Handling of the account data in Starling's chain of processing - offshore company?


#1

Someone here posted a comment:

Whilst Starling has a lot going for it, they have, I fear, made one significant mistake. Unlike Revolut and Monzo, they use a questionable offshore company to process our card spending. This means Starling have to focus on front end gimmicks like orientation on the plastic instead of being able to guarantee that our personal data is not sitting resident in RAM in an offshore server waiting to be hacked. This is the achilles heel.

Is there official information where I can read more about this? The “questionable offshore company to process our card spending” sounds like a very big problem to me, personally.
What happens to my data? I assume Starling operates under GDPR, but how about that offshore processing company? How can you make sure they stick to EU data protection and privacy rules?

I’m sure Starling will reply to this with “Don’t worry, we all stick to the privacy rules and your personal data is very important to us blah blah”. But that’s not very reassuring to me.

And even if everyone in the “chain” is bound by GDPR, wouldn’t it be nice, since this is about banking and very personal data, to have even stricter rules? GDPR is far from sufficient in many respects.

This thread is slightly related to Starling's Ethics.


#2

Your link @mike2 does not go anywhere. Where is the block of text lifted from? R-


#3

Starling use GPS for it’s card processing, the same as Monzo and Revolut.

So not sure what the comment is on about.


#4

Monzo doesn’t use GPS anymore since it has taken the processing in-house, and Revolut is moving away from it soon after the last huge outage. Don’t know what the comment is referring to though as I’m not familiar with the tech.


#5

It’s from the comments section on this article (currently 7th comment down):

https://www.finextra.com/newsarticle/32428/starling-bank-flips-the-debit-card-on-its-head/payments


#6

I know they was talking about it, but not sure they have completely finished it. They had downtime the same time Starling did last month.


#7

The last outage was with Monzo cards added to Curve, not because of Monzo itself. Lots of people were complaining about it failing with Curve on Monzo forums. That occasion was why Revolut announced they would take processing in-house.


#8

Looks to me like an exact quote I read on facebook as a reply to one of Starlings announcements. I chose to ignore it


#9

Monzo’s outages haven’t gone away after they switched to their own in-house processor. Their incident occurrences’ rates are pretty much on GPS’s level.


#10

I think its a load of nonsense, Starling use GPS for card processing, no where in their data protection policy does it mention anything like that.


#11

Yeah, I was just answering @RogerB’s question as to where the text came from.


#12

I’m not trying to score points about whether it has a lower/ higher incidence rate, just clarifying with @daedal that they aren’t using GPS :slight_smile: Starling doesn’t update the status page/ list GPS as the culprit when incidents occur even when every other bank has so it won’t come up on record.


#13

Thanks for clarifying and apologies for misunderstanding your comment. I hope you dind’t take my comment as a personal attack :grinning:


#14

No offence taken haha! Was worried you might have interpreted my comment wrong!


#15

Yes, thanks @dave. So it’s an undisclosed source from an anonymous contributor? R-


#16

Have Monzo admitted this, because I can see no evidence they have launched their own in house processing, in fact their own status page matches GPS’s last 4 failures.


#17

Ah apologies, my link was broken - fixed it. Also I didn’t find out how to directly link to the comment, so thanks too for that @dave.

What exactly is GPS? And where are they registered?
I am not saying what I quoted is true but I do think we should know if there is any truth to it, and more generally, about the data protection and privacy laws of the whole chain and what laws the companies are bound by in that chain.


#18

Global Processing Services are based in London. R-


#19

It’s a London based processor, used by a number of companies and banks.


#20

Yes, you can read more about it in their blog post I’ve linked below. The prepaid card used to use GPS and they announced they would be moving away from it in 2017. The current account switch earlier this year (April '18 was the last date and they started switching people as early as Nov '17 I think?) coincided with taking everything in house. I’m not sure which 4 specific instances you’re referencing but perhaps it might be attributed to the Mastercard outage worldwide around mid July that happened after the massive Visa outage? Or the faster payments issue that affected all UK banks.