Feeds

Equifax asks customer to email debit card photocopies

Sanity check please

Using blade systems to cut costs and sharpen efficiencies

Credit checking giant Equifax left Reg reader Thomas flummoxed when it told him to send copies of the front and back of his debit card when he asked for a credit report.

Equifax has said the request for debit card photocopies was down to human error, but defended its use of email in processing credit reports.

Sending anything by unencrypted email is the internet equivalent of writing confidential details on the back of a post card that anyone might be able to see. Equifax's use of the medium is surprising because credit reference agencies, more than any other organisation, ought to be well aware of how confidential data can be misused to carry out identity theft if it goes astray.

"Equifax (whom I've asked for my credit report) want me to email them copies of the front and back of my debit card. Email! They don't even provide a fax number as an alternative," Thomas said.

Challenged on this practice, Equifax told Thomas he could send the material by fax or post as an alternative to email, which it maintains is secure. It said: "Email is accessible only by authorised Equifax employees and Equifax take all necessary action to ensure that data sent to this address is secure."

Faxes are also safe, Equifax reassured Thomas. "Faxes [are] forwarded to a secure internal network folder, accessible only by authorised Equifax staff. Documentation supplied is used for verification purposes only and is not kept longer than necessary."

The post and fax options aren't highlighted in Equifax's original instruction to Thomas (copy below). An Equifax spokesman said it asked for extra information to be sent in cases where it can't ascertain the identity of people making requests for credit reports. In the case of Thomas extra proofs were probably deemed necessary because he only came to live in the UK from Germany just over three years ago, but credit reports go back six years.

So not everyone will have to jump through these hoops, but those that do may be offered potentially insecure fax or email options.

"We are aware with the security issues over the internet or fax. It's a trade-off and we only ask for data when we can't ascertain someone's identity from the information they initially supply," the spokesman explained, adding that the Information Commissioner is aware of its processes.

He added that in the case of Thomas more information was requested than needed - specifically the debit card photocopies - and this was requested due to "operator error".

Equifax said that email responses are only one of the options it offers. Pressed on its apparent preference for email, Equifax said that despite the well-known shortcomings of the communication method it has never had any problems with data sent to it in that way.

Trying to get a credit report through the web has left Thomas with the feeling he'd have been better off sticking to snail mail. "This seemingly easy to use web service at £11.95 or so is painfully slow to get a result, at least in my case," he said. "I'm delighted to hear I can just snail mail the stuff and get a response for a cheque of £2." ®

Ref: xxxx

Dear xxxx

Thank you for your recent on-line Credit Report application to MyEquifax.

Please note that in order to complete your on-line application, we would request that you provide a copy of the following documents for security purposes.

Credit Card Users

One Utility Bill One Credit Card Statement which must relate to the Credit Card you wish to use to purchase your product.

Debit Card Users

One Utility Bill One Debit Card Statement which must relate to the Debit Card you wish to use to purchase your product. We also require a photocopy of front and back of this Debit Card.

Not Using Your Own Card?

Should you wish to purchase a product using a Debit / Credit card belonging to another individual, please provide a copy of the card holders Debit / Credit Card and bank statement along with written authorisation from the card holder allowing you to use his/her card.

Document Requirements:

· Must contain your name · Must contain your current address · Must be dated within the last 8 weeks · Bank / Credit Card Statements Must be from different sources

All of the documents above can be accepted by email . Our contact details are below.

In order that your application is processed as quickly as possible, please mark your correspondence for the attention of Credit Card Verification including the above reference number:

Email: verifyme.uk@equifax.com

Upon receipt of these documents your application will be completed by a member of The Equifax Verification Team.

Should you require any further information regarding your application please contact our Verification Team at the above email address.

We hope the above details are of assistance to you.

Kind Regards

Equifax Verification Team

This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com.

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.