blogs.conchango.com

welcome to the conchango blogging site
Welcome to blogs.conchango.com Sign in | Join | Help
in Search
Blogs

Ergo

Very random thoughts on a variety of interactive media topics.

Hello, this is American Express - can I ask you your inside leg measurement?

About three times a year I have a debate with someone calling from American Express about data security and identity theft. I've never blogged it before, because I didn't have an answer - and nobody likes a ranter!  Now read on:

My mobile phone rings - the called ID says "witheld" or "private" and someone says "I'm calling from American Express, to confirm your identity, can you please tell me..." and then they ask for a piece of personal information.

Every other day, my bank, the press, financial advisers on TV all tell me "we will never ask you for personal information, do not give out personal information on phone or email, it could help someone steal your identity".

So I say "how do I know you're calling from American Express" - I even ask them to give me information only Amex would know. For example, what kind of card account do I have? There then follows a whole catch-22 conversation where they say they can't do this because it breaches the Data Protection Act and they have to verify my identity first.  Anyway, I'm very bored with this conversation now, and have written to Amex several times outlining the inherent issue with this approach, but no response... and it's too frustrating to continue debating and for them to do nothing about it.

So finally, I have a solution. You know the CVC number on a card? On an Amex card, it's 4 digits on the front. On most others it's three digits on the back. It's that 'secret' code you give out to prove you have the card in your possession.

Well, why not put another number on the card? A number that only the card issuer knows? So when I ask "how do I know you're calling from American Express" they can say "do you have your card with you? well, the 5 digit number on the bottom left is...". Now, unless they're Derren Brown, I'm going to be pretty happy that they're not fooling me.

Alternatively, they ask me to set up a password for me to use when I call them - why don't they set up one that they use when they call me? This has happened for years in utility companies where vulnerable people set up a password that maintenance engineers use when they come to the house.

So come on credit card companies... it's two simple answers. It doesn't cost a lot to implement and it will make your customer's data more secure. Why not do it?

 

Published 10 August 2007 09:35 by Paul.Dawson

Comments

 

Derek.Dunlop said:

As an American Express customer for many years - I feel your pain and do the same - "who are you?" -  "How do I know that you are American Express?" -  "What was my last 2 transactions on my card and I'll know that you are who you say you are plus what Amex card(s) do I hold?"

I have given them such a hard time that they have stopped calling me - apart from some insurance stuff that I always refuse and ask to take me off any subsequent marketing calls!

August 13, 2007 10:02
Anonymous comments are disabled

About Paul.Dawson

I started working in 'new media' when it was... around 1996, doing websites for people like DHL and Cellnet (remember them?) as well as CD-Roms for people like Doring Kindersley. I joined Conchango in 1999 because I was fed up with the conflicts and overlaps between the companies that we tended to partner with to deliver these things. Usually it was a tech company and a marketing agency. Neither had the user's needs in mind, and both were trying hard to take business away from each other.. so at Conchango I saw the opportunity to create an integrated team, who as a result of all being on the same side, and following good user centred design process, delivered better stuff for both our clients and their customers. So we built an interactive media team who do design, branding and user experience, and in 2006 were rated best in Europe at this by Forrester Research. Which was nice! Now I spend a lot of time evangelising to customers and at conferences, about what Conchango do in the field of Customer and Brand Experience, as well as still working for real clients on real projects!

This Blog

Syndication

News
© 2008 - Any comments or statements made herein do not necessarily reflect those of Conchango.
Powered by Community Server (Personal Edition), by Telligent Systems