After the recent data and thefts from two major gaming web sites. Xbox being the latest. I got to thinking, (a painful process for me) of websites such as TMP and many others always ask for Date of Birth a password and a clue such as mothers maiden name.
The same sort of data that you need to access a bank account or worse still a credit card account.
Now I'm not saying that TMP is going to buy a ready painted DBA army on my credit card, but think of a much, much larger internet company or one of a very few, that we all use.
My son, an IT consultant says there is no such thing as a secure site, just some with varying degrees of security.
A secure PC , from cyber crime, isn't connected to the internet.
I use a normal network including two printers in my office and a PC not on the network for sensitive data.
When I need to add a new customer the data is split between non sensitive and all other data.
Of course, if I had a burgulary and they decided to take a second hand PC, undoing a nightmares worth of cable, instead of ten grands worth of cigarettes, then well, it's not safe.
Not practical for a lot of companies, but if things did go wrong, I would be able to claim due dilligence, thats the new buzz word that coucils use to stuff small businesses.
So after boreing everyone rigid, ask yourself this the next time you set up a free mail account, do you really need to give your real date of birth or any other clue to a password.
Just because I'm paranoid, it doesn't mean they're not out to get me.
Regards
Mike 'er smith (age 29) ;-)
Er hi Mike err smith I have a part name, not my full name and the date of birth is actually my sister's date, my brothers month but my year :D I dont know what the hell it is so nobody else gets a chance
Cheers
errr Monty clarke
QuoteJust because I'm paranoid, it doesn't mean they're not out to get me.
:-SS
So very true!
It is slightly worrying. Personally, I'm useless and only have a couple of passwords for any site I use. I try not to sign up for too many things though, and won't buy from sites who require too much info.
It was something we considered with Pendraken, as we didn't want to ask customers for loads of info, as it puts people off buying. So we kept it to a minimum, and so far there's not been any complaints. It was also a factor in choosing PayPal, as it means that we have no access to anyone's payment details, so don't have to worry about any of those issues.
I agree that asking for mothers maiden name or other info that banks normally want is bad practice and I always fire off a complaint/strongly worded comment to any company that asks for one. Though I must admit that I also fire off complaints to companies who list Wales as a country but not the Isle of Man! I too am a somewhat password lazy and generally use the same username and password for all non sensitive sites and "intelligent well constructed passwords" (ones that will take fifteen or more seconds to break) for anything that involves money. Multiple email accounts are also a useful tool for trafficking spam and other trash away from your more important mail such as the Pendraken newsletter.
Having said all that I would rather pay by a computer secure link than give my card details over a mobile phone. I once worked with a gang of plate-layers who used to listen to scanned phone calls during lunch as it was more interesting than listening to the local radio station! When all is said and done though the only really safe method to pay for something is to pay cash, providing that your not mugged on the way to the shop of course
I was reading an article the other day actually, which I've just remembered. PayPal/eBay are developing something called X.commerce, where instead of logging into a website as normal, e.g. Amazon, Pendraken, etc., you would login instead using your PayPal details. This takes away all the storage of data on all your various shopping sites, and instead keeps it all in one place.
So for example, we would install the X.commerce code on the Pendraken website, you would then login into our site using your PayPal login, and buy whatever you wanted, checkout, etc. We wouldn't see or store any of your details at all, the only people with that information would be PayPal.
Now whether PayPal and eBay having that kind of monopoly on everyone's personal details is a good thing, is another issue. :-\
Quote from: wargamesbob on 24 November 2011, 12:01:25 AM
...your more important mail such as the Pendraken newsletter.
:D :-bd
Good to know someone reads it!
Do the same as you Dragoon.
Keep all of our 'sensitive' data on an unconnected PC too !
Cheers - Phil.
Having had a postman who refused to climb steps and was eventually sacked for stealing mail nothing is secure.
Did we all give our CC numbers over the phone in days gone past.......
Nothing is 100% secure, take the risk.
IanS
Not often I agree with Ian but in this case I do. The actual risk is about on a par with walking out in front of a bus, and worrying about what might be is usually futile. So long as you are sensible and take reasonable precautions (like looking both ways before stepping out) the odds are acceptable.
Hi
I've just gone and altered my profile to hide my email address because some clown has harvested the email address to cold canvas me in the hope that I might sell him some of my 10mm stuff to his business (he obviously hasn't seen my painting skills or lack thereof ;D).
Unfortunately the days when you could leave such information around is long gone, mores the pity.
Cheers
GrumpyOldMan
Interesting topic.
Especially as i'm a Data Protection Officer... ;)
It's suprising how many online commercial operations process personal data yet aren't on the Data Protection Public Register.
Can I ask a question here chaps ?
With the effing cold calls 'one' gets....Would it be classed as assault if you blasted a ref's whistle down the phone when you get one of these ?
Some 'peasant' (that sounds as though he's phoning from India) rings me on a fairly regular basis and always asks me if I'm Mr Bevan.......That's NOT my surname....And I'm ex directory....so it must be a random number generator.
I give some abuse and put the phone down....But I'd like to do MORE.
Cheers - Phil
Don't put the phone DOWN Phil - but put it down...without hanging up; these muppets have a script which they'll keep reading for a good while before they notice no-one's answering: cost them some money :d
I also do this with junk email: take the junk letter from Company A & remove any personal info [name, address etc] & put it into the prepaid envelope from Company B - and vice versa - put them back in the post so that they receive junk mail and have paid for the privilege. Strangely satisfying. :D
Quote from: nikharwood on 25 November 2011, 08:10:26 PM
I also do this with junk email: take the junk letter from Company A & remove any personal info [name, address etc] & put it into the prepaid envelope from Company B - and vice versa - put them back in the post so that they receive junk mail and have paid for the privilege. Strangely satisfying. :D
:D I like that!
I tend to put the phone on the side as well, and leave them chatting away to themselves for a bit. Or I tell them "Hang on, I'll just get him/her..." and leave it.
I think that's good advice Nik/Leon...I AM tempted to put on a silly voice and give completely made up details sometimes....Then again...putting the ****ers 'on hold' sounds a satisfying idea.
Thanks - Phil.
May i suggest you simply register with the Telephone Preference Service?
Free, easy, and strips out most of the legitimate cold callers.
http://www.tpsonline.org.uk/tps/number_type.html (http://www.tpsonline.org.uk/tps/number_type.html)
Some useful ICO guidance
http://www.ico.gov.uk/for_the_public/topic_specific_guides/marketing/calls.aspx (http://www.ico.gov.uk/for_the_public/topic_specific_guides/marketing/calls.aspx)
But...these tips might help (personally i go with no. 10)
http://www.vigay.com/misc/coldcallers.html (http://www.vigay.com/misc/coldcallers.html)
:D
Thanks for that Luddite !
TPS ?......Used to use that when we lived in Notts......And it DID cut out the vast majority of 'inland' time wasters.....And it WAS great fun to let the caller have a couple of minutes of air time...Then ask the question "Have you heard of the TPS ?.....Well...I'm on it !"....Usually got a response of "Eeek"....and profuse apologies.
That was fun !
Trouble is, nowadays, I believe a lot of these call centres (scammers) are overseas...and don't give a flying you know what about TPS.
Nowadays I'm ex directory...so there should be no way I should get 'spoof/phishing' calls......UNLESS....The caller is using a random call generator....Or some 'peasant' has put my number down on some form or other before we moved here.....I have my ideas as to who that might have been....Never mind.
Caller display ?.....Yep...got that.....Though the phone in the kitchen is just about unreadable ;)....Sods' Law.
Other problem is that some of our friends have caller display blocked on their outgoing calls.....So we do get genuine calls where I can't tell who's calling.....The silver haired Mother in law is good for this.....and she will NOT leave a message on the ansaphone.....Hey Ho !
Never mind.....I don't get bombarded with cold calls....It's just that as I get older I'm turning more and more into Victor Meldrew regarding certain things.. ;D ;D ;D
And just ONE call winds me up far more than it should !
Many thanks for taking the time to put down those links.......Might try some of those....I think just putting the phone down and leaving them hanging is the best one !
Might play them all of a double album if they stay there long enough ! ;D ;D
Cheers - Phil.
Quote from: Techno on 26 November 2011, 10:29:29 AM
Nowadays I'm ex directory...so there should be no way I should get 'spoof/phishing' calls......UNLESS....The caller is using a random call generator....Or some 'peasant' has put my number down on some form or other before we moved here.....I have my ideas as to who that might have been....Never mind.
Probably the most common way for your ex-direc number to end up in the hands of a cold caller is if you've given it to some company and they pass it on to a 'partner' company or sell it on perhaps.
Always worth checking the small print or asking 'who will my details be shared with' when filling in forms or otherwise giving over your personal data.
Also, remember with paper forms you can always not put the detail down. 'You don't need this', being a good response (unless your providing data to get some sort of srvice that requires they phone, then they don't need it).
Online its harder since fields like that will typically coded with 'stars' to bar progress without the data.
QuotePrinciple 3: Personal data shall be adequate relevant and not excessive in relation to the purpose for which they are processed and will not be further processed in any manner incompatible with that purpose or those purposes.
So many online data harvest processes annoy the hell out of me with this - especially with the requirement to give a phone number. If i'm ordering a product online, you're gathering my email. Need to contact me? Send an email - usually the phone thing is for 'we may also contact you with blahblahmarketingblahblah'. Can't remember the last time i put my real phone number into one of those fields.
However, back to the problem - putting the phone receiver down on them is fine, except i'd be careful about the risk of them overhearing your conversations in the room!
PErhaps have some sort of music player next to the phone and as soon as you spot they're a cold caller say;
'I'm sorry, i'm just going to have to put you on hold' and click the music on. 'Please release me' on loop perhaps?
Yep Luddite
Think you're absolutely right regarding putting your number down 'somewhere' and it being passed on....Though as we took the existing number on it may have been a previous owner of the property....Don't think it was ourselves....But you never know who's got the number in a genuine sense...and then farmed it out.....FUME !!
My only thought there is that they NEVER know what my name is...(It's either "Am I speaking to the homeowner?"....Or asking if I'm this Mr Bevan..Whoever HE is),,,.So I'm guessing it's not from someone I've actually dealt with.
Don't worry about them overhearing conversations.....The only thing they might hear is me going "How the hell did you get upstairs" to one of the dogs ;D ;D.....Telling one of the cats....."Where's the slab of green stuff gone ?....You've knocked it on the floor again haven't you ?" (Thanks Smiffy)....But more likely me cursing to myself ! ;)
I can put the phone down bang next door to my little CD player without getting up.....SOMEWHERE I have got "Please release me"....I'm thinking more of looping Ian Gillan's high pitch screaming on 'Child in time'......That should put them off !
Thanks again - Phil .....Does you good to have a rant, doesn't it ? ;D
I may be wrong, but the TPS only covers people who are trying to sell you something, so anything market-research orentated isn't covered under those guidelines. I've also found the 'Have you had an accident?' people don't seem affected by it either, as they're still phoning us.
Quote from: Techno on 26 November 2011, 12:55:59 PM
I'm thinking more of looping Ian Gillan's high pitch screaming on 'Child in time'......That should put them off !
A bit of Kate Bush should do it... :D
It also dosn't apply to offshore call centres, cause they use an international number which Britsih legislation dont apply to.
IanS
It's more the 'survey' call that can be dangerous.
They ask one or two innocuous questions like ' do you think the price of petrol is too high?' or 'should bank charges for overdrafts be regulated?'
then there is a lead in to one detail like 'I use TSB , but I'm thinking of changeing as they charged £xxx because '.
All they want is one piece of information.
Don't forget, being polite is a disadvantage.
Think Victor, and you won't go wrong.
Mike