Posted by: Clarinette | May 25, 2011

TalkTalk and the security of customer data

Update:

Indian call centres selling UK financial data for 25 pence a user

‘An investigation by The Sun found a former call centre worker who sold the bank account details, personal data such as job description and credit card numbers with the three-digit CVV security code of 1,000 users for £250.’

It is an undeniable fact that data is worthless. Storage has gone cheap and a whole market is out there collecting and reselling information.
From the own words of Meglena Kuneva, the European Consumer Commissioner, “Personal data is the new oil of the Internet and the new currency of the digital world Microsoft Partner Architect, Marc Davis said at the Privacy Identity and Innovation (pii) conference that Digital life is a bankable currency in the Web of the World.

I don’t know the situation abroad, in the UK, phone line providers are mainly, the biggest BT, then TalkTalk, O2, virgin for cable and fibre optic, eventually Sky. Not a huge choice of competitor for this open market.

I had been with BT before I switched to TalkTalk who at that time, had just been bought by Carephonewarehouse with fresh money injected.
What BT could not do, pretexting I was in 14 then 18 days of ‘optimisation period’ (which was hardly any connection and I work from home), TalkTalk took over the line with good service for sometime.

Two years ago, I started to have technical issues with the line.
To make it short, I had to pass many calls to be each time finally transferred to a ‘Level 2’ supervisor to be promised after apologies they would ask an engineer to call me to book an appointment to look at the installation. (they could not directly give me an appointment). FOUR TIMES the promise FAILED.

Meanwhile, I am living in a house with ONLY ONE main socket operating as I was asked to disconnect all other phone. I am still there two years later !!

Tired of that situation and after a letter TalkTalk sent me complaining that I had gone over my usage limit of 40 GB, I finally decided to call them and this is where I am very upset.

When you call BT or TalkTalk or Vodafone in this country RARELY the issue is resolved by one single agent. It must be written somewhere in their internal policies, you get passed on many different departments before eventually reaching the right one if not cut or hanged on or….

At each step, each employee wants to ask you the maximum of personal information.
I don’t see why each and every single person should ask me first of everything :
– the account number,
– my full name,
– full address,
– My place and date of birth,
– last four digits of my bank account

These all before even knowing the purpose of my call.
I can understand they need the 3 first lines but not my date of birth and bank details, at least not straight away.
I do online banking, when I call my bank for transactions, they don’t need as many information.

TalkTalk employees, like many telecom operators, have a huge turn over. They are usually not well payed and leave after a short time. I have previously posted on the treatment of staff in India Bangalore or elsewhere in these call centers or even data warehouses. We have already seen T-Mobile and Vodafone employees reselling data they had access to.

Want Indian call centers to share your sensitive data ?

Digital Footprints Target for Thieves

I need to know why I should put my safety and identity in danger only because TalkTalk wants to check why no engineer has called me after 4 times they promised to do so. All I wanted is to have the right department to cancel my account and leave TalkTalk.

I did call again yesterday and could only give my name and full address to someone who again tried to promise me the moon not understanding why the previous calls had not succeeded, as she said ‘why the bloody idiot’ just called you if the line was faulty‘ !! After saying I did not needed a Mac number to leave…. she eventually promised to email me my Mac code for migration.

Dear TalkTalk, you have been very good teaching your staff to ‘promise’ , teach them to give a service if you want to keep them.

And, by the way,
Say no to Deep Packet Inspection: ‘TalkTalk HomeSafe – Illegal Involuntary Mass Surveillance
TalkTalk Sales Scam
TalkTalk defends network security tool
Ofcom finds TalkTalk guilty of mis-selling

I should add here ArsTechnica‘s article citing the Colorado Law Professor ‘Paul Ohm’ who has done great research on “Deep Packet Inspect and de-anonymisation online.
“In modern connected life, almost no other entity poses a greater threat to privacy than the ISP. ISPs pose a much greater threat to privacy than other online entities and they even pose a greater threat than offline institutions as well, including doctors, psychiatrists, and lawyers.” Greater, even, than Google.

The two bulldozers, in Ohm’s view, that are remaking the ISP landscape are “deep packet inspection gear” and “tremendous commercial pressures.” ISPs at last have the technical capacity to monitor huge amounts of user web traffic in realtime, and advertisers like NebuAd and Phorm are (or were) simultaneously offering large cash payments for access to Internet traffic. “

Twitter @TalkTalkCare said to me:
On 24th of May:

@clarinette02 Yes, they may ask for those pieces of information in order to confirm data protection. #ttandy
@clarinette02 http://www.talktalkmembers.com we always initially ask the previous questions I listed. #ttandy
@clarinette02 Yes, they may ask for those pieces of information in order to confirm data protection. #ttandy
@clarinette02 Hi, You would need to speak to our cancellations team in order to cancel. You will always need to confirm details …….
@clarinette02 to ensure that we are speaking to the account holder. We need to confirm 4 pieces of information to do this. #ttandy

And today, May the 25th:

@clarinette02 Hi, if you are on LLU you do not need a MAC code. If we provide the service over BT’s equipment you do need one. #ttandy
@clarinette02 Hi, A TalkTalk employee would not ask for that level of details when calling us. if we can help let us know. #ttstephen

Well I have no men of checking who answers TalkTalk phone calls!! Yesterday, I was told it was all normal

when I asked:

@TalkTalkCare U dt really answer my question: shld #TalkTalk ask Acct #, Full name, Full address, DOB + 4 digits of credit card over phone?

Obviously, #ttandy and #ttstephen don’t follow same rules or maybe would they have read my post in the mean time?

Sorry TalkTalk, you have no respect for your customers. It’s a fail .

BBC News Technology wrote: ‘Personal data could become commodity’

Read about the price of stolen data from Sony Playstation on the Black Market ‘Stolen info from PlayStation hack reportedly up for sale

PCWorld in the US ‘Thieves Are Stealing Children’s Identities

In Australia: ‘Mobile security outrage: private details accessible on net


Responses

  1. symptom of many ISPs I am afraid. If you want a good service you have to pay more. Many small ISPs walk the talk, and will do everything they can to sort out your problems. They are all working on a shoestring due to the scarcity model that bt wholesale operate. If we all had fibre there would be an abundance and t’interntet would just work. Until the copper cabal is broken many ISPs keep costs down with throttling, capping, and as you pointed out pathetic customer service. Maybe they sell our information on as a sideline? who would know?

  2. Woeful service, just woeful. I am with Virgin and get my internet by cable. It is “mostly fine” but their reputation for poor customer service is poroved true nearly every time I contact them.
    The true problem is that they’re all as bad as each other, meaning we have to put up with the best we can find, which is not good. The market is open for a supplier who can do landline-free broadband with good customer service. They could charge a premium and get it.
    Three (wireless) comes to mind but again their reputation for customer service is snake’s belly low

    • Unfortunately Pedro, you are so awfully true.
      Still, I believe we have to scream out. Consumers need voice and power. Social Media is the tool.
      We don’t need regulation, we need more awareness to take action.
      When Kindle redeemed the 1984 eBook over night, what made them apologises was the herd of customers and their screams.
      Lets make our voice heard and wake up all.
      Thanks for your comment and support.

  3. Thanks for your comment. I have been paying around 50£ per month with TalkTalk even careful not calling mobile numbers, only with the 0840/0870 numbers. Therefore, can’t even say they are cheap for the slow internet they give me.
    I was actually following your advice to get out hoping for better.

    To answer your question, a Colorado Law Professor, Paul Ohm has been writing on that subject of ISPs and Deep Packet Inspection here reported by ArsTechnica Law prof warns against coming ISP privacy apocalypse: http://arstechnica.com/tech-policy/news/2008/09/prof-rails-against-greatest-reduction-of-user-privacy-in-net-history.ars
    Or here on OUT_LAW : http://www.out-law.com/page-9481
    It is not a hypothetic anymore. ISPs need new resources and they are monetising our private data.

  4. Fantastic post, and I can tell you I have experienced the same issue with ISP providers across the pond. End up with the option being staying with the problems you already are accustomed to, rather than switching to a different set of problems. I’ve long been frustrated with providing a long list of personal data each time. I understand giving a few pieces of data.

    Again, great post.

    • Thanks for your comment Deb. Yes, of course they need to check the identity for the sake of the account holder. What TalkTalk is doing is asking an awful lot of personal information at each step and keeping passing you to the next agent. BT and Vodafone have played a similar game with me previously, not as much as TalkTalk.

  5. […] trust any of these ISPs to be in charge of my personal interests and my kids sanity : ‘TalkTalk and the security of customer data‘ Filed Under: Caring Parents, Online Safety for Kids, Privacy Tagged With: ISPs blocking […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: