Feeds

Equifax asks customer to email debit card photocopies

Sanity check please

The Essential Guide to IT Transformation

Credit checking giant Equifax left Reg reader Thomas flummoxed when it told him to send copies of the front and back of his debit card when he asked for a credit report.

Equifax has said the request for debit card photocopies was down to human error, but defended its use of email in processing credit reports.

Sending anything by unencrypted email is the internet equivalent of writing confidential details on the back of a post card that anyone might be able to see. Equifax's use of the medium is surprising because credit reference agencies, more than any other organisation, ought to be well aware of how confidential data can be misused to carry out identity theft if it goes astray.

"Equifax (whom I've asked for my credit report) want me to email them copies of the front and back of my debit card. Email! They don't even provide a fax number as an alternative," Thomas said.

Challenged on this practice, Equifax told Thomas he could send the material by fax or post as an alternative to email, which it maintains is secure. It said: "Email is accessible only by authorised Equifax employees and Equifax take all necessary action to ensure that data sent to this address is secure."

Faxes are also safe, Equifax reassured Thomas. "Faxes [are] forwarded to a secure internal network folder, accessible only by authorised Equifax staff. Documentation supplied is used for verification purposes only and is not kept longer than necessary."

The post and fax options aren't highlighted in Equifax's original instruction to Thomas (copy below). An Equifax spokesman said it asked for extra information to be sent in cases where it can't ascertain the identity of people making requests for credit reports. In the case of Thomas extra proofs were probably deemed necessary because he only came to live in the UK from Germany just over three years ago, but credit reports go back six years.

So not everyone will have to jump through these hoops, but those that do may be offered potentially insecure fax or email options.

"We are aware with the security issues over the internet or fax. It's a trade-off and we only ask for data when we can't ascertain someone's identity from the information they initially supply," the spokesman explained, adding that the Information Commissioner is aware of its processes.

He added that in the case of Thomas more information was requested than needed - specifically the debit card photocopies - and this was requested due to "operator error".

Equifax said that email responses are only one of the options it offers. Pressed on its apparent preference for email, Equifax said that despite the well-known shortcomings of the communication method it has never had any problems with data sent to it in that way.

Trying to get a credit report through the web has left Thomas with the feeling he'd have been better off sticking to snail mail. "This seemingly easy to use web service at £11.95 or so is painfully slow to get a result, at least in my case," he said. "I'm delighted to hear I can just snail mail the stuff and get a response for a cheque of £2." ®

Ref: xxxx

Dear xxxx

Thank you for your recent on-line Credit Report application to MyEquifax.

Please note that in order to complete your on-line application, we would request that you provide a copy of the following documents for security purposes.

Credit Card Users

One Utility Bill One Credit Card Statement which must relate to the Credit Card you wish to use to purchase your product.

Debit Card Users

One Utility Bill One Debit Card Statement which must relate to the Debit Card you wish to use to purchase your product. We also require a photocopy of front and back of this Debit Card.

Not Using Your Own Card?

Should you wish to purchase a product using a Debit / Credit card belonging to another individual, please provide a copy of the card holders Debit / Credit Card and bank statement along with written authorisation from the card holder allowing you to use his/her card.

Document Requirements:

· Must contain your name · Must contain your current address · Must be dated within the last 8 weeks · Bank / Credit Card Statements Must be from different sources

All of the documents above can be accepted by email . Our contact details are below.

In order that your application is processed as quickly as possible, please mark your correspondence for the attention of Credit Card Verification including the above reference number:

Email: verifyme.uk@equifax.com

Upon receipt of these documents your application will be completed by a member of The Equifax Verification Team.

Should you require any further information regarding your application please contact our Verification Team at the above email address.

We hope the above details are of assistance to you.

Kind Regards

Equifax Verification Team

This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Fiendishly complex password app extension ships for iOS 8
Just slip it in, won't hurt a bit, 1Password makers urge devs
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.