I’ve just found out that my cat’s vet surgery inserts their patients’ names to the transaction identifiers when taking direct debit payments. For example, here’s the whole direct debit transaction ID as shown on my bank statement:
DE06287259MYCROFT
where ‘MYCROFT’ would be my cat’s name.
Taking into account that many, many, many banks use their customer pets’ names as one of security questions, this might pose a real risk. A dishonest bank worker, – or, well, anyone who could intercept the statements en route to your house, – might use that information to gain access to your bank account.
Moreover, the transaction info also says that the payment was taken on behalf of a nationwide vet alliance and not my petite village surgery. This makes me think that a large number of other small vet surgeries over the country use the same umbrella company to take direct debit payments on their behalf, putting the assets of their customers at risk.