Capital One will only send security notices if you let them spy on you once in a while

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 10:46 am

I received an email recently from Capital One that I find to be utterly infuriating. I'm curious if others have received an email like this, and (even you haven't) what your reactions are.
Subject: We've updated your Paperless Terms

Open emails regularly to continue receiving notifications.

Re: Your Capital One account ending in XXXX

[My Name],

Recently, we updated the Paperless Terms & Conditions for your account. We'’ve modified the Terms to make it clear that you'’ll need to open a Capital One email once every 12 months to continue receiving email notifications like statement ready alerts.

Please keep in mind, you can sign in to your account to update your paperless settings.
I find this to be outrageous and pathetic on several different levels:
  • I immediately checked the Capital One website, and could not find any reference to any "Paperless Terms & Conditions".
  • I called Capital One and talked with a rep who was nearly impossible to understand. From what I was able to ascertain, he was willing to mail and/or email the T&C to me, but getting them via email would have required me to use some kind of extra authentication to allow for a "secure" download (as if the T&C are a secret), so I declined the email option.
  • A few days later I ended up receiving a paper copy of the T&C, but they are just the standard T&C available on their website - with, again, no reference to "paperless" anywhere.
  • Most importantly, it's none of Capital One's business whether I opened an email or not.
From a tech perspective, I'm perfectly aware of what Capital One means by "open" - what they mean is, "allow us to load an invisible image to use as a tracking beacon". And I understand why companies want to do this on marketing emails. (And I'm sure they understand why some people - like me - work to prevent this.) What I cannot understand is why Capital One is willing to remove a security feature if you don't let them spy on you.

TL;DR: Capital One will stop sending email notices unless you let them spy on your emails. Your thoughts? Spoiler alert: I think this is idiotic, and I will take my business elsewhere if they carry through with this threat.

User avatar
Rob5TCP
Posts: 3452
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Rob5TCP » Sun Jun 16, 2019 10:54 am

I have extensions to my browser that rate and block tracking that I do not wish.
So far no problems with Capital one.

I find Google to be a much greater threat to my privacy than Capital One (I use duckduckgo instead of Google search,
Firefox instead of Chrome, etc and am slowly getting off Gmail.)

TravelGeek
Posts: 3553
Joined: Sat Oct 25, 2014 3:23 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by TravelGeek » Sun Jun 16, 2019 11:10 am

I read most of my emails on my iPad. The default email app does not load images until I click “Load All Images” at the top. Most messages I care about are perfectly readable without the images, so I generally don’t see them. If I was a CO customer, how would they deliver their statements and other perhaps regulatorily required notices if I don’t view their images? Would they switch back to paper? And how would they know i’m actually opening their envelopes?

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 11:18 am

Rob5TCP wrote:
Sun Jun 16, 2019 10:54 am
I have extensions to my browser that rate and block tracking that I do not wish.
As do I. I also use a Raspberry Pi / Pi-Hole to block garbage for all devices on my network.
Rob5TCP wrote:
Sun Jun 16, 2019 10:54 am
So far no problems with Capital one.
But if you continue to block garbage from CapOne for 13 months and then there is some suspicious activity on your account, CapOne will not notify you.
Rob5TCP wrote:
Sun Jun 16, 2019 10:54 am
I find Google to be a much greater threat to my privacy than Capital One (I use duckduckgo instead of Google search,
Firefox instead of Chrome, etc and am slowly getting off Gmail.)
Same here. I used to like Google, but they've clearly moved away from their "Don't Be Evil" motto from the past.

User avatar
Rob5TCP
Posts: 3452
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Rob5TCP » Sun Jun 16, 2019 11:28 am

This seems absurd ---
If I open an email every 6 months, will it will then not be interuppted.
If it drops a tracker I can quickly remove it.


The main problem I have leaving Capital one is I get 2% on any c.c. charges and have 6 figures in points
(which I would need to quickly could use up).

This needs some further review and I will find an alternative c.c.
Thanks for the heads up.
Last edited by Rob5TCP on Sun Jun 16, 2019 11:39 am, edited 1 time in total.

livesoft
Posts: 71299
Joined: Thu Mar 01, 2007 8:00 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by livesoft » Sun Jun 16, 2019 11:34 am

I think this is partly because of the law. If you don't let them prove that you are getting their messages, then they are probably in violation of the state escheat regulations.

I am happy to see you take your business elsewhere, but I also think that soon there will be no "elsewhere" to hide. We already know that companies do know when you open an e-mail, but I don't think they have to tell you about it.
Wiki This signature message sponsored by sscritic: Learn to fish.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 11:55 am

livesoft wrote:
Sun Jun 16, 2019 11:34 am
I think this is partly because of the law. If you don't let them prove that you are getting their messages, then they are probably in violation of the state escheat regulations.
What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope. And this is a voluntary notice for which I subscribed - they aren't required to notify me that a purchase was made on my account. This isn't just about wholesale changes to the T&C, this is about getting an email whenever certain kinds of transactions occurs on my account (overseas, over a certain dollar amount, etc.).
livesoft wrote:
Sun Jun 16, 2019 11:34 am
I am happy to see you take your business elsewhere, but I also think that soon there will be no "elsewhere" to hide.
Sadly, this is the attitude most people seem to take. A shrug, then move on. Frogs just waiting for the water to boil. The "elsewhere" could be protected through laws.
livesoft wrote:
Sun Jun 16, 2019 11:34 am
We already know that companies do know when you open an e-mail, but I don't think they have to tell you about it.
No, they don't, unless you let them. I receive - and open - plenty of emails without the sender knowing if I did so.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 12:04 pm

Rob5TCP wrote:
Sun Jun 16, 2019 11:28 am
The main problem I have leaving Capital one is I get 2% on any c.c. charges and have 6 figures in points
To paraphrase Ben Franklin: "Those that would give up privacy for 2% back deserve neither." :wink:

livesoft
Posts: 71299
Joined: Thu Mar 01, 2007 8:00 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by livesoft » Sun Jun 16, 2019 12:07 pm

Or: Just because you are paranoid doesn't mean they aren't out to get you.
Wiki This signature message sponsored by sscritic: Learn to fish.

drk
Posts: 1772
Joined: Mon Jul 24, 2017 10:33 pm
Location: Seattle

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by drk » Sun Jun 16, 2019 12:17 pm

I occasionally get notices from email newsletters that they'll stop sending me messages because it looks like I don't open them. I reckon this is related. After some amount of time, they have to assume that your provided email address is not a way to reach you, so they won't try to contact you any more. It's different for your physical or mailing address because they can count on receiving notice from USPS if you move.

Regardless, why not opt into SMS alerts? There's no tracking there. I assume you don't have the Capital One app, but push notifications could also do the trick.

Whakamole
Posts: 1134
Joined: Wed Jan 13, 2016 9:59 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Whakamole » Sun Jun 16, 2019 2:47 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 11:55 am
livesoft wrote:
Sun Jun 16, 2019 11:34 am
I think this is partly because of the law. If you don't let them prove that you are getting their messages, then they are probably in violation of the state escheat regulations.
What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope.
Except physical mail to dead people tends to be returned as non-deliverable. That's not the case with email accounts.

I'm confused as to what you think the tracking image does. Give them an IP address so they can determine where you live? I'm pretty sure they already know that so they can file the appropriate tax paperwork.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 2:50 pm

drk wrote:
Sun Jun 16, 2019 12:17 pm
After some amount of time, they have to assume that your provided email address is not a way to reach you, so they won't try to contact you any more.
Unless my email bounced (which is basically like the USPS move notice), they don't have to assume anything. They can just ask me, via email - are you still interested in receiving our messages? A lack of response can be treated like a "No". And besides, what, exactly, is the harm in sending these emails anyway? The cost of sending an email message is almost nothing (just ask spammers).
drk wrote:
Sun Jun 16, 2019 12:17 pm
Regardless, why not opt into SMS alerts? There's no tracking there. I assume you don't have the Capital One app, but push notifications could also do the trick.
I appreciate what you're saying, but the issue here isn't "I don't have a way to get notifications", the issue is "CapOne will disable security features unless I allow them to spy on me". That's just a terrible idea, and I doubt this decision came from their tech department, it came from their marketing department. If they're willing to pull this nonsense without any negative consequence, what's next? You must install our app? You must install our app on your desktop too? You must enable GPS so we know where you are at all times? You must pay extra for security notices? Here's a critical security notice, but first you have to watch this ad from our sponsor?

CapOne's website says clearly states Your security is a top priority. Not "the" top priority. When security takes a back-seat to marketing - especially at a company in this line of work - that's not a company with which anyone should choose to do business.

alwayshedge
Posts: 214
Joined: Sat Nov 30, 2013 7:43 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by alwayshedge » Sun Jun 16, 2019 2:56 pm

This has to do with dormancy regs. My local bank started this as well. Apparently with the digital age, regulators still want banks to use some form of verification to confirm your account is not dormant. People get upset at a lot of things that banks impose but don't realize that a good majority of the time, it's simply do to new guidance on regs that they must follow or implement by a certain deadline.

Murgatroyd
Posts: 390
Joined: Sun Jan 21, 2018 8:23 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Murgatroyd » Sun Jun 16, 2019 2:59 pm

I cannot speak to the impetus or meaning of the notice you received. But we’ve used Capital One cards for 20+ years and found them excellent stewards of our credit security. A recent example was I ordered golf balls from Germany. In less than a minute from my order, I received an e-mail request to identify if I made the charge. The note had two options, indicate it is valid and they’d let the charge through or say no and they’d lock my card. I view this as invaluable. In years past they’ve sent new cards and called (in the olden days) when they had reason to believe the card was potentially compromised.

I am more than happy to cooperate with them.

Up to you.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 3:11 pm

Whakamole wrote:
Sun Jun 16, 2019 2:47 pm
DivesEtPauper wrote:
Sun Jun 16, 2019 11:55 am
livesoft wrote:
Sun Jun 16, 2019 11:34 am
I think this is partly because of the law. If you don't let them prove that you are getting their messages, then they are probably in violation of the state escheat regulations.
What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope.
Except physical mail to dead people tends to be returned as non-deliverable. That's not the case with email accounts.
Actually, it's exactly the case. The technical systems for handling "undeliverable mail" have been in place for decades. Long before "HTML email" was even a thing.
Whakamole wrote:
Sun Jun 16, 2019 2:47 pm
I'm confused as to what you think the tracking image does. Give them an IP address so they can determine where you live? I'm pretty sure they already know that so they can file the appropriate tax paperwork.
If permitted to load, the tracking images (there are more than one) direct my PC to download files that I did not explicitly request. These files serve no valid purpose to me. This is precisely the kind of activity that security professionals advise against.

I'm not concerned that CapOne knows it's me, I'm bothered that a company would threaten to stop sending me security notices because I'm not willing to acquiesce to their marketing team.

livesoft
Posts: 71299
Joined: Thu Mar 01, 2007 8:00 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by livesoft » Sun Jun 16, 2019 3:18 pm

I wonder if there is some way that you can patent and sell to these places that meets your needs and their needs, too.
Wiki This signature message sponsored by sscritic: Learn to fish.

Whakamole
Posts: 1134
Joined: Wed Jan 13, 2016 9:59 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Whakamole » Sun Jun 16, 2019 3:42 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 3:11 pm
Whakamole wrote:
Sun Jun 16, 2019 2:47 pm
DivesEtPauper wrote:
Sun Jun 16, 2019 11:55 am
livesoft wrote:
Sun Jun 16, 2019 11:34 am
I think this is partly because of the law. If you don't let them prove that you are getting their messages, then they are probably in violation of the state escheat regulations.
What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope.
Except physical mail to dead people tends to be returned as non-deliverable. That's not the case with email accounts.
Actually, it's exactly the case. The technical systems for handling "undeliverable mail" have been in place for decades. Long before "HTML email" was even a thing.
Please link to the statute that requires email providers to ensure that people are periodically checking their email. There isn't. Gmail, which is one of the largest email providers in the world, does not delete inactive accounts. (They do have a feature that lets someone be notified if the account is inactive, but it is not mandatory.)

So it's very possible that the email will keep going to the account of someone who never set up this feature and has died, meaning the bank may be in violation of escheatment laws because they aren't verifying that the account owner is alive.

You chose a paperless account. If you don't like their requirement, choose an account that sends paper, which would also comply with escheatment laws.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 4:19 pm

Whakamole wrote:
Sun Jun 16, 2019 3:42 pm
So it's very possible that the email will keep going to the account of someone who never set up this feature and has died, meaning the bank may be in violation of escheatment laws because they aren't verifying that the account owner is alive.
I'm not a banking expert, but it seems that if a bank needs to confirm that someone is not dead, sending them an email with a tracking beacon is not a very good method. It doesn't prove that someone is alive, it just shows that someone opened the email.

Whakamole wrote:
Sun Jun 16, 2019 3:42 pm
You chose a paperless account. If you don't like their requirement, choose an account that sends paper, which would also comply with escheatment laws.
Fair enough. You and I disagree on the importance of this matter.

drk
Posts: 1772
Joined: Mon Jul 24, 2017 10:33 pm
Location: Seattle

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by drk » Sun Jun 16, 2019 4:40 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 2:50 pm
The cost of sending an email message is almost nothing (just ask spammers).

[...]

That's just a terrible idea, and I doubt this decision came from their tech department, it came from their marketing department.
Eh, it likely came from the legal/policy department in consideration of anti-spam laws. As a technical point, sending a lot of unwanted emails is a great way to get onto an anti-spam blacklist.

matthewbarnhart
Posts: 40
Joined: Sat Feb 25, 2017 4:05 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by matthewbarnhart » Sun Jun 16, 2019 5:59 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 4:19 pm
Whakamole wrote:
Sun Jun 16, 2019 3:42 pm
You chose a paperless account. If you don't like their requirement, choose an account that sends paper, which would also comply with escheatment laws.
Fair enough. You and I disagree on the importance of this matter.
You still have the same purchase and fraud protection service, but the cost of the convenience of instant notification is more than you'd like to pay.

Right?

CFM300
Posts: 1851
Joined: Sat Oct 27, 2007 5:13 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by CFM300 » Sun Jun 16, 2019 6:27 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 10:46 am
  • I immediately checked the Capital One website, and could not find any reference to any "Paperless Terms & Conditions".
https://www.capitalone.com/legal/corporate/terms

See Section 11. Electronic Communications Disclosure

Specifically, under the subsection "Paperless Statements" and others that follow, they state various laws that they are required to follow regarding statements, notifications, and other communications.

Seems to me that it's likely a compliance issue rather than marketing. I suppose an alternative would be for them to send you an email stating that you are required to log-in to their site and re-enroll in paperless delivery, since they can't verify that you're receiving their emails.

I don't see what the big deal is, honestly. Your credit card company knows your purchases, including dates, times, and locations. What does it matter if they require you to load tracking images in an email once every 12 months?

mchampse
Posts: 268
Joined: Mon Feb 26, 2007 1:45 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by mchampse » Sun Jun 16, 2019 6:36 pm

I actually think this is a good idea. My father passed away recently and fortunately we were able to access his email on his iPad. We found out that he had a bank account we didn’t know about because he received the statement via email. There’s also the potential of someone getting statements to an email address they don’t check anymore.

The consequence of not letting CapOne know that you didn’t open an email is that they will mail you a statement. Doesn’t seem like a huge deal to me. Presumably you could go online and change the setting back.

whomever
Posts: 938
Joined: Sat Apr 21, 2012 5:21 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by whomever » Sun Jun 16, 2019 6:54 pm

>>What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope.
>Except physical mail to dead people tends to be returned as non-deliverable. That's not the case with email accounts.

This seems to be conflating two issues. The OP's bank seems to be requiring that he open an email once a year. But he could be alive and quietly discarding snail mail. We once had a CD (but no other accounts) at Synchrony, and after it matured they sent us a $0 balance statement every month for several years. I dunno if that was intentional as a marketing thing or what, but after a while I stopped opening them.

>I'm confused as to what you think the tracking image does. Give them an IP address so they can determine where you live?

For me, anyway, the objection is that I turn off all that stuff by default, because doing so is good hygiene, like washing your hands after using the rest room. And having to go to the trouble to unblock it for a bank is a PITA.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 6:54 pm

matthewbarnhart wrote:
Sun Jun 16, 2019 5:59 pm
DivesEtPauper wrote:
Sun Jun 16, 2019 4:19 pm
Whakamole wrote:
Sun Jun 16, 2019 3:42 pm
You chose a paperless account. If you don't like their requirement, choose an account that sends paper, which would also comply with escheatment laws.
Fair enough. You and I disagree on the importance of this matter.
You still have the same purchase and fraud protection service, but the cost of the convenience of instant notification is more than you'd like to pay.

Right?
Maybe, in theory. But I don't know if I have the same service since I haven't been able to locate the Paperless Terms and Conditions on their website. And when I asked to have them sent to me, they didn't. Common sense tells me I probably have the same legal protections, but since they will stop sending me notices, the practical result is a reduction in security.

Security is obviously important, and they offer a means to be notified of security issues. I just see no (good) reason why they would stop sending notices to customers who request them.

JBTX
Posts: 6152
Joined: Wed Jul 26, 2017 12:46 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by JBTX » Sun Jun 16, 2019 7:03 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 10:46 am
I received an email recently from Capital One that I find to be utterly infuriating. I'm curious if others have received an email like this, and (even you haven't) what your reactions are.
Subject: We've updated your Paperless Terms

Open emails regularly to continue receiving notifications.

Re: Your Capital One account ending in XXXX

[My Name],

Recently, we updated the Paperless Terms & Conditions for your account. We'’ve modified the Terms to make it clear that you'’ll need to open a Capital One email once every 12 months to continue receiving email notifications like statement ready alerts.

Please keep in mind, you can sign in to your account to update your paperless settings.
I find this to be outrageous and pathetic on several different levels:
  • I immediately checked the Capital One website, and could not find any reference to any "Paperless Terms & Conditions".
  • I called Capital One and talked with a rep who was nearly impossible to understand. From what I was able to ascertain, he was willing to mail and/or email the T&C to me, but getting them via email would have required me to use some kind of extra authentication to allow for a "secure" download (as if the T&C are a secret), so I declined the email option.
  • A few days later I ended up receiving a paper copy of the T&C, but they are just the standard T&C available on their website - with, again, no reference to "paperless" anywhere.
  • Most importantly, it's none of Capital One's business whether I opened an email or not.
From a tech perspective, I'm perfectly aware of what Capital One means by "open" - what they mean is, "allow us to load an invisible image to use as a tracking beacon". And I understand why companies want to do this on marketing emails. (And I'm sure they understand why some people - like me - work to prevent this.) What I cannot understand is why Capital One is willing to remove a security feature if you don't let them spy on you.

TL;DR: Capital One will stop sending email notices unless you let them spy on your emails. Your thoughts? Spoiler alert: I think this is idiotic, and I will take my business elsewhere if they carry through with this threat.

This doesn't make any sense because as far as I know they don't necessarily know if you open an email. How would they know? Suppose your emails come into Outlook via a POP3 server. There is nothing returned back to sender when you open it. The only way they'd know is if they requested return receipt, or they required you to click on a link inside the email, which usually isn't a good idea due to phishing attempts.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 7:17 pm

whomever wrote:
Sun Jun 16, 2019 6:54 pm
>>What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope.
>Except physical mail to dead people tends to be returned as non-deliverable. That's not the case with email accounts.

This seems to be conflating two issues. The OP's bank seems to be requiring that he open an email once a year. But he could be alive and quietly discarding snail mail. We once had a CD (but no other accounts) at Synchrony, and after it matured they sent us a $0 balance statement every month for several years. I dunno if that was intentional as a marketing thing or what, but after a while I stopped opening them.

>I'm confused as to what you think the tracking image does. Give them an IP address so they can determine where you live?

For me, anyway, the objection is that I turn off all that stuff by default, because doing so is good hygiene, like washing your hands after using the rest room. And having to go to the trouble to unblock it for a bank is a PITA.
Exactly! I realize that for many folks, tracking/beacons/cookies and all that is just "meh, they already know about me, my info is already out there, whatevs". I get that (I may disagree, but I understand the attitude). And I can understand when a company stops emailing me their catalog after a few months of me "ignoring" them.

But this isn't a catalog. It's a security notice. And playing marketing games with security is a B.S. move.

mchampse
Posts: 268
Joined: Mon Feb 26, 2007 1:45 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by mchampse » Sun Jun 16, 2019 7:22 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 7:17 pm
whomever wrote:
Sun Jun 16, 2019 6:54 pm
>>What law? As someone else pointed out, there's no way to "prove" I opened a paper envelope.
>Except physical mail to dead people tends to be returned as non-deliverable. That's not the case with email accounts.

This seems to be conflating two issues. The OP's bank seems to be requiring that he open an email once a year. But he could be alive and quietly discarding snail mail. We once had a CD (but no other accounts) at Synchrony, and after it matured they sent us a $0 balance statement every month for several years. I dunno if that was intentional as a marketing thing or what, but after a while I stopped opening them.

>I'm confused as to what you think the tracking image does. Give them an IP address so they can determine where you live?

For me, anyway, the objection is that I turn off all that stuff by default, because doing so is good hygiene, like washing your hands after using the rest room. And having to go to the trouble to unblock it for a bank is a PITA.
Exactly! I realize that for many folks, tracking/beacons/cookies and all that is just "meh, they already know about me, my info is already out there, whatevs". I get that (I may disagree, but I understand the attitude). And I can understand when a company stops emailing me their catalog after a few months of me "ignoring" them.

But this isn't a catalog. It's a security notice. And playing marketing games with security is a B.S. move.
Downloading images isn’t a security issue in any way. They learn a lot more about you whenever you login to your account then when you download an image on an email.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 7:25 pm

JBTX wrote:
Sun Jun 16, 2019 7:03 pm
This doesn't make any sense because as far as I know they don't necessarily know if you open an email. How would they know?
This is how they know:
https://en.wikipedia.org/wiki/Web_bug

I recently received an email from a well-known office supply company. About half of the 40+ images in the messages were tracking-related.

bradpevans
Posts: 619
Joined: Sun Apr 08, 2018 1:09 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by bradpevans » Sun Jun 16, 2019 7:26 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 10:46 am
I received an email recently from Capital One that I find to be utterly infuriating. I'm curious if others have received an email like this, and (even you haven't) what your reactions are.
Subject: We've updated your Paperless Terms

Open emails regularly to continue receiving notifications.

Re: Your Capital One account ending in XXXX

[My Name],

Recently, we updated the Paperless Terms & Conditions for your account. We'’ve modified the Terms to make it clear that you'’ll need to open a Capital One email once every 12 months to continue receiving email notifications like statement ready alerts.

Please keep in mind, you can sign in to your account to update your paperless settings.
I find this to be outrageous and pathetic on several different levels:
  • I immediately checked the Capital One website, and could not find any reference to any "Paperless Terms & Conditions".
  • I called Capital One and talked with a rep who was nearly impossible to understand. From what I was able to ascertain, he was willing to mail and/or email the T&C to me, but getting them via email would have required me to use some kind of extra authentication to allow for a "secure" download (as if the T&C are a secret), so I declined the email option.
  • A few days later I ended up receiving a paper copy of the T&C, but they are just the standard T&C available on their website - with, again, no reference to "paperless" anywhere.
  • Most importantly, it's none of Capital One's business whether I opened an email or not.
From a tech perspective, I'm perfectly aware of what Capital One means by "open" - what they mean is, "allow us to load an invisible image to use as a tracking beacon". And I understand why companies want to do this on marketing emails. (And I'm sure they understand why some people - like me - work to prevent this.) What I cannot understand is why Capital One is willing to remove a security feature if you don't let them spy on you.

TL;DR: Capital One will stop sending email notices unless you let them spy on your emails. Your thoughts? Spoiler alert: I think this is idiotic, and I will take my business elsewhere if they carry through with this threat.
So don’t open their emails...what happens after 12 months?

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 7:31 pm

mchampse wrote:
Sun Jun 16, 2019 7:22 pm
Downloading images isn’t a security issue in any way.
Sorry, but that's simply not true.

UpperNwGuy
Posts: 3506
Joined: Sun Oct 08, 2017 7:16 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by UpperNwGuy » Sun Jun 16, 2019 7:37 pm

Wow! OP needs to change to a different bank to keep from going off the deep end (and hope that the new bank wouldn't make the same request). However, I find nothing wrong with Capital One's request. I don't have an account with them, but if I did, I would simply comply with their request.

User avatar
ThereAreNoGurus
Posts: 508
Joined: Fri Jan 24, 2014 11:41 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by ThereAreNoGurus » Sun Jun 16, 2019 7:47 pm

Capital One will stop sending email notices unless you let them spy on your emails
I think you are mistaken. According to this link: https://whatismyipaddress.com/web-beacon, a "beacon" only lets one see what "you're doing while you visit the website or send the email."

It's not a window to all of your emails.

If the above is correct, I don't see what the big concern is and your thread title seems like an exaggeration.
Trade the news and you will lose.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 7:51 pm

bradpevans wrote:
Sun Jun 16, 2019 7:26 pm
So don’t open their emails...what happens after 12 months?
Well, taking the message as written, I'll guess they'll just stop sending me security notices. But your guess is as good as mine. (As I mentioned, I'm still waiting to get the Paperless Terms & Conditions.)

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Sun Jun 16, 2019 7:57 pm

alwayshedge wrote:
Sun Jun 16, 2019 2:56 pm
This has to do with dormancy regs. My local bank started this as well. Apparently with the digital age, regulators still want banks to use some form of verification to confirm your account is not dormant.
I don't see how "verifying that my account is not dormant" and "telling me about an unexpected purchase" should be conflated.

Startled Cat
Posts: 504
Joined: Thu Apr 03, 2008 8:54 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Startled Cat » Sun Jun 16, 2019 8:06 pm

It’s idiotic for companies to base any functionality on the assumption that customers opt in to web bugs.

I’ve been seeing more and more of this recently. I assume it’s because Gmail loads images by default - and everyone uses Gmail, right?

JBTX
Posts: 6152
Joined: Wed Jul 26, 2017 12:46 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by JBTX » Sun Jun 16, 2019 8:57 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 7:25 pm
JBTX wrote:
Sun Jun 16, 2019 7:03 pm
This doesn't make any sense because as far as I know they don't necessarily know if you open an email. How would they know?
This is how they know:
https://en.wikipedia.org/wiki/Web_bug

I recently received an email from a well-known office supply company. About half of the 40+ images in the messages were tracking-related.
This wouldn't work if you have your email set to not automatically download pictures and other materials. So it isn't telling you if you opened the email. It's telling you if you allowed all images and web linked content to download.

mchampse
Posts: 268
Joined: Mon Feb 26, 2007 1:45 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by mchampse » Sun Jun 16, 2019 10:00 pm

DivesEtPauper wrote:
Sun Jun 16, 2019 7:31 pm
mchampse wrote:
Sun Jun 16, 2019 7:22 pm
Downloading images isn’t a security issue in any way.
Sorry, but that's simply not true.
So do you set your browser to not download images on regular websites because you are so worried about viruses in images? Those are security issues with your browser that get patched when found in the wild. Most of the issues relate to one specific browser. I perhaps wouldn’t download images from spam email, but someone would have to get through a lot of security to compromise an image on the CapOne site (and if you were able to do so, there is far greater damage that you could do than compromise images).

If you want to try to preserve your privacy that’s fine, but don’t scare people into believing that there is some grand security risk from downloading images on an email.

j0nnyg1984
Posts: 671
Joined: Sun Apr 24, 2016 9:55 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by j0nnyg1984 » Sun Jun 16, 2019 11:02 pm

Rob5TCP wrote:
Sun Jun 16, 2019 11:28 am
This seems absurd ---
If I open an email every 6 months, will it will then not be interuppted.
If it drops a tracker I can quickly remove it.


The main problem I have leaving Capital one is I get 2% on any c.c. charges and have 6 figures in points
(which I would need to quickly could use up).

This needs some further review and I will find an alternative c.c.
Thanks for the heads up.
Why would you stockpile cap1 points when they are only good for statement credits?

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Mon Jun 17, 2019 7:54 am

Startled Cat wrote:
Sun Jun 16, 2019 8:06 pm
It’s idiotic for companies to base any functionality on the assumption that customers opt in to web bugs.
Precisely. Thank you for understanding my concern. If this weren't security-related - if a company threatened to stop sending me coupons - that would be different. I still wouldn't like it, but it wouldn't lower my security.

User avatar
Rob5TCP
Posts: 3452
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by Rob5TCP » Mon Jun 17, 2019 8:26 am

j0nnyg1984 wrote:
Sun Jun 16, 2019 11:02 pm
Rob5TCP wrote:
Sun Jun 16, 2019 11:28 am
This seems absurd ---
If I open an email every 6 months, will it will then not be interuppted.
If it drops a tracker I can quickly remove it.


The main problem I have leaving Capital one is I get 2% on any c.c. charges and have 6 figures in points
(which I would need to quickly could use up).

This needs some further review and I will find an alternative c.c.
Thanks for the heads up.
Why would you stockpile cap1 points when they are only good for statement credits?
I use them towards my more expensive vacations.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Mon Jun 17, 2019 8:29 am

mchampse wrote:
Sun Jun 16, 2019 10:00 pm
So do you set your browser to not download images on regular websites because you are so worried about viruses in images?
I use a Pi-Hole, and ad blocker, and NoScript. So yes, there is a lot of content my browser does not load (much of it would not be seen even I allowed it to load).

Let me be clear - I'm not worried that CapOne is going to email me a virus. My concern is that CapOne is threatening to withhold security notices if I don't lower my security. There isn't any valid reason for this.
mchampse wrote:
Sun Jun 16, 2019 10:00 pm
If you want to try to preserve your privacy that’s fine, but don’t scare people into believing that there is some grand security risk from downloading images on an email.
It's not my intention to scare anyone, but stuff happens. From the second link (emphasis mine):
...uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it - the victim does not need to open the file or interact with it in anyway. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences...
Again, I'm not claiming that CapOne is going to do something malicious. But they shouldn't ask me to lower my defenses.

muffins14
Posts: 191
Joined: Wed Oct 26, 2016 4:14 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by muffins14 » Mon Jun 17, 2019 10:42 am

drk wrote:
Sun Jun 16, 2019 4:40 pm
DivesEtPauper wrote:
Sun Jun 16, 2019 2:50 pm
The cost of sending an email message is almost nothing (just ask spammers).

[...]

That's just a terrible idea, and I doubt this decision came from their tech department, it came from their marketing department.
Eh, it likely came from the legal/policy department in consideration of anti-spam laws. As a technical point, sending a lot of unwanted emails is a great way to get onto an anti-spam blacklist.

I thought it was worth quoting drk here. Most email service providers have a concept akin to a “sender score” and if a company sends a lot of spam or bounced email, they could be prevented from delivering any mail to that provider for a short time, like gmail, yahoo, etc. Likely if you (and many others) open zero emails from a company for a year, gmail/yahoo will give more scrutiny to that company because they are sending so many unopened mails, and spam is bad for consumers. That presents a risk that they will be prevented from reaching customers (yes, also for marketing) which presents a direct revenue risk. By sending fewer or no emails to people that never open them, likely their “sender score” is higher since a greater fraction of users that get emails do open them sometimes.

Also emails are indeed cheap but not free at the scale of millions/billions per month.

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Mon Jun 17, 2019 11:30 am

muffins14 wrote:
Mon Jun 17, 2019 10:42 am
drk wrote:
Sun Jun 16, 2019 4:40 pm
DivesEtPauper wrote:
Sun Jun 16, 2019 2:50 pm
The cost of sending an email message is almost nothing (just ask spammers).

[...]

That's just a terrible idea, and I doubt this decision came from their tech department, it came from their marketing department.
Eh, it likely came from the legal/policy department in consideration of anti-spam laws. As a technical point, sending a lot of unwanted emails is a great way to get onto an anti-spam blacklist.

I thought it was worth quoting drk here. Most email service providers have a concept akin to a “sender score” and if a company sends a lot of spam or bounced email, they could be prevented from delivering any mail to that provider for a short time, like gmail, yahoo, etc. Likely if you (and many others) open zero emails from a company for a year, gmail/yahoo will give more scrutiny to that company because they are sending so many unopened mails, and spam is bad for consumers. That presents a risk that they will be prevented from reaching customers (yes, also for marketing) which presents a direct revenue risk. By sending fewer or no emails to people that never open them, likely their “sender score” is higher since a greater fraction of users that get emails do open them sometimes.
Spam and bounces, sure.

But my email provider does not track whether or not I've "opened" a message. And they certainly don't report back to the sender whether or not I've "opened" a message. That's the goal of the beacon - to let the sender (CapOne) monitor the activity of the recepient (me), not to aid with the transmittal of the message. Beacons are entirely a marketing tool, they have nothing to do with preventing spam or determining a sender score.

michaeljc70
Posts: 6607
Joined: Thu Oct 15, 2015 3:53 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by michaeljc70 » Mon Jun 17, 2019 11:53 am

To me this is a big hoo-ha over nothing. Everyone can track whether you opened an email.

Vanguard threatened to turn all my investments over to the state because the USPS erroneously returned one piece of email from them.
Last edited by michaeljc70 on Mon Jun 17, 2019 12:28 pm, edited 1 time in total.

DaftInvestor
Posts: 5195
Joined: Wed Feb 19, 2014 10:11 am

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DaftInvestor » Mon Jun 17, 2019 12:01 pm

I am scratching my head as to why you are jumping to a conclusion that they are spying on you.
All banks have to comply with regulations regarding not letting accounts go dormant.
Also - nearly all web traffic has some level of "tracking" cookies - simply disable/delete if they bother you.
The biggest problem with their statement is that it is a false conclusion that they know I have read their email (since I don't download images or allow RRs from external sources).

sandramjet
Posts: 290
Joined: Thu Oct 23, 2014 11:28 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by sandramjet » Mon Jun 17, 2019 12:09 pm

bradpevans wrote:
Sun Jun 16, 2019 7:26 pm
Subject: We've updated your Paperless Terms

Open emails regularly to continue receiving notifications.

Re: Your Capital One account ending in XXXX

[My Name],

Recently, we updated the Paperless Terms & Conditions for your account. We'’ve modified the Terms to make it clear that you'’ll need to open a Capital One email once every 12 months to continue receiving email notifications like statement ready alerts.

Please keep in mind, you can sign in to your account to update your paperless settings.
You say they won't send you security notices...but I don't see that in the email. It says they won't send you "statement ready" alerts (I assume those are like the ones my bank sends that says "you have a statement for this month available"....). It doesn't say security notices. Is that really what they mean?

Topic Author
DivesEtPauper
Posts: 34
Joined: Fri Mar 15, 2019 11:38 pm

Re: Capital One will only send security notices if you let them spy on you once in a while

Post by DivesEtPauper » Mon Jun 17, 2019 1:19 pm

sandramjet wrote:
Mon Jun 17, 2019 12:09 pm
bradpevans wrote:
Sun Jun 16, 2019 7:26 pm
Subject: We've updated your Paperless Terms

Open emails regularly to continue receiving notifications.

Re: Your Capital One account ending in XXXX

[My Name],

Recently, we updated the Paperless Terms & Conditions for your account. We'’ve modified the Terms to make it clear that you'’ll need to open a Capital One email once every 12 months to continue receiving email notifications like statement ready alerts.

Please keep in mind, you can sign in to your account to update your paperless settings.
You say they won't send you security notices...but I don't see that in the email. It says they won't send you "statement ready" alerts (I assume those are like the ones my bank sends that says "you have a statement for this month available"....). It doesn't say security notices. Is that really what they mean?
I parsed their sentence as "they won't send me any notices - for example, statement ready alerts". That "like" means something here.

Post Reply