Thursday, October 04, 2007

ID Theft - asking for trouble?

A few weeks ago at work I placed an order for a bit of equipment for a customer. We don't order very often from this supplier and in fact, this was just the second time. First time round we had to fax a copy of the cheque and present the courier with the cheque (cash on delivery). Fair enough.

Given we wouldn't be buying from them frequently, getting a credit account in place didn't seem worth the effort, so we were quite happy to pay by credit card - nothing unusual there.

They faxed through a form for the credit card details which we had to fax back, so sensible security not asking for the form to be e-mailed back. However, they also wanted a photocopy of my credit card - front and back. To me, this seemed a bit "off", given we're all trying to be so security concious about our personal data and here's a company wanting an exact image of my card.

Now this isn't some little two-bit independent del-boy type trading company, but rather a pan-European company with some 15 years of trading behind it.

Still, I really couldn't fathom why they needed this photocopy and they couldn't really give me a solid explanation. Nor could they convince me that my photocopy would be kept safe. Best they could come up with was "it'll be kept on our server for future use". They also compared it to the fact we faxed a cheque through to them without any problems. My comment that I was sending the physical cheque to them anyway (as that's pretty much how cheques work) and I certainly wouldn't be posting them my credit card didn't sway them from the company line in the slightest.

I could picture a future conversation with the bank though, having perhaps reported some fraudulent transactions on my account. "Do you take all possible precautions to keep your credit card safe? Sure I do, except for all the suppliers I fax a photocopy to, over which I've then got no control".

Needless to say, we cancelled the order and went elsewhere.

This is definitely something to consider though. Any time someone's asking for information that just doesn't seem normal, the alarm bells should start ringing. Even if it's a big company, you've got no idea how good or bad their security is or who that person at the end of the phone really is.

No comments: