Feeds

Equifax asks customer to email debit card photocopies

Sanity check please

Beginner's guide to SSL certificates

Credit checking giant Equifax left Reg reader Thomas flummoxed when it told him to send copies of the front and back of his debit card when he asked for a credit report.

Equifax has said the request for debit card photocopies was down to human error, but defended its use of email in processing credit reports.

Sending anything by unencrypted email is the internet equivalent of writing confidential details on the back of a post card that anyone might be able to see. Equifax's use of the medium is surprising because credit reference agencies, more than any other organisation, ought to be well aware of how confidential data can be misused to carry out identity theft if it goes astray.

"Equifax (whom I've asked for my credit report) want me to email them copies of the front and back of my debit card. Email! They don't even provide a fax number as an alternative," Thomas said.

Challenged on this practice, Equifax told Thomas he could send the material by fax or post as an alternative to email, which it maintains is secure. It said: "Email is accessible only by authorised Equifax employees and Equifax take all necessary action to ensure that data sent to this address is secure."

Faxes are also safe, Equifax reassured Thomas. "Faxes [are] forwarded to a secure internal network folder, accessible only by authorised Equifax staff. Documentation supplied is used for verification purposes only and is not kept longer than necessary."

The post and fax options aren't highlighted in Equifax's original instruction to Thomas (copy below). An Equifax spokesman said it asked for extra information to be sent in cases where it can't ascertain the identity of people making requests for credit reports. In the case of Thomas extra proofs were probably deemed necessary because he only came to live in the UK from Germany just over three years ago, but credit reports go back six years.

So not everyone will have to jump through these hoops, but those that do may be offered potentially insecure fax or email options.

"We are aware with the security issues over the internet or fax. It's a trade-off and we only ask for data when we can't ascertain someone's identity from the information they initially supply," the spokesman explained, adding that the Information Commissioner is aware of its processes.

He added that in the case of Thomas more information was requested than needed - specifically the debit card photocopies - and this was requested due to "operator error".

Equifax said that email responses are only one of the options it offers. Pressed on its apparent preference for email, Equifax said that despite the well-known shortcomings of the communication method it has never had any problems with data sent to it in that way.

Trying to get a credit report through the web has left Thomas with the feeling he'd have been better off sticking to snail mail. "This seemingly easy to use web service at £11.95 or so is painfully slow to get a result, at least in my case," he said. "I'm delighted to hear I can just snail mail the stuff and get a response for a cheque of £2." ®

Ref: xxxx

Dear xxxx

Thank you for your recent on-line Credit Report application to MyEquifax.

Please note that in order to complete your on-line application, we would request that you provide a copy of the following documents for security purposes.

Credit Card Users

One Utility Bill One Credit Card Statement which must relate to the Credit Card you wish to use to purchase your product.

Debit Card Users

One Utility Bill One Debit Card Statement which must relate to the Debit Card you wish to use to purchase your product. We also require a photocopy of front and back of this Debit Card.

Not Using Your Own Card?

Should you wish to purchase a product using a Debit / Credit card belonging to another individual, please provide a copy of the card holders Debit / Credit Card and bank statement along with written authorisation from the card holder allowing you to use his/her card.

Document Requirements:

· Must contain your name · Must contain your current address · Must be dated within the last 8 weeks · Bank / Credit Card Statements Must be from different sources

All of the documents above can be accepted by email . Our contact details are below.

In order that your application is processed as quickly as possible, please mark your correspondence for the attention of Credit Card Verification including the above reference number:

Email: verifyme.uk@equifax.com

Upon receipt of these documents your application will be completed by a member of The Equifax Verification Team.

Should you require any further information regarding your application please contact our Verification Team at the above email address.

We hope the above details are of assistance to you.

Kind Regards

Equifax Verification Team

This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com.

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.