Hmmm I'd rather not Mr 3 but thank you anyway

Pacing Mule

Ok so a very cryptic thread title but I couldn't think of a summary for this.

I was on the phone to 3 customer service updating some account details. Even though I'm through to the foreign customer care centre all is going well and smoothly which is a refreshing change from the ususal hassle.

Right at the end the customer care guy says to me "before you go today when you rang in you had to give your name address and date of birth to verify yourself. In future to speed things up we offer you the facillity of creating a password here which you can use to verify yourself. The password will be your mothers maiden name and the place you were born."

I asked him why they were looking for the information that most internet /credit card sites would ask for in order to reset accounts / change access and he said it was a facility to speed things up for future reference. I said no thanks - leave it as is and he was grand with that.

Thing is I'm not saying at all that this was some elaborate phising scam being carried out by this guy after the phone stopped recording , I may even have misunderstood him and that they wanted those details to further verify me ( but to the best of my recollection I never had to give that information out when signing up to 3 ), but at the end of the day it's absolute madness to ask someone to give that information out over the phone - it's an identitiy thieves wet dream so I thought I'd post it here.

Sponge Bob

Lovely idea NOT!!

All of the three customer data is on a server in India and the entire customer service is outsourced. God knows who can see what over there and three certainly have no idea what is going on in their call centre beyond ringing them occasionally to check they can read the scripts that Dublin sends them.

Little Miss Cutie

Hi

I have an account with 3 and I have a password set up which does make things faster. That said the conditions I was given was that it had to be a word and a place ie. Dog London.

I was not given instructions like yours at all. Sounds like the guy you were speaking to was up to something or reading from the wrong script.

Del2005

Pageant Messiah wrote: »

Ok so a very cryptic thread title but I couldn't think of a summary for this.

I was on the phone to 3 customer service updating some account details. Even though I'm through to the foreign customer care centre all is going well and smoothly which is a refreshing change from the ususal hassle.

Right at the end the customer care guy says to me "before you go today when you rang in you had to give your name address and date of birth to verify yourself. In future to speed things up we offer you the facillity of creating a password here which you can use to verify yourself. The password will be your mothers maiden name and the place you were born."

I asked him why they were looking for the information that most internet /credit card sites would ask for in order to reset accounts / change access and he said it was a facility to speed things up for future reference. I said no thanks - leave it as is and he was grand with that.

Thing is I'm not saying at all that this was some elaborate phising scam being carried out by this guy after the phone stopped recording , I may even have misunderstood him and that they wanted those details to further verify me ( but to the best of my recollection I never had to give that information out when signing up to 3 ), but at the end of the day it's absolute madness to ask someone to give that information out over the phone - it's an identitiy thieves wet dream so I thought I'd post it here.

Did you call them or did they call you? If you called it sounds like a handy way of getting into your account, except don't use the info they wanted just something you can remember.
If they called you I'd be worried.

Pacing Mule

No I had called them and I don't find any issue with setting up a password as it would indeed save a lot of time but when the instruction was specifically to use maiden name and place of birth a very loud alarm bell went off.

drunkmonkey

This is normal, you can set up a 3 account password so you don't have to go through the whole what did you have for dinner nonsense..

I think he was just making it easy for you as you didn't seem to understand him, btw, you could tell him your mother was mary robinson how is he ever going to know;)

Pacing Mule

I understood him very well - the quotation I posted in the OP was pretty much exactly what was said word for word. In one sentence I was informed of the option to create a password and that password was to be my mothers maiden name and the place I was born. It was an instruction during the original telling me rather than an example in response to confusion on my part.

I could tell them anything you're quite right, but how many people would blindly give out two very critical pieces of personal information to any kind of identity theft. It was a very bizarre instruction IMO.

krudler

drunkmonkey wrote: »

This is normal, you can set up a 3 account password so you don't have to go through the whole what did you have for dinner nonsense..

I think he was just making it easy for you as you didn't seem to understand him, btw, you could tell him your mother was mary robinson how is he ever going to know;)

What are the odds that if o2, vodafone or meteor asked the customer the exact same thing you'd be the first one pissing and moaning about it, 3 can do no wrong apparently:rolleyes:

I wouldnt give that out either, there was a good documentary on how easy it is to buy personal info from Indian call centre employees, they used medical records for theirs but its all the same, as a former call centre employee i could have an absolute ton of info about a customer by just knowing their phone number, on your average bill pay account i can see current and previous address, wife/husbands name if theyre authorised on the account, your date of birth, bank direct debit details if you paid that way, payment history, entire call history for phonecalls and texts used over a 12 month period, and a credit rating, I could ruin your life lol

bottom line is, dont **** with call centre employees:D

jimmycrackcorm

So... it's ok to enter your maiden name and DOB on a web site because you assume that anonymous people have no access to the database storing the information instead of telling it to aqn authorised custoemr service rep?

What's next - walking into your bank, going up the teller and asking for a withdrawal and when they ask for your account number, you refuse in case it ends up used in a 419 internet scam....

Pacing Mule

jimmycrackcorm1 wrote: »

So... it's ok to enter your maiden name and DOB on a web site because you assume that anonymous people have no access to the database storing the information instead of telling it to aqn authorised custoemr service rep?

What's next - walking into your bank, going up the teller and asking for a withdrawal and when they ask for your account number, you refuse in case it ends up used in a 419 internet scam....

That's a rather ridiculous post which takes a legitimate concern, twists it and then compares it to a frankly silly scenario which would never happen.

Firstly it was my mothers maiden name and my own place of birth. You referenced my maiden name and date of birth - both if which are standard fields on most identification forms online or offline.

Secondly any time you enter personal details on a website you need to evaluate how trustworthy you deem that site and it's staff to be. And even when you trust said site things can still go wrong as was demonstrated here recently. That's a fact of internet life and everybody should accept this.

On every site that asks for the specific personal details I was asked for ( not the mistakenly referenced ones you ranted at ) they are used as backup / means of verifying your identity should your password be lost etc. They are never ever forced to be your password which was what was the situation here.

On the majority of customer service providers systems be they internet driven or not the authorised agent has access to the portion of your details they need and no more. Your mothers maiden name can be freely available on these systems offline as an identity check but other details are on a database etc and are hopefully not for general usage. It's why my secret question choice is never mothers maiden name because it is too generally available.

On boards here your password is encrypted, on most websites which use your place of birth as an answer to a secret question etc that place of birth is also encrypted. To be asked to choose a password which was defined in the manner mine was is a legitimate security concern.

eth0_

OP that sounds pretty suspicious.

I setup this password with 3 about 2 years ago (can't even rememeber the password now though, oops) and the girl (in India) told me to choose my own password. I think she gave examples like the name of a pet or favourite city. Nothing that could be used to commit identity fraud anyway.

Might be worth your while writing to 3 to inform them what happened.

dub45

These concerns are exactly why I have such reservations about the so called direct debit plus system. This is a 'facility' whereby you can set up a direct debit over the telephone - the bank does not hold a paper mandate at all.

It seems to me that there is nothing to stop a 'rogue' employee from making a copy of such details for themselves for later use. As I understand it Companies often hire in temporary employees for dd campaigns.

The company are subsequently supposed to write to you and confirm you have set up the dd etc - but there is no way of confirming that a copy of your bank account details are not now with some rogue employee.

obviously variations on this can happen in any company - I was very surprised to read above that bank account details etc are routinely available to call center employees. Is that definitely the case?

Walkman

i would agree with the post to write to 3 and inform them what has happened. I also set up two passwords with 3 but I was told they could be any two I wanted with no reference to what they should be

drunkmonkey

krudler wrote: »

What are the odds that if o2, vodafone or meteor asked the customer the exact same thing you'd be the first one pissing and moaning about it, 3 can do no wrong apparently:rolleyes:

shoite odds, I wouldn't make that bet

thebman

TBH, its weird that any person ask you to setup a password over the phone.

They should have a system for setting up password. On a phone, you could use an automated system that asks you to say your password after the beep and press # when done, use voice recognition and ask you to confirm its correct.

Just telling someone what you want your password to be doesn't seem very secure. Sure on a database like boards you have sensitive information but the password is encrypted and the rest of the information you provide is up to you. I doubt 3's password is encrypted if you just tell some bloke the password regardless of whether is in India, London, Belfast or Dublin.

Walkman

It it not a password to get into any information the guy in the call centre doesn't already have access to. Is just so when a customer calls they use the password to verify they are the account holder so name address etc....will not be asked. It's not used to access any information if the password is not given them the advisor will not discuss the account. It's more for the customers protection than anything.

slimjimmc

Just use a fake name and date. It's just a password, it doesn't have to be real personal information.

I agree though that setting up a password through a person is very insecure however the OP doesn't actually say that is what was offered, it said he was offered the facility to set up an account. This facility could involve switching him over to an automated system.