As soon as there were multiple boxes with the same number in a single vault, this course of events was pretty much inevitable.
If the bank is not competent enough to assign unique numbers to each box in the first place, of course they aren't going to be competent enough to only ever empty the correct one of several boxes numbered #105, or to handle to contents safely.
It's difficult to comprehend how the bank thought having non-unique numbers would be workable. If non-unique deposit box numbers seems ok, why not non-unique bank account numbers? Or why even go up to #105, just number them all #1?
I'm always fascinated when people find a way to undermine a simple, workable system and end up with something worse than no system, or the state of affairs before the system existed.
I learned the hard way several years ago that a bank I used to have will happily cash two checks with the same check number the same amount and the the same recipient (on the same day even).
Apparently check numbers are for my convenience not for any sort of auditing on their part.
Isn't this just covered by ordinary tort law? There is a duty of care, there is a lapse of said duty. The issue seems to be that people are putting valuable items into it and then signing a contract that says that the limit of liability is limited to much less than the value. If that isn't negotiable with the bank then the bank is just not willing to accept the risk. Then either you can find an insurer who is willing to accept the risk or you can find a different bank who is willing to accept the risk or you can build a safe yourself since all the risk is on you anyways.
There doesn't need to be special laws for everything.
In the case of banks I think they have proven conclusively that they do need laws for everything and extensive oversight to ensure they are complying with those laws. They are always looking for loopholes and just the right wording to put their interests in front of yours. At least in the US, maybe banks are better behaved in the rest of the world. In the US we have three federal agencies and countless state agencies all dedicated to keeping the banks in line and they all stay busy.
If we are to add a law here, I think it may make sense to require contracts to be easy to understand and as short as is reasonable. I think it's pretty reasonable for someone to skim over fine print especially for something that seems obvious.
Something like a safe deposit box should be a single page document with something like this:
- cost is $X/month and prices are revaluated every Y months and can increase by a maximum of $Z/month
- may access the box X times/month without any additional fees
- bank's liability is max $X or Y months of rent, whichever is higher/lower
- if rent is not paid, X happens, and after Y months of non-payment, Z happens
- policy/fee for lost keys
I haven't actually opened one, but I wouldn't be surprised if the contract was 10 pages long and the maximum liability was somewhere in the middle in fairly small print.
I would say the law that's needed is advertising-based. There's a huge disconnect between what "safety deposit box" means to people and what those actually, legally, are in 2019 according to the fine print. That's the main issue.
Imagine if it were legal for companies to pass something off as a "bank account" when they weren't actually a bank. And it explains it all in the fine print, but as we all know nobody reads the fine print, especially when the offered product is so seemingly familiar. We'd have fly-by-night operations losing people's money left and right, and then legally washing their hands of it.
Attorney here! (Not legal advice -- consult a licensed attorney in your jurisdiction).
In order to prevail in a negligence case, you have to establish duty of care in your complaint. You can't simply declare it exists and expect a court to accept it without question.
That said, I generally agree with the rest of your comment. You can always tell how much entities are really looking out for your interest by reading their limitations-of-liability clauses. Wise consumers should purchase insurance to cover the gap.
OK, but even if there was no limit in damages, what did you have in there? How do you go about proving it when it's only you putting and taking things out of there.
Here in Sweden it has been very clear for the last 20 years that banks consider anything non-digital to be legacy and aspects of banking that should be closed down to reduce costs. They know where the profits are and where it scales.
As far as I know, only a handful of banks in Stockholm still have safe deposit boxes. I even tried to start a safety deposit box business as a private non-bank related thing. I can´t even begin to describe to you what type of regulatory hurdles and red-tape I was faced with when trying to get that up and running. It´s pretty clear at this point that the entire system here is trying its hardest to reject everything of a non-digitalized and traceable nature.
For the longest time I used to believe that it is because Sweden is first to embrace new "technology". I have now come to understand now that it is something completely different and it will come back to bite this country in the ass in the not too distant future. I would be surprised if our economy even survives another decade without some serious restructuring.
In Norway I used to have a deposit box to safe-guard important papers, like birth certificate, "statsborgerbrevet" (confirmation of citizenship), old passport (as proof of previous citizenship), etc. Then the bank shut down the operations, they said it was decided so by the government which was worried about fortunes (and "other (unspecified) stuff") being stored, untraceable and untaxable.
I also used to have a safe in my previous apartment (with less valuable papers), had a break-in and they didn't bother opening it there, they took the whole thing weighing 40-ish kg.
So where am I supposed to store such kind of valuables now?
I can't help thinking this is short sighted of them.
In the days when banks needed branch networks and physical money the barriers to entry were high. We're now getting to the point where new entrants can, and increasingly are entering the marketplace.
I suppose you could argue that these new entrants are going to enter the online only marketplace anyway, but then how are the established banks going to differentiate themselves? What advantages do they have? Apart from a legacy Cobol codebase.
"Wells Fargo had apparently tried to evict another customer for not keeping up with payments, and bank employees had mistakenly removed his box instead."
The only things that sit in my safe deposit are password protected GPG paper keys, revocation certificates, and, OTP recovery sheets.
There's a local bank near my workplace provides such a service, and I use them as a last resort of crypto id recovery. The downside is that they have a fingerprint system, but they do have a human agent to verify your identity.
Those are some pretty important "only things". If you're concerned enough to have thought about and acted on this, why would you entrust these things to an inscrutable third-party?
On the one hand, obviously the bank was incompetent. But shame on the guy in the article for not having his items insured. This is a pretty standard rider in most home owner’s insurance policies (or an easy separate policy). Typically the policy is incredibly cheap if the items are stored in a safe deposit box, and if you take them out you call the insurance company and tell them that, the items remain insured but at a higher daily rate, and you call the insurance company and tell them when the items go back in the box, and the rate goes back to the low rate.
It seems that one of the most important things to start with is a page right at the top of the box with "IF THIS BOX HAD TO BE OPENED" followed by notes about payment for the box, multiple contact methods including through several third parties (friends, family, employers), etc. with mailing addresses, phone numbers, email for each. Heck, include several pre-addressed letters or envelopes with (in the USA) "Forever" stamps already on them.
Work from a basis of "mistakes happen, how can I minimize the impact?"
I recently rented a self storage unit and they required that I have insurance (theirs or my homeowners). I don’t see much difference between a safe deposit box is and a self storage unit. I’m surprised the banks don’t require this—it would be less hassle for them and the customer.
That being said, it should be obvious to the customer that insurance is needed. Actually reading the lease agreement should provide enough information on determining your insurance requirements. If Wells Fargo only caps their liability at $500, then you should have a policy to cover the rest. The laughable $500 liability really goes to show you they don’t care and don’t stand behind their product.
I would want to buy that insurance from the bank. If I buy the insurance from somewhere else, then the bank doesn't really have a financial incentive to keep my stuff safe.
Insurance is best when covering replaceable things: cars, houses, etc. Had this guy had insurance, he’d likely have been compensated (for sure better than nothing), but would still be without his watches.
I live in Switzerland and even here you're usually not covered, despite the reputation for banking. You can buy separate insurance however and some non-bank safe deposit boxes come with insurance.
I think this goes to show that banks really don’t care about customers, and they don’t care if something goes wrong. They only care when they get caught and they have to pay for it.
After looking at that site I expect that if I could find the author's full name and googled it, the results would be full of posts at metal detecting forums.
The whole site appears to be really bad advice-- instructing you to bury large metal containers of your valuable stuff on land that isn't yours. It is the stuff of detectorists fantasies.
It depends on your threat model. If you're worried about sophisticated attackers physically breaking in to your place to steal a Yubikey to steal your accounts, you should also worry about them physically tampering with your computer to install malware, and thus need monitoring for that as well.
If you can't do the monitoring, and you face very advanced attackers like this, it's probably best to only use a laptop that you physically keep with you at all times, and then you can keep your Yubikey with you at all times too.
If you just want to protect against an attacker sophisticated enough to steal a Yubikey but not enough to install malware, then maybe instead of a second Yubikey in the safe deposit box, you could have an encrypted recovery code in the safe deposit box, and either memorize the password, or store the password on your computer.
I've never heard of attackers stealing a Yubikey though. More likely is the attacker will social engineer the website's support into giving over your account.
Why would you want to store yubikeys securely, as opposed to recovery codes which you can print out in multiple copies? Store it in multiple semi-secure places. Unless you're running infra for an international corp, government, bank, or are likely to be physically targeted for some reason, you can likely store it in a folder on a shelf.
(And if you actually need to worry about things like that, then you've got (or should have) people who think of things like that for you)
From the article is sounds like most of those cases are banks drilling open the boxes and putting the contents into storage. A better and stricter inventory system with strict and punitive regulation is what is needed, not some technical gadget.
It is also sometimes in your interest to get things in the custody of an individual, ideally your attorney. If the owner of a deposit box becomes aware of your death, they will seal it until a court order is obtained.
I don't know how people who have jewelry worth millions usually act.
But honestly... it strikes me as a bit odd that you'd put objects worth many millions in a box that costs a $246 fee per year and then expect high safety standards.
They're not putting millions in a $246 box, they're putting millions in a bank. The same way you might put all your savings in a bank account that not only costs you nothing, the bank actually pays you for it (via interest). So if tomorrow your life savings disappear would the "what did you expect from a service you were paid to receive?" question seem reasonable?
Lobby and interest groups are strong enough that laws that actually look after the customer rather than the corporation are few and far between.
What would you do if you had jewelry worth millions? At first blush, a safe deposit box seems utterly logical. Even after reading the article, I can't think of any alternative other than avoiding Wells Fargo.
What? Banks stealing from their customers? Why never. But seriously, who is surprised? That's what banks do. They steal. They steal small amounts in wrong fees. They steal huge amounts in bailouts. They steal medium amounts in between. And of course there is no regulation so there's no recourse. How surprising that an unregulated industry steals and fucks over its customers to the largest extent possible. Not. It's the American way. For people that have no morals and don't care about fucking over and hurting others, making money is easy especially in the US. I sometimes wish I fell into that category. I'd make millions as do all these entities and people with no conscience. The corporation is the perfect vehicle for such actions. But unlike the people running these banks, the people regulating them, and the people advocating against regulation, I have a conscience that doesn't allow me to get rich in this way. Expecting banks to behave in such a way is madness, however.
[+] [-] tacostakohashi|6 years ago|reply
If the bank is not competent enough to assign unique numbers to each box in the first place, of course they aren't going to be competent enough to only ever empty the correct one of several boxes numbered #105, or to handle to contents safely.
It's difficult to comprehend how the bank thought having non-unique numbers would be workable. If non-unique deposit box numbers seems ok, why not non-unique bank account numbers? Or why even go up to #105, just number them all #1?
I'm always fascinated when people find a way to undermine a simple, workable system and end up with something worse than no system, or the state of affairs before the system existed.
[+] [-] amichal|6 years ago|reply
Apparently check numbers are for my convenience not for any sort of auditing on their part.
[+] [-] BlackFly|6 years ago|reply
There doesn't need to be special laws for everything.
[+] [-] zxcvbn4038|6 years ago|reply
[+] [-] beatgammit|6 years ago|reply
Something like a safe deposit box should be a single page document with something like this:
- cost is $X/month and prices are revaluated every Y months and can increase by a maximum of $Z/month - may access the box X times/month without any additional fees - bank's liability is max $X or Y months of rent, whichever is higher/lower - if rent is not paid, X happens, and after Y months of non-payment, Z happens - policy/fee for lost keys
I haven't actually opened one, but I wouldn't be surprised if the contract was 10 pages long and the maximum liability was somewhere in the middle in fairly small print.
[+] [-] _bxg1|6 years ago|reply
Imagine if it were legal for companies to pass something off as a "bank account" when they weren't actually a bank. And it explains it all in the fine print, but as we all know nobody reads the fine print, especially when the offered product is so seemingly familiar. We'd have fly-by-night operations losing people's money left and right, and then legally washing their hands of it.
[+] [-] otterley|6 years ago|reply
Attorney here! (Not legal advice -- consult a licensed attorney in your jurisdiction).
In order to prevail in a negligence case, you have to establish duty of care in your complaint. You can't simply declare it exists and expect a court to accept it without question.
That said, I generally agree with the rest of your comment. You can always tell how much entities are really looking out for your interest by reading their limitations-of-liability clauses. Wise consumers should purchase insurance to cover the gap.
[+] [-] onetimemanytime|6 years ago|reply
[+] [-] tzs|6 years ago|reply
As a consumer, I have no idea what the risks of a safe deposit box are, and so have no idea what I need in the way of insurance to cover those risks.
The bank, on the other hand, has real data about the safety of their safe deposit boxes, and the value of loses when those boxes are compromised.
[+] [-] belorn|6 years ago|reply
[+] [-] wesammikhail|6 years ago|reply
For the longest time I used to believe that it is because Sweden is first to embrace new "technology". I have now come to understand now that it is something completely different and it will come back to bite this country in the ass in the not too distant future. I would be surprised if our economy even survives another decade without some serious restructuring.
[+] [-] zvrba|6 years ago|reply
I also used to have a safe in my previous apartment (with less valuable papers), had a break-in and they didn't bother opening it there, they took the whole thing weighing 40-ish kg.
So where am I supposed to store such kind of valuables now?
F*ing stupid government.
[+] [-] benj111|6 years ago|reply
In the days when banks needed branch networks and physical money the barriers to entry were high. We're now getting to the point where new entrants can, and increasingly are entering the marketplace.
I suppose you could argue that these new entrants are going to enter the online only marketplace anyway, but then how are the established banks going to differentiate themselves? What advantages do they have? Apart from a legacy Cobol codebase.
[+] [-] kinleyd|6 years ago|reply
Wow. The incompetence is truly amazing.
[+] [-] methou|6 years ago|reply
There's a local bank near my workplace provides such a service, and I use them as a last resort of crypto id recovery. The downside is that they have a fingerprint system, but they do have a human agent to verify your identity.
[+] [-] JabavuAdams|6 years ago|reply
[+] [-] cascom|6 years ago|reply
[+] [-] jdlshore|6 years ago|reply
It did talk about the sentimental value of a lifetime of collecting one-of-a-kind timepieces. That can't be replaced by an insurance payout.
[+] [-] fencepost|6 years ago|reply
Work from a basis of "mistakes happen, how can I minimize the impact?"
[+] [-] 7952|6 years ago|reply
[+] [-] Bluecobra|6 years ago|reply
That being said, it should be obvious to the customer that insurance is needed. Actually reading the lease agreement should provide enough information on determining your insurance requirements. If Wells Fargo only caps their liability at $500, then you should have a policy to cover the rest. The laughable $500 liability really goes to show you they don’t care and don’t stand behind their product.
[+] [-] Thorrez|6 years ago|reply
[+] [-] city41|6 years ago|reply
[+] [-] Youden|6 years ago|reply
[+] [-] Simulacra|6 years ago|reply
[+] [-] segmondy|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] julienchastang|6 years ago|reply
[1] https://www.thinkadvisor.com/2018/07/30/a-timeline-of-wells-...
[+] [-] benj111|6 years ago|reply
https://www.bloomberg.com/opinion/articles/2019-07-22/don-t-...
[+] [-] jraby3|6 years ago|reply
[+] [-] mitchtbaum|6 years ago|reply
Well, you're still in luck.
You can search how to bury your stuff, ie:
http://www.howtoburyyourstuff.com/
Really.
[+] [-] nullc|6 years ago|reply
The whole site appears to be really bad advice-- instructing you to bury large metal containers of your valuable stuff on land that isn't yours. It is the stuff of detectorists fantasies.
[+] [-] Bucephalus355|6 years ago|reply
[+] [-] Thorrez|6 years ago|reply
If you can't do the monitoring, and you face very advanced attackers like this, it's probably best to only use a laptop that you physically keep with you at all times, and then you can keep your Yubikey with you at all times too.
If you just want to protect against an attacker sophisticated enough to steal a Yubikey but not enough to install malware, then maybe instead of a second Yubikey in the safe deposit box, you could have an encrypted recovery code in the safe deposit box, and either memorize the password, or store the password on your computer.
I've never heard of attackers stealing a Yubikey though. More likely is the attacker will social engineer the website's support into giving over your account.
[+] [-] viraptor|6 years ago|reply
(And if you actually need to worry about things like that, then you've got (or should have) people who think of things like that for you)
[+] [-] TomK32|6 years ago|reply
[+] [-] Spooky23|6 years ago|reply
It is also sometimes in your interest to get things in the custody of an individual, ideally your attorney. If the owner of a deposit box becomes aware of your death, they will seal it until a court order is obtained.
[+] [-] hannob|6 years ago|reply
But honestly... it strikes me as a bit odd that you'd put objects worth many millions in a box that costs a $246 fee per year and then expect high safety standards.
[+] [-] close04|6 years ago|reply
Lobby and interest groups are strong enough that laws that actually look after the customer rather than the corporation are few and far between.
[+] [-] cantrevealname|6 years ago|reply
[+] [-] mnm1|6 years ago|reply
[+] [-] anticensor|6 years ago|reply