Monday, April 21, 2008

"Faxing for security"

In this weeks episode, the alien tries to get his credit report from Transunion. (For the non US natives out there: You don't exist without a credit report. That high-tech visa may be good enough for DHS, but not for your landlord!)

I went through the entire online sign up process (did I mention that you need to pay to give them information on yourself, so that they can sell that information to others?). As expected, the online system freaked out and insisted that I call customer support to "confirm my identity". So I called the give number and got on the phone with "Michael", (who's accent I would place somewhere in the Southwest... of Bangelore!) who, in a calm and friendly voice, explained what I needed to do.

It went something like this:

- Please send a copy of your drivers license and proof of address to this fax number...
- I don't have a US drivers license. Would a passport work?
- Eh... Okay... We can accept any government issued ID.
- Any government? Or "US government"?
- Eh....
- Never mind. What's this about proof of address?
- We need a "recent utility bill" to prove your address.
- Ok... Right. I have all that online, available right now. Can I just email it to you?
- No! For your security, you need to fax it to our customer support fax!
- (Sigh) All right then....

Let me re-state some of the background issues here:

  • Companies trust a "utility provider" as legal proof of residence. That includes the phone company, the water, sewage, cable, .... etc... These are the same guys that can't even get my bills right!
  • Most of these providers allow you to sign up online, without any validation.
  • Most of these can be paid and managed completely online, without ever seeing any paper. Which means... there is no address verification!
  • All of them allow you to view and print your bill online, either from a web page or a PDF. This means that if you can hit the "Edit page" button before printing, you can make up your own address!
  • For "my security", I need to login, download a PDF, print it, then stick it into the fax. Not only does this process eat a severe chunk of the quality of the documents (making any supposed verification even harder), it also means that I now have a paper copy of the (supposedly sensitive) documents, that I need to get rid of securely.

Now I know why Skype has the (banghead) emoticon.

No comments: