (man in a hole in the road) can affix a fax machine. Was there not a film where this happened.

We always mail a copy of the reference - kust in case.

Thanks (1)
27th Nov 2018 14:30

Refusing encrypted documents is a standard corporate cybersecurity mitigation because the front end protection applicances cannot examine them for embedded malware threats. As with the Nationwide example quoted there will often be secure document exchange arrangements in place but not necessarily known to front end staff. A nuisance under time pressure but a symptom of the amount of cybersecurity threat to financial organisations in a world where spoofed or false email and telephone numbers are trivially available to attackers and encrypted documents can only be automatically inspected if the receiving system holds the keys already. Might be worth getting the professional asociations to ask UK Finance to publish the secure contact channels for their members ?

Thanks (1)
30th Nov 2018 12:44

I had this same problem with Nationwide two months ago.

They asked me to resend my Accountant’s Certificate reply regarding the client’s taxable income in an unencrypted e-mail.

I replied that as I also banked with Nationwide, and they already have my details, would they mind please confirming my current bank deposit account balances.

The gentlemen that I had been corresponding with then replied that this was confidential and he could not send this by e-mail to me!

I rest my case. One rule for the banks and another rule for the sensible general public!

Thanks (1)
Share this content