Feeds

Equifax asks customer to email debit card photocopies

Sanity check please

Secure remote control for conventional and virtual desktops

Credit checking giant Equifax left Reg reader Thomas flummoxed when it told him to send copies of the front and back of his debit card when he asked for a credit report.

Equifax has said the request for debit card photocopies was down to human error, but defended its use of email in processing credit reports.

Sending anything by unencrypted email is the internet equivalent of writing confidential details on the back of a post card that anyone might be able to see. Equifax's use of the medium is surprising because credit reference agencies, more than any other organisation, ought to be well aware of how confidential data can be misused to carry out identity theft if it goes astray.

"Equifax (whom I've asked for my credit report) want me to email them copies of the front and back of my debit card. Email! They don't even provide a fax number as an alternative," Thomas said.

Challenged on this practice, Equifax told Thomas he could send the material by fax or post as an alternative to email, which it maintains is secure. It said: "Email is accessible only by authorised Equifax employees and Equifax take all necessary action to ensure that data sent to this address is secure."

Faxes are also safe, Equifax reassured Thomas. "Faxes [are] forwarded to a secure internal network folder, accessible only by authorised Equifax staff. Documentation supplied is used for verification purposes only and is not kept longer than necessary."

The post and fax options aren't highlighted in Equifax's original instruction to Thomas (copy below). An Equifax spokesman said it asked for extra information to be sent in cases where it can't ascertain the identity of people making requests for credit reports. In the case of Thomas extra proofs were probably deemed necessary because he only came to live in the UK from Germany just over three years ago, but credit reports go back six years.

So not everyone will have to jump through these hoops, but those that do may be offered potentially insecure fax or email options.

"We are aware with the security issues over the internet or fax. It's a trade-off and we only ask for data when we can't ascertain someone's identity from the information they initially supply," the spokesman explained, adding that the Information Commissioner is aware of its processes.

He added that in the case of Thomas more information was requested than needed - specifically the debit card photocopies - and this was requested due to "operator error".

Equifax said that email responses are only one of the options it offers. Pressed on its apparent preference for email, Equifax said that despite the well-known shortcomings of the communication method it has never had any problems with data sent to it in that way.

Trying to get a credit report through the web has left Thomas with the feeling he'd have been better off sticking to snail mail. "This seemingly easy to use web service at £11.95 or so is painfully slow to get a result, at least in my case," he said. "I'm delighted to hear I can just snail mail the stuff and get a response for a cheque of £2." ®

Ref: xxxx

Dear xxxx

Thank you for your recent on-line Credit Report application to MyEquifax.

Please note that in order to complete your on-line application, we would request that you provide a copy of the following documents for security purposes.

Credit Card Users

One Utility Bill One Credit Card Statement which must relate to the Credit Card you wish to use to purchase your product.

Debit Card Users

One Utility Bill One Debit Card Statement which must relate to the Debit Card you wish to use to purchase your product. We also require a photocopy of front and back of this Debit Card.

Not Using Your Own Card?

Should you wish to purchase a product using a Debit / Credit card belonging to another individual, please provide a copy of the card holders Debit / Credit Card and bank statement along with written authorisation from the card holder allowing you to use his/her card.

Document Requirements:

· Must contain your name · Must contain your current address · Must be dated within the last 8 weeks · Bank / Credit Card Statements Must be from different sources

All of the documents above can be accepted by email . Our contact details are below.

In order that your application is processed as quickly as possible, please mark your correspondence for the attention of Credit Card Verification including the above reference number:

Email: verifyme.uk@equifax.com

Upon receipt of these documents your application will be completed by a member of The Equifax Verification Team.

Should you require any further information regarding your application please contact our Verification Team at the above email address.

We hope the above details are of assistance to you.

Kind Regards

Equifax Verification Team

This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com.

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.