Feeds

Equifax asks customer to email debit card photocopies

Sanity check please

Security for virtualized datacentres

Credit checking giant Equifax left Reg reader Thomas flummoxed when it told him to send copies of the front and back of his debit card when he asked for a credit report.

Equifax has said the request for debit card photocopies was down to human error, but defended its use of email in processing credit reports.

Sending anything by unencrypted email is the internet equivalent of writing confidential details on the back of a post card that anyone might be able to see. Equifax's use of the medium is surprising because credit reference agencies, more than any other organisation, ought to be well aware of how confidential data can be misused to carry out identity theft if it goes astray.

"Equifax (whom I've asked for my credit report) want me to email them copies of the front and back of my debit card. Email! They don't even provide a fax number as an alternative," Thomas said.

Challenged on this practice, Equifax told Thomas he could send the material by fax or post as an alternative to email, which it maintains is secure. It said: "Email is accessible only by authorised Equifax employees and Equifax take all necessary action to ensure that data sent to this address is secure."

Faxes are also safe, Equifax reassured Thomas. "Faxes [are] forwarded to a secure internal network folder, accessible only by authorised Equifax staff. Documentation supplied is used for verification purposes only and is not kept longer than necessary."

The post and fax options aren't highlighted in Equifax's original instruction to Thomas (copy below). An Equifax spokesman said it asked for extra information to be sent in cases where it can't ascertain the identity of people making requests for credit reports. In the case of Thomas extra proofs were probably deemed necessary because he only came to live in the UK from Germany just over three years ago, but credit reports go back six years.

So not everyone will have to jump through these hoops, but those that do may be offered potentially insecure fax or email options.

"We are aware with the security issues over the internet or fax. It's a trade-off and we only ask for data when we can't ascertain someone's identity from the information they initially supply," the spokesman explained, adding that the Information Commissioner is aware of its processes.

He added that in the case of Thomas more information was requested than needed - specifically the debit card photocopies - and this was requested due to "operator error".

Equifax said that email responses are only one of the options it offers. Pressed on its apparent preference for email, Equifax said that despite the well-known shortcomings of the communication method it has never had any problems with data sent to it in that way.

Trying to get a credit report through the web has left Thomas with the feeling he'd have been better off sticking to snail mail. "This seemingly easy to use web service at £11.95 or so is painfully slow to get a result, at least in my case," he said. "I'm delighted to hear I can just snail mail the stuff and get a response for a cheque of £2." ®

Ref: xxxx

Dear xxxx

Thank you for your recent on-line Credit Report application to MyEquifax.

Please note that in order to complete your on-line application, we would request that you provide a copy of the following documents for security purposes.

Credit Card Users

One Utility Bill One Credit Card Statement which must relate to the Credit Card you wish to use to purchase your product.

Debit Card Users

One Utility Bill One Debit Card Statement which must relate to the Debit Card you wish to use to purchase your product. We also require a photocopy of front and back of this Debit Card.

Not Using Your Own Card?

Should you wish to purchase a product using a Debit / Credit card belonging to another individual, please provide a copy of the card holders Debit / Credit Card and bank statement along with written authorisation from the card holder allowing you to use his/her card.

Document Requirements:

· Must contain your name · Must contain your current address · Must be dated within the last 8 weeks · Bank / Credit Card Statements Must be from different sources

All of the documents above can be accepted by email . Our contact details are below.

In order that your application is processed as quickly as possible, please mark your correspondence for the attention of Credit Card Verification including the above reference number:

Email: verifyme.uk@equifax.com

Upon receipt of these documents your application will be completed by a member of The Equifax Verification Team.

Should you require any further information regarding your application please contact our Verification Team at the above email address.

We hope the above details are of assistance to you.

Kind Regards

Equifax Verification Team

This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com.

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.