17. Fraud Prevention Agencies (FPAs)
This section deals with information we share outside our group to help fight financial crime. This includes crimes such as fraud, money-laundering and terrorist financing.
We may need to confirm your identity before we provide products or services to you or your business. This may include carrying out fraud checks at the point of sale.
Once you have become a customer of ours, we will share your personal information as needed to help combat fraud and other financial crime. The organisations we share data with are:
- Registered Fraud Prevention Agencies (FPAs)
- Other agencies and bodies acting for the same purpose
- Industry databases used for this purpose
- Insurers
Throughout our relationship with you, we and these organisations exchange data between us to help prevent, deter, detect and investigate fraud and money-laundering.
None of us can use your personal information unless we have a proper reason to do so. It must be needed either for us to obey the law, or for a ‘legitimate interest’.
When we have a business or commercial reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.
We will use the information to:
- Confirm identities
- Help prevent fraud and / or money-laundering
- Fulfil any contracts you or your business has with us.
We or an FPA may allow law enforcement agencies to access your personal information. This is to support their duty to prevent, detect, investigate and prosecute crime.
These other organisations can keep personal information for different lengths of time, up to six years.
The information we use
These are some of the kinds of personal information that we use:
- Name
- Date of birth
- Residential address
- History of where you have lived
- Contact details, such as email addresses and phone numbers
- Financial data
- Whether you have been a victim of fraud
- Data about insurance claims you have made
- Data relating to your or your businesses products or services
- Employment details
- Vehicle details
- Data that identifies computers or other devices you use to connect to the internet. This includes your Internet Protocol (IP) address.
Automated decisions for fraud prevention
The information we have for you or your business is made up of what you tell us, and data we collect when you use our services, or from third parties we work with.
We and other organisations acting to prevent fraud may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account or policy is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a risk that fraud or money-laundering may be carried out against a customer, the bank or the insurer.
How this can affect you
If we or an FPA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. FPAs and cross-industry organisations may also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
Data transfers out of the UK and EEA
FPAs and other organisations we share data with for these purposes may send personal information to countries outside the UK and European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.
Here is the web page for the information notice of the main Fraud Prevention Agency we use:
CIFAS - https://www.cifas.org.uk/fpn
Back to top