Tesco Credit Card Security

An open letter to Tesco and the Financial Regulator.

CC: Financial Regulator, Dublin 2
CC: Tesco Ireland, Gresham House, Dun Laoghaire, Dublin
CC: Tesco Customer Service, PO Box 73, Baird Avenue, Dundee DD1 9NF
CC: Tesco Card Center, PO Box 5747, Southendon-Sea, SS 11 9AJ

RE: Tesco Credit Card Security Procedures

Sir/Madam,

I would like to file a formal complaint about Tesco Personal Finance security procedures for contacting customers by telephone. I have been contacted twice by their staff in recent weeks, and I was shocked by their call procedures in both cases.

The first time I was contacted, via a private number, the staff member wouldn’t introduce themselves or who they represent “for security reasons”. They then proceeded to ask me for personal information to authenticate myself to them. When I explained that there was absolutely no way I was going to authenticate myself to someone that is unwilling to authenticate themselves, they cited the Data Protection Act as justification. I hung up.

At this point I guessed it was Tesco Personal Finance that was contacting me, but there’s no way I could have been sure of this until it was confirmed by the second caller a week later, who at least had the courtesy to introduce themselves and the company. However they also asked me to authenticate myself, which I again refused to do. When I complained about the procedures they didn’t attempt to resolve the situation in any way, they simply cited chapter and verse back at me.

I understand why Tesco was trying to contact me; I received a letter about an overdue amount on my account and sent a cheque to bring it in order on the 31st of March. I accept that was my error and apologise to Tesco for the inconvenience, although in my defence I would add that I changed banks recently and simply had no way to pay the outstanding amount, as my previous account was closed automatically by my old bank before the new account was fully open.

I would also add that if Tesco had invested in just one Irish staff member to handle payments locally, or had invested in an online account management tool for Tesco credit cards, I would have been aware of the issue earlier and they would have received the payment already. I understand the service is outsourced, but Tesco can’t afford 50 or 100k for these simple features?

That’s neither here nor there though, my issue is with the security procedures. While I understand the need for these procedures, their implementation in this case is incompetent at best and dangerous at worst. Consumers are told every single day via various sources not to respond to hoax emails or phone calls, not to give authentications details to just anyone, yet here is Tesco ringing me out of the blue, on a private number, asking for my date of birth and mother’s maiden name.

Please change these procedures to protect Tesco customers, and the customers of other financial institutions whose senses may be dulled by these nonsensical security procedures. A security professional could and should be contacted to discuss the best way to go about it, but even someone like me with the most basic interest in security can suggest something better:

  1. The call shouldn’t come from a private number. The number doesn’t even have to work inbound, a simple recorded message can be used to authenticate.
  2. The staff member should introduce themselves by name.
  3. If allowed by data protection law, the company should be introduced. If this is an issue, tell them that their personal credit card provider is calling, but due to data protection law further details cannot be disclosed. I would be very surprised if the Data Protection Commissioner wouldn’t allow this, but they can and of course should be contacted to confirm this. Rest assured it won’t cost anything.
  4. It should be explained to the customer that the provider is trying to get in touch to discuss the details of the account, but for security reasons they need to initiate contact by calling the freephone number on the back of their card.
  5. Apologise for the inconvenience.

You can even automate this part of the procedure because no actual conversation will take place; not a bad idea in my opinion given the inability of Tesco’s staff to work off-script. Again though, I’m not a security expert, and one should be consulted. I’d strongly suggest Bruce Schneier of Counterpane Systems as one of the most respected experts in the industry.

But of course you should do your own research into this and not take my word for it, since I could be anybody; in much the same way that I don’t take the word of someone that rings me out of the blue. Seeing a pattern here? Please, do something about this idiocy. It’s dangerous.

This is an open letter, the full content will be published on my website at the following address:

http://verbo.se/tesco-credit-card-security/

All recipients are welcome to respond there or by email to [REMOVED] instead of in writing. If you would prefer that your response remain private, please make this clear in same. I reserve the right to post a summary of responses on my website.

Yours sincerely,
Adam Beecher

Clifford Stoll @ TED

I’m not big on mainstream education. I’m almost entirely self-educated when it comes to the subject I love, however I do wonder sometimes if I would have fared better if I had the patience and energy for mainstream education. I tried it again recently in CIT as an experiment and found that I still don’t have those attributes, but that just proves that I can’t (or won’t), not that it wouldn’t make me a different person if I could.

While my own laziness is much to blame for this, I still feel teachers have a lot to answer for. I’ve had some superb teachers – Peter O’Brien in Douglas Comm probably taking first place – but most have been decidely average, and many utterly useless. My commerce and early science teachers in that same school, for example, were so boring I’m utterly amazed anyone remembers anything they say, ever. And if anything, the standard of education is getting worse in this country, not better.

I think I’d be a very different person and we’d all be a lot better off if we had people like this educating us, and our children.

Although I wonder if we’d ever want to leave school…

Dumb eco-questions you were afraid to ask

Great article on New Scientist with some answers to questions I’m sure many of us modern folk wonder about on a regular basis. Are hybrids really more of a fashion statement right now? Should I be leaving the lights on or switching them off and on? What can and can’t I recycle? Is washing clothes at 30 degrees ok? Et cetera.

Some of the answers are surprising – shipping receycling to China isn’t always bad, for example – others are obvious, but I reckon there’s something here for everyone. Even if you knew most of it already, it’s probably nice to have it validated by New Scientist. :)

One answer I’m not so sure about: Is it really still bad to charge electronics early and often? I used to be very careful to fully deplete my batteries to avoid the dreaded memory problem, but I read somewhere recently that this no longer applies with modern batteries. In fact I got the impression that the opposite is true, that I should be charging whenever I can. Does anyone have a definitive answer on this?

  1. If I switch the light on and off every time I enter and leave a room, does this use more energy than leaving it on all evening?
  2. How clean does the pizza box have to be for it to be recyclable? Likewise cans and bottles
  3. Are laminated juice cartons recyclable?
  4. What’s the most fuel-efficient way to drive?
  5. Is it worth recycling when stuff gets shipped to China and back in the process? Given the carbon footprint of all that, maybe we should just let the stuff rot
  6. Can I save the planet by staying slim?
  7. What’s worse, the CO2 put out by a gas-fuelled car or the environmental effects of hybrid-car batteries?
  8. What is recycled organic waste used for?
  9. If I offset my flights, can I fly as much as I want?
  10. If I’m stuck in a stop-start traffic jam, do I use more petrol turning my car on and off repeatedly or leaving it running?
  11. Can I put window envelopes in the paper recycling?
  12. How long does it take for a micro-windmill to pay for itself?
  13. Is it better to buy an eco-friendly car, with all the energy that is needed to produce it, or just run my old one into the ground?
  14. What’s the best way to charge my laptop – little and often or let the battery run down completely?
  15. Will washing my clothes at 30 °C really get them clean?
  16. Why can’t the machines in my gym be used to generate electricity?
  17. Does switching from bus to bike really have any effect? After all, cycling isn’t completely carbon neutral because I’ve got to eat to fuel my legs
  18. Is a full commercial plane more fuel-efficient over long distances than a car?
  19. If I turn my appliances off but don’t unplug them will they still use up some electricity?
  20. Does it really take more energy to recycle an aluminium can than to make a new one?
  21. What is the single most effective thing I can do for the environment?
  22. How environmentally damaging is barbecuing?
  23. When and how is the most energy-efficient way to defrost my fridge-freezer, and is a self-defrosting fridge more eco-friendly?
  24. What does the circling-arrows logo on European packaging mean?
  25. What’s greener, paper/cardboard or plastic packaging?

BBC’s The Box

BBC News: We have painted and branded a BBC container and bolted on a GPS transmitter so you can follow its progress all year round as it criss-crosses the globe. The Box will hopefully reach the US, Asia, the Middle East , Europe and Africa and when it does BBC correspondents will be there to report on who’s producing goods and who’s consuming them.

Paraprosdokian

Is my word of the day. Basically it’s a phrase in which the last bit makes you reframe the first bit. The examples on the Wikipedia page are brilliant, and of course feature the master of the genre, Groucho Marx:

  • Where there’s a will, I want to be in it.
  • The car stopped on a dime, which unfortunately was in a pedestrian’s pocket.
  • “If you’re not part of the solution, you’re part of the precipitate.” — Henry J. Tillman
  • “Onward he came, and his feet were shod with his—chilblains.” — Aristotle
  • “I belong to no organized party. I am a Democrat.” — Will Rogers
  • “I’ve had a perfectly wonderful evening, but this wasn’t it.” — Groucho Marx
  • “Time flies like an arrow; fruit flies like a banana.” — Groucho Marx
  • “I want to die like my father, quietly, in his sleep—not screaming and terrified like his passengers.” — Bob Monkhouse
  • “A modest man, who has much to be modest about.” — Winston Churchill
  • “If you are going through hell, keep going.” — Winston Churchill
  • “I haven’t slept for ten days, because that would be too long.” — Mitch Hedberg
  • “I don’t have a girlfriend, I just know a girl who would get really mad if she heard me say that.” Mitch Hedberg
  • “Take my wife—please.” — Henny Youngman
  • “It has been said that democracy is the worst form of Government except all those other forms that have been tried.” — Winston Churchill
  • “You can always count on Americans to do the right thing – after they’ve tried everything else.” — Winston Churchill
  • “I weigh 135 pounds naked, if that scale at the train station is to be believed.” — Emo Phillips
  • “I’ve never seen him so sad, or ever before.” — Scruffy in Futurama
  • “If I could say a few words, I would be a better public speaker.” — Homer Simpson