In-app Cheque Imaging Support

I’m a bit lost as to which GDPR consideration a business would neglect by sending out a piece of paper which had their business account details on.

Heck, even if a business published their own business account details on their public website, I don’t understand how that might be a GDPR compliance issue.

If they were collecting other business account details, then yes absolutely that would be sensitive data which they would need to manage.

GDPR is all about mitigating business risk, not just privacy for individuals. Sharing account details could be considered a vector for fraud or other risks, even if the practical risk is low. This can therefore be written off and the details published anyway.

In many cases now, though, businesses have taken to removing account details from their websites and instead ask customers to contact them if required to obtain them directly. This is probably to make sure they can give correct Confirmation of Payee instructions, but it may also be loosely related to GDPR.

Anyway, I stand by what I said before that giving out cheques is no substitute to transfers with GDPR. You would keep records of who and where the cheques were going which would, themselves, have to be adequately secured. Solicitors now also prefer not to issue cheques in many cases because they have to do AML/KYC checks before they can give out inheritances, etc. This can mean they prefer to have bank details for direct transfers, which allow them to run checks through credit reference agencies rather than manually.


So, to be clear, what you were saying about the business’ account details being present on a cheque they issue being a concern with regards to GDPR was incorrect, right?

I understand the principle of what you are saying, that the business writing the cheque still keeps a record of the payee and that record is still of consequence for GDPR, but fundamentally the sensitivity of a simple name, address and value of payment is fundamentally lower than the same + bank account details. The former is little more than what is recorded on the public electoral register.

I don’t think so. It is a concern, although it may be an “acceptable” one. However, data minimisation taken to its logical conclusion would avoid use of cheques (with direct transfers, only people with access to accounts would ever see the account details of either party, so they would be already vetted and “trustworthy” people - cheques expose the details for all to see so the potential for misuse of the details is higher, especially when you factor in risks of things like cheques getting lost).

GDPR requires that everyone within a business assess what data they are holding, processing and using during the course of business. It then requires risks to be identified and mitigated.

This affects all data, and specific treatment is required for more sensitive data.

I think that’s as clear as I can be.

It’s not - GDPR is very explicit that pieces of otherwise public data, put together, should then be considered as sensitive or private information because they amount to identifying an individual (and could perhaps be used to, for example, de-anonymise the individual’s profile from a larger dataset).

All those details (address, name, bank details) are things which are unique to a particular person/entity and could be used to identify them. They are therefore “equal”.

The electoral register is not public; it’s highly regulated and restricted in it’s full form.

The version that is freely available is the “edited register”, which people can opt-out of.

Phew. GDPR sounds very complicated and confusing. No wonder the government is planning to dump the whole thing and replace it with their own system.

You’re conflating ‘public’ and ‘freely accessible’. Absolutely anyone can view the register, here’s how you do it in Glasgow:

I’m with you right up until the point about equality. Considering the impact of a breach in advance is important, GDPR breaches are not equal. The impact of names, addresses and bank accounts being stolen is far worse than just names and addresses and any resultant fine would reflect that.

1 Like

I agree with WillPS, the full electoral register can be viewed by anybody if you turn up to check it personally (often at your local library); you’re just limited by law as to what you can use the information for.

The edited/ open version can be sold and used by anybody for any purpose they like, e.g. marketing etc.

The phone book also contains freely available names and addresses, although judging by the size of the phone book these days, most people either no longer have a landline phone, or they’ve gone ex directory.

Yes I did - I was thinking about the ability to be removed from the register entirely, except for voting purposes, under anonymous registration. That way, your details never appear except to the election officials at your local council. I forgot about the difference between this and being removed from the open register.

It’s still not legally-permissible to look someone up with the purpose of using their details, though, if they don’t appear on the open register. You can use the register for things like tracing birth parents even if someone is on the edited register only. In reality, the fact you can’t do it online and it’s a relatively obscure process probably means this access isn’t abused too much.

I didn’t mean they were. Obviously if somebody’s entire medical record was published, for example, or their full tax return complete with unredacted data, that would be a “worse” incident than leaking a list of names and addresses. My point was that any items of individual data have the potential to be sensitive, especially when combined with other data, so would come under GDPR provisions. It wouldn’t be “not an issue” for a list of names and addresses to leak, for example, even though it would be less serious. Organisations still have to put processes in place to make sure things like names and addresses are adequately secured (even though they may well be publicly accessible anyway, that’s not the point).

Santander have now introduced in-app cheque imaging


Thanks for the update!

I’ve tidied up the wiki (although I see you’d already moved Santander, thanks for that) and added an entry for Kroo now that they are a fully-licensed bank.

Interestingly, Santander really seem to have hidden the option and, as far as I can tell, haven’t provided a new feature splash screen to alert customers so the feature has only really been soft-launched for now. Just in time for Christmas cheques to be paid in though!

1 Like

Here’s a question - I paid a cheque in yesterday and it hasn’t cleared yet. I understand the bank use cheque imaging even though it’s not available in app - what’s the usual processing time for a cheque these days?

Edit - the branch told me it would be in today hence the question!

1 Like

By 11.59pm the day after the cheque is paid in, assuming you paid it in before the given branch cut-off time (which you can find out by asking in the branch).

In reality, the cut-off time is usually about 2:30pm, I think, so if you paid in during the afternoon it may take an extra day. Otherwise, it may clear later tonight!


It was midday yesterday so it should be by tonight then! This was with the Coop. Still nothing having just checked though :thinking:

1 Like

It will probably clear overnight then.

I imagine it will show on your account once Co-op have completed their overnight batch processing.


It appears that you can pay a cheque into your Santander eSaver account (in-app) in addition to current accounts.

1 Like

Did not clear!

1 Like

Oh dear!

It seems the 2 working days quoted on the site is accurate - another reason to avoid a branch is that they give you incorrect information :joy:

When they took the cheque they had to write down my bank details onto another slip - let’s hope they wrote them down right lol

I need an account with cheque imaging - switched my last one out. Why let someone at the branch do something you could do yourself!

Sounds like a paying-in slip, which is normal and would have been processed along with the cheque to ensure that it was paid into the right account.

You can order books of paying-in slips to fill in yourself before you go to a branch which have your account details pre-printed on. You also need them if you use the Post Office to deposit a cheque. Just use the Co-op messaging service in online banking, select “bank cheque request” and say you want a paying-in book. That will make sure they don’t ever write your details down wrong, although why not open an account with app support as well?

Out of interest, the full clearing process is explained here:

You are right that is what it was - didn’t even think. It was taken from my card. But yes perhaps I’ll order one so I can do it myself!

In terms of an account with imaging - I may open one some time soon :grinning: I’m actually happy with my accounts otherwise but none will be offering this feature anytime soon. That said this is my only cheque this year.

Thanks for the PDF!