Request For Comment

RangeR

eircom Representatives. In your official capacity, can you comment on the following items relating to the Direct Debit Scheme? I understand that you may not have immediate answers.

1. What checks do you have in place, either online, over the phone or in retail, to ensure that the bank account details provided by a give potential customer are valid so as to mitigate fraud.
2. When advised by potential fraud [or even just an accidental taking of payment] by a non customer on that non customer's bank account, why do you require a breach of privacy by requiring that non customer to send in a bank statement, when that bank statement will show nothing other than a payment has been made? It will not help pinpoint the payment on your system, any more than getting details from the non customer, over the phone, including the unique mandate code.
3. As point two, why do you refuse to look into an issue where Meteor tak money wrongly from a person who isn't a customer, unless they call the guards and the guards get a court order. At the time, it wasn't a criminal matter.

I await your comments.

eircom: Tony

RangeR wrote: »

eircom Representatives. In your official capacity, can you comment on the following items relating to the Direct Debit Scheme? I understand that you may not have immediate answers.

1. What checks do you have in place, either online, over the phone or in retail, to ensure that the bank account details provided by a give potential customer are valid so as to mitigate fraud.
2. When advised by potential fraud [or even just an accidental taking of payment] by a non customer on that non customer's bank account, why do you require a breach of privacy by requiring that non customer to send in a bank statement, when that bank statement will show nothing other than a payment has been made? It will not help pinpoint the payment on your system, any more than getting details from the non customer, over the phone, including the unique mandate code.
3. As point two, why do you refuse to look into an issue where Meteor tak money wrongly from a person who isn't a customer, unless they call the guards and the guards get a court order. At the time, it wasn't a criminal matter.

I await your comments.

Hi RangeR
As this questions relate to set eircom security and data procedures we cannot really offer much in the way of detailed comment here. I can send this to our data protection and procedure department to provide answer.
Procedure for accepting bank details would follow those for practically all established business.
I am not aware of issue mentioned within your second query but will chase this for you.
The links you provide are specific to Meteor and as this is an eircom / eMobile forum I would not have an answer to this. However eircom and eMobile would certainly take any report of such action seriously and in some cases the Gardai may well be involved.
I hope this answers your query and will try to provide answer to part two of your query as soon as I get more information.
Regards
Tony

dub45

eircom: Tony wrote: »

Hi RangeR
As this questions relate to set eircom security and data procedures we cannot really offer much in the way of detailed comment here. I can send this to our data protection and procedure department to provide answer.
Procedure for accepting bank details would follow those for practically all established business.
I am not aware of issue mentioned within your second query but will chase this for you.
The links you provide are specific to Meteor and as this is an eircom / eMobile forum I would not have an answer to this. However eircom and eMobile would certainly take any report of such action seriously and in some cases the Gardai may well be involved.
I hope this answers your query and will try to provide answer to part two of your query as soon as I get more information.
Regards
Tony

And we know all about those don't we!!!!!

RangeR

eircom: Tony wrote: »

Hi RangeR
As this questions relate to set eircom security and data procedures we cannot really offer much in the way of detailed comment here. I can send this to our data protection and procedure department to provide answer.

Procedure for accepting bank details would follow those for practically all established business.

If you could pass this up the line that would be appreciated. However, and maybe I'm reading it wrong, there appears to be a contradiction in what you are saying.

On one hand, you say that you can't provide details of the checks you perform to verify that banking details actually belong to the person applying.

On the other hand, you say that practically every business follows the same procedure.

My take on that is, one of those two statements is true and the other false. If it's security related, how could you possibly know how other businesses [outside of eircom] handle this.

The answer I was looking for, and I'm really not trying to lead, is to REQUIRE THE POTENTIAL CUSTOMER TO PROVIDE A BANK STATEMENT showing the same address as picture ID. Why is this, apparently, not done? Why is this, apparently, not verified.

To me, this is an exceptionally simple check. There are other, better methods, but this should be the minimum check performed.

As you suggested, I will take this up with the Meteor forum too.

Again, I would appreciate input from your DP department, at their earliest convenience.

RangeR

Tony,

Unfortunately, I cannot ask these questions on the Meteor forum as I'm not a Meteor customer so don't have a Meteor mobile phone number. However, I am being directly affected by your "security deficiencies" and need answers.

Meteor Customer Care Department refuse to deal with me and I'm really struggling to comprehend what has actually happened.

What can you do for me to obtain answers for my questions relating to Meteor?

RangeR

eircom: Tony wrote: »

I can send this to our data protection and procedure department to provide answer.

I hope this answers your query and will try to provide answer to part two of your query as soon as I get more information.
Regards
Tony

May I assume that the relevant departments haven't had time to respond. Could you request an answer, please. Sorry, I've been busy with my civic duties and neglected this thread.

psalbmb

RangeR wrote: »

May I assume that the relevant departments haven't had time to respond. Could you request an answer, please. Sorry, I've been busy with my civic duties and neglected this thread.

RangeR wrote: »

If you could pass this up the line that would be appreciated. However, and maybe I'm reading it wrong, there appears to be a contradiction in what you are saying.

On one hand, you say that you can't provide details of the checks you perform to verify that banking details actually belong to the person applying.

On the other hand, you say that practically every business follows the same procedure.

My take on that is, one of those two statements is true and the other false. If it's security related, how could you possibly know how other businesses [outside of eircom] handle this.

The answer I was looking for, and I'm really not trying to lead, is to REQUIRE THE POTENTIAL CUSTOMER TO PROVIDE A BANK STATEMENT showing the same address as picture ID. Why is this, apparently, not done? Why is this, apparently, not verified.

To me, this is an exceptionally simple check. There are other, better methods, but this should be the minimum check performed.

As you suggested, I will take this up with the Meteor forum too.

Again, I would appreciate input from your DP department, at their earliest convenience.

eh.. this security checks ARE carried out actually. I ordered an eMobile phone a few months ago. When my phone was delivered, I was asked to produce my passport(as valid ID), A Bank Statement and I was asked for a secret 4 digit passcode, that was given to just ME during the sale. Also during the sale, the agent, quite clearly went though All the Terms and Conditions of the contract including all security and data protection issues, which are legislated under the Data Protection Act 1988... and thats why eircom can't answer some of the questions <snip>

RangeR

psalbmb wrote: »

eh.. this security checks ARE carried out actually. I ordered an eMobile phone a few months ago. When my phone was delivered, I was asked to produce my passport(as valid ID), A Bank Statement and I was asked for a secret 4 digit passcode, that was given to just ME during the sale. Also during the sale, the agent, quite clearly went though All the Terms and Conditions of the contract including all security and data protection issues, which are legislated under the Data Protection Act 1988... and thats why eircom can't answer some of the questions you fool

Welcome to Boards. You are relatively new so...

1. I won't be called a fool by anyone. If you retract that comment, apologise or simply edit it out of your post, I won't report you. I'll recheck tomorrow lunch time.

2. Are you trying to say that a courier driver asking you for a pin and quick glance at a bank statement is secure. No disrespect to DPD as they do a great job but they are not security experts.

3. You misinterpreted my OP. I'm specifically talking about proving a bank account belongs to the customer. If you walk into any retail shop, you can sign up for a contract with phone, without showing a bank statement, You need two utility bills and photo ID. A bank statement can be one of those two but it's not required. In essence, I could walk in with your bank account number and sort code. You would be paying my bills for a few months. I'd have a free phone. This has been confirmed by other parties.

4. That four digit PIN shouldn't have been GIVEN to you. It should have been 4 numbers from your bank statement. I'm not going to say which ones. But you should have given that PIN to eMobile. Are you sure that you are recollecting security properly? Before you counter that, I work very, VERY close to the process.

5. Under the Date Protection Acts 1988 and 2003, eMobile [nor any company] can't discuss individual cases with other people. I'm asking about general payment detail security. If you are going to spout "fact" in a derogatory fashion, please make sure that it is fact or you could look less than knowledgeable.

Boards.ie: Nicola

psalbmb infracted for personal abuse.

somecreep

Ranger what exactly are you trying to find out? I work in a bank. Most direct debit companies generally don't do any security checks and usually just need a copy of your passport, copy of bank statement etc. Where I work there is a security team that monitor peoples accounts and any strange transactions can be reversed by that team. Also customers should monitor there bank accounts weekly to see if any strange transactions occur. You can use your bank account number on hundreds of sites such as amazon, paddy power, ebay where very little to none security checks occur so I'm not sure what your problem with eircom is or meteor is a completely separate company.

dub45

somecreep wrote: »

Ranger what exactly are you trying to find out? I work in a bank. Most direct debit companies generally don't do any security checks and usually just need a copy of your passport, copy of bank statement etc. Where I work there is a security team that monitor peoples accounts and any strange transactions can be reversed by that team. Also customers should monitor there bank accounts weekly to see if any strange transactions occur. You can use your bank account number on hundreds of sites such as amazon, paddy power, ebay where very little to none security checks occur so I'm not sure what your problem with eircom is or meteor is a completely separate company.

Are you sure you work in a bank?

How many sites do you use your "bank account" number on?

And really you should check the status of Meteor in relation to Eircom.

I am not sure what exactly mean by a "direct debit" company?  But the lack of security checks I think you will find is one of Rangers concerns as well as the awfulness of the direct debit system.

psalbmb

dub45 wrote: »

Are you sure you work in a bank?

How many sites do you use your "bank account" number on?

And really you should check the status of Meteor in relation to Eircom.

I am not sure what exactly mean by a "direct debit" company?  But the lack of security checks I think you will find is one of Rangers concerns as well as the awfulness of the direct debit system.

You really seem to have a huge problem with Eircom and Meteor for some 'strange' reason!! Listen, If I were you, why don't you apply to work in the Data Protection Office and then you'll find out what security checks etc are being undertaken

dub45

psalbmb wrote: »

You really seem to have a huge problem with Eircom and Meteor for some 'strange' reason!! Listen, If I were you, why don't you apply to work in the Data Protection Office and then you'll find out what security checks etc are being undertaken

I think it should be very clear to anyone with a bit of sense why I have a problem with Eircom/Meteor there is nothing strange at all about the reason.  An abject and admitted failure to follow even their own procedures in relation to data protection should give anyone cause for concern.

psalbmb

dub45 wrote: »

I think it should be very clear to anyone with a bit of sense why I have a problem with Eircom/Meteor there is nothing strange at all about the reason.  An abject and admitted failure to follow even their own procedures in relation to data protection should give anyone cause for concern.

Where did they admit failure to follow procedures?. I don't recall an Offical Eircom Representative stating anything of the sort. In relation to these "data protection failures giving you a cause for concern", Their is alot more important things happening in the world right now. you really have WAY to much time on your hands. Bye

dub45

psalbmb wrote: »

Where did they admit failure to follow procedures?. I don't recall an Offical Eircom Representative stating anything of the sort. In relation to these "data protection failures giving you a cause for concern", Their is alot more important things happening in the world right now. you really have WAY to much time on your hands. Bye

http://www.techcentral.ie/18287/eircom-computer-theft-exposes-customer-and-employee-data-


[font=Arial, helvetica, clean, sans-serif]"Paul Bradley, head of Communications, Eircom Group, confirmed that the stolen computers were not encrypted, despite a stated policy for such computers to be encrypted.[/font][font=Arial, helvetica, clean, sans-serif]

Read more: http://www.techcentral.ie/18287/eircom-computer-theft-exposes-customer-and-employee-data-#ixzz2TTm6WIxd"[/font]