>He was asked for a security number which had been set by the imposter.
>So even the real Mr Rose could not discuss his account because of the
>security arrangements put in place by the imposter.
I thought i'd heard this but couldn't see it written anywhere.
>The actual pin itself then presumbably is keeping the data secure (not
>even the real Mr Rose can get in!) but what kind of information was
>required to make a security pin by the imposter? Obviously it was not
>sufficient enough......
Clearly. And it is this which worries me.
I've worked in various environments and have heard a degree of prompting
for such details from frontline staff (e.g."could it be part of your phone
number?!)
In Australia, a card is issued with the sim card. It has a unique pin number
which is randomly generated (i believe upto 6 digits long). Without this
number, the account will not be discussed.
Perhaps we should do something along those lines?
Carl
>-- Original Message --
>Date: Thu, 1 Jul 2004 14:19:41 +0100
>Reply-To: Mark Brookes <[log in to unmask]>
>From: Mark Brookes <[log in to unmask]>
>Subject: Re: [data-protection] Stuart Rose (M&S)
>To: [log in to unmask]
>
>
>I heard about this on Radio 2 yesterday evening (Drive time) the
>business correspondent stated that this was only discovered after Mr
>Rose tried to gain access to his account recently.
>
>He was asked for a security number which had been set by the imposter.
>So even the real Mr Rose could not discuss his account because of the
>security arrangements put in place by the imposter.
>
>The actual pin itself then presumbably is keeping the data secure (not
>even the real Mr Rose can get in!) but what kind of information was
>required to make a security pin by the imposter? Obviously it was not
>sufficient enough......
>
>Regards
>
>Mark
>
>>>> Carl Johnson <[log in to unmask]> 01/07/04 13:57:32 >>>
>I read with interest yesterday that o2 have possibly released call
>records
>relating to Mr Rose.
>
>The BBC website states:
>
>"The spokesman added that any impostor would have to know a
>substantial
>amount of information about the person they were pretending to be in
>order
>to get past security checks"
>
>Really? Is that so? I feel that with as much as a name, address and
>DOB,
>one could obtain these kind of records. As a result, any interested
>party
>could possibly obtain this information about any of us.
>
>How can this information be better protected? Surely, with a great
>deal
>of information about all of us readily available, we should be
>insisting
>on tighter security of this sensitive information.
>
>I'd be interested in an comments on this matter.
>
>
>Rgds,
>
>Carl
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the IS Help Desk
-
>[log in to unmask]
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|