I had an argument – maybe more of a one-sided discussion – with a poor guy in store card call centre today.
I was calling in response to a phone message I received about my late mother’s store card; she died last year and last month I finally paid off the balance on her account. The store had a justified query on the transaction and called me up, leaving a message on my mobile for me to call them.
When I did so, the guy on the phone asked me for the account holder’s address. The account holder being dead and not really having an address, I asked whose address it was they wanted – they had called me, after all.
He explained that it was the account holder’s. Of course, anyone could provide that address. Providing the first line of the address proves absolutely nothing. It certainly doesn’t prove who I am – and I was the person trying to do stuff on the account. For the call centre to try to verify the identity of a dead person made me wonder whether they had a lot of zombie assets. Or maybe they’re based in Bristol.
Either way – lousy security. The poor guy on the end of the phone didn’t really see what I was getting at.
This reminded me of another security issue I had during the week, this time using my credit card online. I forgot my password, which happens more or less every time I use my card on the internet – once or twice a month. So I clicked on the link that said “forgotten password?” once more. The system asked for my name, my date of birth and the security numbers on the back of the card. All of which would be available to anyone who had stolen my wallet.
So how does this make my credit card transactions secure?
I won’t stop using my card online, but I think a bit more attention paid to reasonable security wouldn’t go amiss.