Platial | Who and What's Nearby
Platial | Who and What's Nearby
I'm looking for
near
0 People have been here:
Description:
Did you imagine that a taxi service would radio your credit card number live on the taxi radio for clearing?
Including your name and expiration date? No? Well... this taxi driver even radioed the CVC code used for internet verification.
The radio has a range of at least 10 miles... when no relais is involved. Cambridge is full of technology students... what a radio programming to listen to!
Ready-to-shop credit card data!
Naturally I was rater displeased by the incident. So was Eurocard when I reported it.
Here we go.
To: Panther Taxis / www.panthertaxis.co.uk / (01223)715714
Cc: Eurocard Norge Customer Service
Concerning: Mishandling of Eurocard credit card of Mr. ******** **********, ending number **********
Dear Sir or Madam,
I have been a customer of your company on 16-Dec-2007. I ordered a taxi for a transfer from Cabridge to Stansted, which took place on that day from approx. 14:45 to 15:30.
I have two unsatisfactory points to express about the handling of my credit card. First of all, a 5% add-on fee for credit card use was charged, but not put on the receipt written by the driver of the taxi with licence plate KNO3XMA. Thus I have paied approx. £44, but received a
receipt of £41.00. I like to express that I will go ahead and ask Eurocard to cancel the transaction if my card should show more than the £41.00 amount which I have received a receipt for.
Secondly, for credit card clearing, your driver used the taxi radio to broadcast my credit card number AND my personal CVC (card verification code) to the dispatcher. The CVC is a personal security code, not a public
asset. I requested not to broadcast the CVC - and my wife was a witness in the cab that the driver not only neglected to inform me that he was going to compromise my credit card CVC on a broadcast radio, but also that he ignored my urgent request not to broadcast the CVC to the public in
Cambridge.
I have talked to Eurocard. They have never heard of such a dilletantic practice, and offered to block and re-issue my credit card for security reasons.
To ensure the secure handling of my credit card and CVC, I hereby request a statement of the data acquisition, storage, processing, and deletion
procedure concerning my above mentioned personal data according to the British implementation of the EU data protection directive (2002/58/EC). In detail, I request complete information on:
- the audience that can listen to the taxi radio system (is it digital? Is it encrypted? How strong is the encryption? Is this property certified?
What broadcast range has the radio system in the taxi ith licence plate KNO3XMA?)
- how the call center receiving the broadcast is handling the card number? Where is it stored, how many people have access to the data record, and how is the access control security of the CVC record handled? How many
computer systems between dispatching call center and card clearer are involved? What is the exact way the CVC went through these systems?
- How long is the card number & CVC kept on your IT system, and how is secure deletion ensured?
Please have your data protection officer reply to these questions in satisfactory detail within two weeks (Dec. 31, 2007), otherwise I will contact the British Information Commissioner requesting an audit of your firm in this matter.
This e-mail is copied to Eurocard Norway.
---
Dear Sir,
Thank you for your email dated 17th December. I am sorry to hear of the problem you encountered whilst paying by Credit Card.
In respect of the questions raised regarding our handling of card transactions I am pleased that you brought to my attention the drivers use of his radio to transmit your card details. Drivers are instructed to telephone the office using their mobile telephones, or request a call back
from the office, in order to obtain authorisation for payment by credit card. This clearly did not happen on this occasion and the driver in question has been reminded of his duties and responsibilities when dealing with card payments, as has the radio controller who should have also advised the driver to telephone the office or indeed called him back.
The handling fee of 5% is added to all credit card transactions; I have listened to the recording of the booking made for you, during which a quote was given of £41.00 GBP, it was not mentioned during the booking that payment was being made by credit card. If it had been mentioned then we would have advised of the charge and taken payment then and there over the
telephone.
When the driver has arrived and been told that payment was to be made by credit card, he has advised you of the charge and given you the opportunity to pay by cash, offering to take you to a cash point if required. The
driver told you of the 5% charge which ultimately you agreed to pay, although the driver should have included the fee on the receipt.
We are happy to forward the PDQ machine receipt to you as proof of the charge, as we do for other customers who make a request for it, but require a postal address to do so.
In respect of your request for information; The taxi radio is not encrypted, the broadcast range is approximately a 10 miles radius from the drivers vehicle. Please note that transmission and reception are carried out on different radio channels.
The card details are entered directly into a PDQ machine supplied by our card handling merchant; the card details are not entered into a computer at any point of the transaction within our office. There is no written record
of the CVC held by us; once the transaction has taken place a customer and merchant receipt is printed, neither receipt has the CVC number upon it.
These receipts are subsequently kept in a secure area where only two appointed members of senior staff have access.
I trust this email has answered your questions,and I am truly sorry that this breach has taken place. We do take the security of confidential information very seriously and have been registered under the Data Protection Act 1988 for many years.
Unfortunately even with the tightest controls mistakes can happen which they clearly did on this occasion. As a gesture of goodwill I am happy to refund the administration charge made to your card and I will await your instructions.
Warm regards and Christmas greetings.
John Raynham
Director
Panther Taxis Ltd,
Convent Drive,
Waterbeach,
Cambridge.
CB5 9QT.
Tel (01223) 715715
Fax (01223) 715716
Unencrypted radio? A recorded phone call? I can't recall any hint at recording either... oh boy.
End of the story: Eurocard issued a new card.
Did you imagine that a taxi service would radio your credit card number live on the taxi radio for clearing?
Including your name and expiration date? No? Well... this taxi driver even radioed the CVC code used for internet verification.
The radio has a range of at least 10 miles... when no relais is involved. Cambridge is full of technology students... what a radio programming to listen to!
Ready-to-shop credit card data!
Naturally I was rater displeased by the incident. So was Eurocard when I reported it.
Here we go.
To: Panther Taxis / www.panthertaxis.co.uk / (01223)715714
Cc: Eurocard Norge Customer Service
Concerning: Mishandling of Eurocard credit card of Mr. ******** **********, ending number **********
Dear Sir or Madam,
I have been a customer of your company on 16-Dec-2007. I ordered a taxi for a transfer from Cabridge to Stansted, which took place on that day from approx. 14:45 to 15:30.
I have two unsatisfactory points to express about the handling of my credit card. First of all, a 5% add-on fee for credit card use was charged, but not put on the receipt written by the driver of the taxi with licence plate KNO3XMA. Thus I have paied approx. £44, but received a
receipt of £41.00. I like to express that I will go ahead and ask Eurocard to cancel the transaction if my card should show more than the £41.00 amount which I have received a receipt for.
Secondly, for credit card clearing, your driver used the taxi radio to broadcast my credit card number AND my personal CVC (card verification code) to the dispatcher. The CVC is a personal security code, not a public
asset. I requested not to broadcast the CVC - and my wife was a witness in the cab that the driver not only neglected to inform me that he was going to compromise my credit card CVC on a broadcast radio, but also that he ignored my urgent request not to broadcast the CVC to the public in
Cambridge.
I have talked to Eurocard. They have never heard of such a dilletantic practice, and offered to block and re-issue my credit card for security reasons.
To ensure the secure handling of my credit card and CVC, I hereby request a statement of the data acquisition, storage, processing, and deletion
procedure concerning my above mentioned personal data according to the British implementation of the EU data protection directive (2002/58/EC). In detail, I request complete information on:
- the audience that can listen to the taxi radio system (is it digital? Is it encrypted? How strong is the encryption? Is this property certified?
What broadcast range has the radio system in the taxi ith licence plate KNO3XMA?)
- how the call center receiving the broadcast is handling the card number? Where is it stored, how many people have access to the data record, and how is the access control security of the CVC record handled? How many
computer systems between dispatching call center and card clearer are involved? What is the exact way the CVC went through these systems?
- How long is the card number & CVC kept on your IT system, and how is secure deletion ensured?
Please have your data protection officer reply to these questions in satisfactory detail within two weeks (Dec. 31, 2007), otherwise I will contact the British Information Commissioner requesting an audit of your firm in this matter.
This e-mail is copied to Eurocard Norway.
---
Dear Sir,
Thank you for your email dated 17th December. I am sorry to hear of the problem you encountered whilst paying by Credit Card.
In respect of the questions raised regarding our handling of card transactions I am pleased that you brought to my attention the drivers use of his radio to transmit your card details. Drivers are instructed to telephone the office using their mobile telephones, or request a call back
from the office, in order to obtain authorisation for payment by credit card. This clearly did not happen on this occasion and the driver in question has been reminded of his duties and responsibilities when dealing with card payments, as has the radio controller who should have also advised the driver to telephone the office or indeed called him back.
The handling fee of 5% is added to all credit card transactions; I have listened to the recording of the booking made for you, during which a quote was given of £41.00 GBP, it was not mentioned during the booking that payment was being made by credit card. If it had been mentioned then we would have advised of the charge and taken payment then and there over the
telephone.
When the driver has arrived and been told that payment was to be made by credit card, he has advised you of the charge and given you the opportunity to pay by cash, offering to take you to a cash point if required. The
driver told you of the 5% charge which ultimately you agreed to pay, although the driver should have included the fee on the receipt.
We are happy to forward the PDQ machine receipt to you as proof of the charge, as we do for other customers who make a request for it, but require a postal address to do so.
In respect of your request for information; The taxi radio is not encrypted, the broadcast range is approximately a 10 miles radius from the drivers vehicle. Please note that transmission and reception are carried out on different radio channels.
The card details are entered directly into a PDQ machine supplied by our card handling merchant; the card details are not entered into a computer at any point of the transaction within our office. There is no written record
of the CVC held by us; once the transaction has taken place a customer and merchant receipt is printed, neither receipt has the CVC number upon it.
These receipts are subsequently kept in a secure area where only two appointed members of senior staff have access.
I trust this email has answered your questions,and I am truly sorry that this breach has taken place. We do take the security of confidential information very seriously and have been registered under the Data Protection Act 1988 for many years.
Unfortunately even with the tightest controls mistakes can happen which they clearly did on this occasion. As a gesture of goodwill I am happy to refund the administration charge made to your card and I will await your instructions.
Warm regards and Christmas greetings.
John Raynham
Director
Panther Taxis Ltd,
Convent Drive,
Waterbeach,
Cambridge.
CB5 9QT.
Tel (01223) 715715
Fax (01223) 715716
Unencrypted radio? A recorded phone call? I can't recall any hint at recording either... oh boy.
End of the story: Eurocard issued a new card.
Photos:
Watch Related Videos
View Related MapsMeet Relatives
