You want to buy subsidized phone, cough up your private data. They are lending you money and want to ensure you don't default. Buy a phone upfront if you don't like it. Even people in poor countries cough up full dough to buy phones.
Apple asked me for my BANK statements, says outraged reader
Apple is believed to have asked some online shoppers to hand over copies of their driving licence, passport and bank statements to verify their identity. A concerned Reg reader alerted us to Apple's data-slurp requests after she received one herself - and was told by her bank that they had never heard of private companies …
-
-
Monday 13th May 2013 10:22 GMT Velv
FAIL - no Credit Agreement with Apple
No subsidy, no loan.
The customer is buying on a Bank issued Credit Card, so as far as Apple is concerned the customer is buying it outright.
The Bank is taking the credit risk, not Apple, and the Bank has already completed the necessary identity verification to issue the card.
-
Monday 13th May 2013 10:44 GMT Number6
Re: FAIL - no Credit Agreement with Apple
Actually, for an on-line transaction where the customer is not present, the bank reserves the right to charge back to Apple in case of fraud, so in this instance Apple are indeed taking the risk. The three-digit security code on the back helps a bit, but if someone's nicked your card, or noted the details while handling it, that's not much of a barrier.
I'd still tell them where to stick their security check though. Perhaps there needs to be a mechanism where they can put it through normally but raise a flag with the bank, who will contact the customer to verify that it's a genuine transaction on the card (as they do occasionally anyway if you raise one of their security flags).
-
-
Monday 13th May 2013 13:31 GMT Anonymous Coward
Re: FAIL - no Credit Agreement with Apple
"Not if they implement Verified By Visa or Mastercard SecureCode, which moves the onus on the bank in verifying a genuine user."
Only one of my Mastercards has that online verification. The Barclaycard Mastercard one doesn't - yet the Barclaycard Visa one does.
One day the Barclaycard Mastercard bounced a big order to my regular IT supplier to my normal address. They left it to the supplier to tell me. Apparently a <£1k transaction triggered their fraud alarm. The helpline put me through a lot of questions. I pointed out that I bought expensive things from that supplier several times a year - which a history check would confirm. They admitted their fraud data trend only went back about a month or so.
To add insult to injury - it then took another four phone calls before the supplier reported that the transaction was finally unblocked for them.
-
Tuesday 14th May 2013 11:21 GMT Anonymous Coward
Re: FAIL - no Credit Agreement with Apple
While we don't know quite all the relevant details, those anti-fraud precautions are not world-wide. I was once told that Chip and Pin was introduced to counter Fraud by bank staff. That's not a world-wide system.
What I see, from US companies, is an apparent lack of card security, compared to UK and European operations. And the big-name card handling companies, Mastercard and Visa, are distinct companies from the US corporations, just as Paypal is a separate company in Europe.
I am seeing my own problems with getting payment to US companies. Thankfully, I have not seen this solution. I don't get paper statements from either my bank or my card company.
[Anonymous for obvious security reasons]
-
-
Monday 13th May 2013 12:26 GMT Anonymous Coward
Re: FAIL - no Credit Agreement with Apple
"Perhaps there needs to be a mechanism where they can put it through normally but raise a flag with the bank, [...]"
Both my Mastercard and Visa cards have the potential of a further online password double-check by the issuing bank. The Mastercard transaction requires knowledge, on both sides, of a two-part password set by myself.
When the online credit card transaction goes to completion the screen is transferred to the issuing bank's verification service. It then presents me with a personal phrase that I constructed - to which my reply is my personally constructed password. Not perfect, especially against a screen scraper and key logger, but pretty good verification. It gives me confidence I am not being phished for my password.
It would be even better if I could use my Pin Sentry mechanism to produce an offline authentication code like I do for my bank account.
-
-
Tuesday 14th May 2013 11:22 GMT Alan Brown
Re: FAIL - no Credit Agreement with Apple
"Actually, for an on-line transaction where the customer is not present, the bank reserves the right to charge back to Apple in case of fraud,"
You need to rewrite that. Even for offline transactions where the customer IS present and has provided a PIN (and CCTV security footage shows that it is indeed the customer, not someone using a purloined cards), the banks can and will chargeback in case of a dispute - and hit with penalty charges which are not removed should the dispute prove groundless.
I know, because as a retailer it happened to me on multiple ocasions. It's one of the reasons for encouraging people to move to direct debits or bank transfers
Then there's the massively high cheque fees banks charge in an all-out attempt to encourage retailers to stop accepting them, or the high standing fees and surcharges attached if your card processing is below threshold numbers or average transaction values. Bank commissions can easily hit 30% on debit card payments if there are a lot of sub £10 transactions.
Basically the banks rape and pillage. Retailers were forced to swallow that until recently. I suspect Apple have gone too far, but I'm not surprised they're making these kinds of demands, given recent stories such as the guy who got mugged of his cards+ipad and documented the assailant making multiple purchases from Apple on stolen cards, then flogging 'em on Ebay - however in that particular case the mugger had enough stuff to fulfill most of the demands from Apple. I'd be going for a request to provide a photo showing face + holding up a handwritten copy of the order number, along with some other form of phptographic ID.
-
-
Monday 13th May 2013 11:56 GMT Rich 2
@Velv - (Unfortunately) you are wrong!
While I find Apple's behaviour in this contemptible, your comment "The Bank is taking the credit risk, not Apple" is not actually correct in the harsh reality of business banking.
I used to run a small web-based retain business and I used to accept credit/debit card payments. It's all unnecessarily complicated, but basically, if you are a company and the target of credit card fraud then I wish you the very best of luck getting your money back from the bank after you have shipped the purchased goods and then find out the card was used fraudulently. The bank will usually point at clause xyz and tell you to whistle.
It really annoys me when I see adverts aimed at Jo Public with tag lines along the gist of "don't worry about using your card on-line - we (the bank) will make sure you don't lose out". Notice that the banks DON'T say that THEY will cover the costs. That's because they don't! They pass the buck on to the retailer. This is why the banks have never really taken credit card fraud seriously. Because most of the time, the cost to the bank is nothing; either the customer pays or the retailer pays.
-
Tuesday 14th May 2013 09:05 GMT Equitas
Re: @Velv - (Unfortunately) you are wrong!
And all too often, the seller has not exercised due care.
I've suffered credit card fraud on a couple of occasions, one of which involved my (rather improbable) purchase of a bicycle from a cycle shop on the South coast of England, the said bicycle to be delivered by carrier to Essex, while the registered address for the card was in the North of Scotland. No attempt was made to check before making delivery to an address other than that to which the card was registered.
-
Tuesday 14th May 2013 15:46 GMT mike2R
Re: @Equitas - (Unfortunately) you are wrong!
As others have said, the seller is taking the risk, not the card holder - you got the fradulent transaction returned to you didn't you? You were mildly inconvenienced perhaps, the seller lost the funds and is out the item they shipped to the non-registered address.
The reason merchants take the risk is that so many people want it. For all sorts of reasons people find it convenient to have things shipped to alternate addresses, so merchants offer them the service and take the risk.
If you really want to blame someone who isn't the thief, blame yourself for allowing your card details to escape into the wild. Without that, the unfortunate merchant wouldn't have been defrauded (yes I recognise that with the way the system works, this is pretty much impossible and there are so many compromised cards out there that one more is utterly irrelevant. But it makes more sense from blaming the poor merchant for being defrauded).
-
-
Tuesday 14th May 2013 11:25 GMT Alan Brown
Re: @Velv - (Unfortunately) you are wrong!
"Because most of the time, the cost to the bank is nothing; either the customer pays or the retailer pays."
FWIW, by the time penalty charges are levied, banks make more money from fraud than they do from legitimate transactions.
THAT is why they don't do all that much to curb card fraud,
-
-
-
Monday 13th May 2013 13:29 GMT Anonymous Coward
If you read the article, the lady in question was buying the ipad outright and not asking for credit or a subsidised device. This is intrusion of the worst kind and shows how arrogant some companies are, it used to be the case that having money was enough reason for a compant to sell something. to someone.
If it were me I would tell them to stuff their product and go else where
-
Monday 13th May 2013 15:26 GMT Anonymous Coward
Speaking as a credit card fraudster, I'm outraged Apple will no longer accept transactions that are flagged by the credit check service as potentially fraudulent. Don't people realise Apple are a big company and should be prepared to simply foot the bill. I'm glad you all on this forum agree it is mighty discourteous not to dispatch goods to me, even if experience as shown you, you will more likely as not be footing the bill. It's my right you should sell me whatever I demand and frankly, if you want to see proof of my ID. FUCK OFF.
Sorry anyone who disagrees with me is affecting my livelihood and therefore an arse-hole.
-
Monday 13th May 2013 18:58 GMT Anonymous Coward
Another info/access grab lurks in your Paypa account
After many years of Paypal use with no issues, I suddenly got a note that I was very close to passing my "limit" of $10,000 of transactions. Hunh!
Now in order to continue using Paypal, I must give them direct access to my bank account (take out money as well as put it in). They get hacked or disagree with me; they just take what they want.
The note says that this is necessary to insure my security and verify me (I guess "my realness") after at least 6 years (I believe a good deal more) and $10,000 of transactions without a problem. Virtually all me paying someone. And they have my credit card.
And there are many things that they have locked up to the point that Paypal is the only way to make a transaction. Can you say unreasonable leverage of an almost monopolistic market position. This BS should be stopped by someone in government regulation.
-
Monday 13th May 2013 19:21 GMT Anonymous Coward
Re: Another info/access grab lurks in your Paypa account
" I must give them direct access to my bank account (take out money as well as put it in)"
Eh? You are saying that Paypal wanted to have your username and password to your online banking?
Or are you just saying that they wanted a direct debit that you could cancel or claim back on at any time?
Other than that PayPal can't take money out of your account (apart from reversing a transaction they have made due to error with 24 hours).
Therefore I don't think you are being entirely truthful.
-
Tuesday 14th May 2013 11:35 GMT Dave Bell
Re: Another info/access grab lurks in your Paypa account
What I often see is a bit of confusion over just what is going on. From my time running a business, I know some of these things. Some people misunderstand. Some businesses give lousy explanations. And some people seem to want to boast of their superiority.
I've been with Paypal for a long time, I had to "verify" my account at the start, and that involved a debit/credit double on my bank current account. I don't think it needed an open-ended permission, but it was a long time ago. So all I can say is you should look carefully at what they are asking for. But I didn't have a problem, and getting verified is worthwhile. Once they have confirmed the current account, you can send money to Paypal through your internet banking, at a lower fee.
Paypal are a bank. So feel free to be suspicious. Being a bank is not the sign of reliability that it was.
-
Tuesday 14th May 2013 13:57 GMT Anonymous Coward
Re: Another info/access grab lurks in your Paypa account
Are you saying that Paypal were given access to your bank account to withdraw money?
If so then you are also talking rubbish.
The only way a company can withdraw unauthorised money from your account is via a credit/debit card, a direct debit or the reversal of transaction within 24 hours.
Credit card is the worst as you'll have to continually chargeback for each offence or cancel your card.
Direct debits can all be cancelled and money retrieved if taken.
Reversals can only be for the amount they have just credited.
Paypal will only verify if you either set up a direct debit mandate or they credit your account with two low transactions and you confirm what those amounts are.
-
-
-
-
-
-
Monday 13th May 2013 10:07 GMT AndrueC
But I don't think any private company should have the right to ask you to send over such personal documents by email.
Having the right to ask isn't the issue. Choosing to comply is where the problem lies in my opinion.
Anyway just 'cos it's in the T&C doesn't mean it's enforcible. If a term is unreasonable it's null and void. Just tell them to stuff it and take your business elsewhere.
-
Monday 13th May 2013 11:00 GMT Tom 38
Not just Apple
I've had this kind of response from standard UK based etailers before. I once ordered a whole bunch of kit from overclockers.co.uk on a Wednesday evening, paid by card, they took payment from my account
Thursday arrives, I'm in work and then the retailer insisted that at that point they could go no further without me emailing me them scans of utility bills or bank statements, because this was an address they had never shipped to before,
I can't do that from work, so they won't ship the goods I've already paid for in time to arrive for the weekend, so I told them where they could stick their request, got a refund and bought everything that evening on the TCR.
-
-
Monday 13th May 2013 17:19 GMT zb
Re: Not just Apple
Not just Apple but airbnb too. They just asked me to upload a copy of my driving licence and did not reply when i told them no way.
If too many people just blindly follow instructions like these other companies will copy and they will soon control everything. And so will the people who hack them.
-
-
-
Tuesday 14th May 2013 19:20 GMT Anonymous Coward
Re: Not just Apple @Grodon 10
Pixmania tried this on me. They lost a sale and all future sales, which might be drop in the ocean but given enough drops they should learn.
As for Apple's "It's in the T&Cs that they reserve the right to verify blah, blah , blah...", Very simple, I reserve the right to shop elsewhere.
-
-
-
Monday 13th May 2013 11:11 GMT Anonymous Coward
Unencrypted
Remember folks - email in insecure. They are absolute morons to ask for a full ID-theft package by email. Why not https upload to the main Apple site? Still dodgy, but less so than email.
Also note the asymmetry here - why not ask for the Apple employee's equivalent data in exchange?
-
Monday 13th May 2013 11:51 GMT regadpellagru
Exactly !
Everyone and their dog can ask for everything. Everyone and their dog ARE & WILL ask for everything.
Heck, I'm asked on a weekly basis for my yearly revenue by some random people in North Africa, hunting
for people interested in solar panels. I've even been asked for the copy of the judgement for my divorce by the ***hole in charge of my kid's school ! That doesn't mean any of the people got it !
Why people are doing whatever they're asked by phone/email is beyond me. There is some teaching to be done: reflect on what the random guy is asking - determine if they're entitled to - refuse or accept.
Also, as stated above, f*** the T&C that are mandatorily agreed, as you can't do anything before you've agreed. If they are not reasonable, as per law, they're void, as per law again.
-
Monday 13th May 2013 12:20 GMT Shasta McNasty
User Fail
Let me get this straight.
She's a regular reader of El Reg, yet she willingly handed over personal documents when asked for them via EMAIL as part of buying a fondleslab of the fruity variety but only thought it suspicious AFTER they were sent?
Me thinks she reads but does not understand.
-
Monday 13th May 2013 14:12 GMT Anonymous Coward
Anyway just 'cos it's in the T&C doesn't mean it's enforcible. If a term is unreasonable it's null and void. Just tell them to stuff it and take your business elsewhere.
Perfectly agree with the T&C remark, but I'd still buy the goods. I take that decision on the basis of the kit's benefit to me. If I had to modify that due to the behaviour of idiots I'd spend most of my time reviewing my IT needs :).
However, I pity the poor schlob who would get the job of getting ID data off me. I do not take kindly to companies trying to acquire personal information and I have all the resources at my fingertips to make any company abandon that idea rather quickly.
Apple was in this context actually the more moderate of providers so it's disappointing to hear they are abandoning that position. I hope they try this with me, it'd be entertaining to see how they manage the PR fallout afterwards (evil grin).
-
-
-
Tuesday 14th May 2013 11:50 GMT Dave Bell
Re: Haven't they ever heard of ...
I know several notaries in the USA.
They are little more than minor office staff who have taken a course and got a licence from the state, so that they can say "This document is a copy of the original that I saw." They have some sort of official seal locked in their desk. It's a formalised way of being a witness.
When they see the original document, and put it through the office photocopier, that's a worthwhile legal confirmation. In this case, they might be making a copy for several different files, and don't have an original document, so it sounds dodgy. Their seal and signature hardly means anything.
"notary" can mean very different things in different countries.
I can see a notary's stamp being part of routine office procedure in this area, but the foundation, in this case, is unsound.
-
-
Monday 13th May 2013 10:08 GMT Buzzword
Private companies DO do this
Want to rent a flat in London? Letting agencies regularly ask for 3-6 months of bank statements as proof of income. Recruitment agencies also ask for scans of passports. To rent a car using just a debit card (not a credit card), at least one major car rental company asks for not only a driving licence, but also a passport and a proof of address such as a utility bill or a bank statement.
There's nothing particularly unusual in Apple wanting to check the identity of their customers.
-
Monday 13th May 2013 10:12 GMT AndrueC
Re: Private companies DO do this
There's nothing particularly unusual in Apple wanting to check the identity of their customers.
Except that in the other examples there's no change of ownership and you are entering into an ongoing relationship. Those transactions involve trusting that the customer will continue to honour the agreement and/or respect the issuer's property.
When you're buying an iPhone you own it (last I heard). There is no need for ongoing trust between the customer and apple. Or if there is it's trust in the opposite direction eg; Will Apple provide support for me when I want it?
-
Monday 13th May 2013 10:50 GMT Anonymous Coward
Re: Private companies DO do this
unfortunately you don't own it 100%... oh you might own SOME of the mineral components that make up the hardware but that's about it...
Apple might just as well have sold you a brick with specific percentages of different minerals in it and with a terms of service contract attached to that brick.
Btw, the brick also comes with NDA-like terms about reverse-engineering the minerals in your possession.
-
-
Monday 13th May 2013 10:30 GMT Velv
Re: Private companies DO do this
iPad = ~£500
Car = >£5,000
Flat = >£50,000 (OK, a very tiny one, but you get the idea)
So yes, there are occasions where private companies do collect proof of identity. Pubs do it for a pint (<£5), and that's a legal thing (<18). You make your own choice if it's justified to release your personal details.
-
-
Monday 13th May 2013 10:50 GMT Number6
Re: Recruitment agencies also ask for scans of passports
Given that you might not have a passport, showing an alternative is perfectly reasonable. However, they've got a box to tick on a form that asks for a passport scan and won't be able to sleep in bed at night until it's been properly ticked. It's a hard life being a bureaucrat.
However, a UK birth certificate isn't necessarily proof of citizenship. Unlike some countries, we don't automatically grant citizenship to people who are born here, although the exact rules change form time to time. I know someone who was born to a foreign mother who was not married to the British father and so ended up with the mother's citizenship despite being born in a UK hospital and so getting a British birth certificate.
-
Monday 13th May 2013 11:22 GMT Anonymous Coward
Re: Recruitment agencies also ask for scans of passports
Actually we did confer british citizenship upon those born in this country until about some point in 83/84
After that date you only got british citizenship conferred upon you if both of your parents were british, it which case you got your citizenship rubberstamped. Otherwise you had to apply for it
So there are quite a few people of working age, who may not have a passport, but do have a birth certificate and who had citizenship automatically granted up on them.
-
Monday 13th May 2013 11:39 GMT Anonymous Coward
Re: Recruitment agencies also ask for scans of passports
I know someone who was born to a foreign mother who was not married to the British father and so ended up with the mother's citizenship despite being born in a UK hospital and so getting a British birth certificate
Meanwhile my younger son was born while I was on a 3 year placement in the US so he has a US birth certificate (large A4 certificate with Calif state emblem and lots of fancy script etc to put my older son's UK "short form" birth certificate to shame!) + then a 2nd certificate from the UK Embassy to confirm he was registered there along with details of myselff, my wife and both our parents along with references to the relevant sections of the UK Nationality Act which gives my son UK citizenship! And, as he was "born in the USA" he is also an American citizen (and as a result probably required to file US tax returns when he turns 18!)
-
Monday 13th May 2013 16:42 GMT EngineersAnon
Re: Recruitment agencies also ask for scans of passports
large A4 certificate with Calif state emblem and lots of fancy script etc to put my older son's UK "short form" birth certificate to shame!
Actually, a US State is much more likely to issue Extracts from Vital Records (birth certificates, marriage licenses, death certificates, etc) on US standard "letter" paper (8.5" x 11" = 216mm x 279mm) than on the ISO standard A4 (210 mm × 297 mm)
*end pedantry*
*at least for now*
-
-
Monday 13th May 2013 14:03 GMT StooMonster
Re: Recruitment agencies also ask for scans of passports
RE: "UK birth certificate isn't necessarily proof of citizenship"
That's right, I have friends who are married where one is American and the other an EU citizen, their children were all born here in UK — and thus have British birth certificates — and grown up and gone to school here but they cannot get British passports.
So the kids have got dual citizenships of their parents homelands, but they always think it's a bit weird (you'd think they were British if you talked to them).
-
Tuesday 14th May 2013 11:34 GMT Alan Brown
Re: Recruitment agencies also ask for scans of passports
"but so far I insist on showing them my birth certificate instead (since that is sufficient)."
Birth certificates are not identity documents. Given enough information about you anyone can obtain a copy - and that is the first step for anyone who is in the business of identity fraud.
The fact that birth certificates are used as the basis for a lot of identity documentation shows how much of what you trust is really a house of cards.
-
-
Monday 13th May 2013 11:31 GMT Fihart
Re: Private companies DO do this
We may not like it but landlords, car hire companies are entrusting items worth many thousands £/$ to you and have better reason to demand ID than a mere retailer of electronic trinkets.
It's also a question of what they do with the information -- IT companies have the means and motivation to abuse that information.
-
Monday 13th May 2013 12:05 GMT NomNomNom
Re: Private companies DO do this
"We may not like it but landlords, car hire companies are entrusting items worth many thousands £/$ to you and have better reason to demand ID than a mere retailer of electronic trinkets.
It's also a question of what they do with the information -- IT companies have the means and motivation to abuse that information."
Sure but car hire companies could drive your information around towns very fast without you even realizing it.
-
Tuesday 14th May 2013 03:21 GMT JEDIDIAH
Re: Private companies DO do this
The real problem here is that a consumer was sent something that looked like a phishing email that then directed them to transfer highly sensitive personal data over an insecure channel. Apple was engaging in something that looks like a scam. They are encouraging people to lower their resistance to some very dangerous data practices.
Landlords and and car rental shops usually ask for these things on paper and/or face to face.
Plus there's the whole CAR or HOUSE versus a cheap gadget thing...
Being put through the wringer makes a bit more sense when $250K or $500K could be on the line.
-
-
-
Monday 13th May 2013 19:10 GMT Anonymous Coward
Re: Private companies DO do this
If I apply for a job, my employer needs to know I'm eligible to work in the UK. A passport is pretty good at demonstrating that. Do Apple need to I'm a UK citizen before they'll sell me an iPad? No.
Should Tesco ask me if my papers are in order before they'll sell be some bananas?
-
Tuesday 14th May 2013 12:06 GMT Captain Scarlet
Re: Private companies DO do this
Wow thats a lot of downvotes just to say its not just Apple, most American companies I have used from the UK require a copy of my Passport. This is mainly for renting dedicated servers, but many EU companies also do this.
I hate Apple but as Buzz has said its nothing new or out of the ordinary.
-
-
Monday 13th May 2013 10:17 GMT RAMChYLD
Apple are not the only ones
I've had a similar request from Crucial (you know, Micron's sales arm) when buying some memory from them for the first time. Come to think of it, Dell did that too the first time I tried to get something from their online store...
No big deal, I just gave them a photo of my driving license, since the driving license holds absolutely no verification value in this country where the Identity card is considered the official proof documentation.
-
-
Monday 13th May 2013 11:49 GMT Kubla Cant
Re: Apple are not the only ones
I too have one of the old A4-sheet driving licences. It's lived in my wallet since 1999, so it's in a pretty ragged state. I ought to charge wear and tear to anyone who asks to see it without good reason. My objective is to avoid the cost / time / hassle of getting a plastic one for as long as possible.
-
Tuesday 14th May 2013 09:45 GMT Bill Fresher
Re: Apple are not the only ones
"It's lived in my wallet since 1999"
"My objective is to avoid the cost / time / hassle of getting a plastic one for as long as possible."
The photo needs to be renewed every ten years so your drivers license is invalid and if you get caught using it you'll get a £1000 fine.
-
-
Monday 13th May 2013 12:59 GMT JP19
Re: Apple are not the only ones
"I wonder what they'd make of my driving licence, given that it's an old non-photo one"
Gees no wonder we have crap with ID cards and national identity registers when we have thinking like this.....
Do you think Dell or Apple are going send someone round to your house to look at you before shipping a laptop or whatever?
-
-
-
Monday 13th May 2013 10:18 GMT Dave Perry
Proving stuff
I once had to send a copy of my pay slip (front over only - I'd have told them to do one if they asked for the inside) to prove I worked in an education for one of their hundreds of pounds discounts, which I could live with.
The next time I bought something, a couple of years ago, I went through the online HE store using work internet which is hard to get on without being at an approved institution - a stock spec MBP arrived days later without need of further documentation.
-
Monday 13th May 2013 10:20 GMT Kevin Fairhurst
Not just Apple
My wife was ordering a dozen charms online from Thomas Sabo, and they decided that they wanted scans of bank statements, passport etc. When my wife kicked up a stink & said that they had delivered to her before, using the same payment method and delivery address, they relented and sent out the order...
Any company sending out untraceable goods need to be extra cautious against potential fraud, as the card company WILL put a chargeback on them and they will be the ones that lose out, not the end customer, and certainly not the bank. I think the banks need to put some additional measures in place so that the company contacts the bank for proof of address or whatever, and if the bank decide that the address doesn't match, it is the bank that contacts the customer for any proofs. Then and only then does the bank release the funds to the vendor, who sends out the goods.
That won't happen though, because the BUNCH OF BANKERS that run the banks wouldn't make as much money!
-
Monday 13th May 2013 10:43 GMT Rikkeh
Re: Not just Apple
Purchases of assets in a single transaction or linked transactions totally over €15,000 trigger anti-money laundering rules (as you can launder your dirty cash through buying up shiny things and then selling them on eBay etc). Once that happens, you have to check up on who the customer is.
I suspect that someone at apple (and your charm company) has overreacted to the theoretical risk that someone might buy an iPhone every day for a month without the company noticing and decided to go overboard and check *everyone*.
Sadly, whoever has made this decision has calculated that they'll suffer less for inconveniencing everyone and grabbing their personal data unnecessarily than they will in the unlikely event they get done for failing to prevent money laundering.
-
-
-
Monday 13th May 2013 10:38 GMT Anonymous Coward
Re: but...
Then you're like me, and won't be buying that way. I can't anyway … no credit card either. I have a 18+ proof-of-age card, that's it. My bank account relies on a passbook.
My one and only Apple device, a 2008-model MacBook, was bought second hand. So I had none of this nonsense.
As for handing this sort of identity information out … I do hope for consumers' sake they provide the individuals with a GPG or S/MIME key to encrypt it with. I'll bet they don't though!
-
-
-
-
Monday 13th May 2013 11:46 GMT Kristian Walsh
Re: Nah
Apple's EU sales are run out of Cork in Ireland, so registration would be with the Irish Data Protection Commissioner. Link: http://www.dataprotection.ie/ViewDoc.asp?fn=%2Fdocuments%2Frights%2FRightsHome%2Ehtm&CatID=2&m=r
Sounds like a misapplied process. The transaction value in this story is far too low for this kind of verification to be required, unless the card company thought it was a "suspicious" transaction.
Actually, I just tried to buy a laptop (not from Apple) this morning and had the same thing happen to me... phone call to VISA, and was told there was no reason except that it was unusual activity -- surely if I was buying laptops regularly it would be more unusual...
-
-
-
Monday 13th May 2013 10:32 GMT JaitcH
If a PASSPORT is good enough for a COUNTRY ...
just who the hell do companies like Apple think they are?
Many statements can easily be word processed, especially when pumped out by an on-line banking system. Many people don't have passports and yet more don't have driving licences.
This is yet another form of discrimination targetting well defined areas of the population.
Besides, 'supporting documentation' is easy to manufacture/forge.
CAUTION: Western Union AND Moneygram DEMAND TWO PICTURE IDs in every country they cash out in! (Even when all your documents have been stolen)
-
Monday 13th May 2013 11:43 GMT Anonymous Coward
Re: If a PASSPORT is good enough for a COUNTRY ...
Many statements can easily be word processed, especially when pumped out by an on-line banking system.
Which is why you read reports of people complaining that someone is asking to see a bank statement as proof of id and not accepting an online banking printout but requiring an "original" from the bank which then turns out to cost £10+ for people with "online-only" accounts.
-
-
Monday 13th May 2013 10:48 GMT Andrew Jones 2
Re: "she emailed over copies of them... and then immediately began panicking"
In the same situation I would have emailed my documents - the important part of the email is that the email is being sent to *THE* apple domain and not just any address that has apple in it, Thus I could be 100% certain that at the very least - the email was going to *someone* at Apple.
-
Monday 13th May 2013 11:56 GMT Phil O'Sophical
Re: "she emailed over copies of them... and then immediately began panicking"
> certain that at the very least - the email was going to *someone* at Apple.
Well, you can be certain that one of the recipients is someone at Apple. Since email is generally not encrypted or secured against any form of interception or copying, your ID details could have been intercepted by anyone at any of the ISPs it crossed, not to mention anyone the anonymous Apple employee forwarded it to, deliberately or accidentally.
-
Monday 13th May 2013 18:13 GMT Anonymous Coward
Re: "she emailed over copies of them... and then immediately began panicking"
It takes one line in your hosts file to redirect an e-mail to one domain to any server you choose. Add to the fact you have no idea whether the e-mail will make the entire journey encrypted anyone along the route could sniff that e-mail. Even if you connect to your mail servers using SSL, there's no guarantee that your mail servers will talk to Apple's using it.
You sir, are ripe for the quote: "As soon as you think you're secure, you're not."
-
-
Monday 13th May 2013 11:09 GMT Evil Auditor
Re: "she emailed over copies of them... and then immediately began panicking"
Some people do ask first, just not all. Otherwise a Raman Ojo (probably a mule, of "mobile number UK Freelotto") with the fancy address 119 London Road, Modern, Surrey, SM13 4OU, UK would be £700 richer. I wonder how many stupid fall for this...
-
-
-
Monday 13th May 2013 11:21 GMT Evil Auditor
Prepaid mobile
...prevent 'terrorists' to have cellphones
You buy a prepaid SIM in Belgium and phone the contact center to activate the card. (Not sure how it is in France though.)
Case 1 CC: Are you a resident of Belgium? Me: No. CC: Your card is now activated.
Case 2 CC: Are you a resident of Belgium? Alter ego: Yes. CC: question after question and ten minutes later: Your card is now activated.
-
Monday 13th May 2013 10:44 GMT Alex 0.1
Easy workaround
I know this must be a challenging concept for some people, but if you're in the vanishingly small group who
1) want to buy an iThing
2) haven't done so before
3) have some oddities in your order such as details mismatches which means Apple are rightly wary of it being fraudulent, and
4) don't want to prove that you are, in fact, you and that your card isn't being used without your permission (and are also blind to the fact that if Apple didn't do this, you same outraged people would be claiming that Apple are crappy for not verifying orders properly and letting people's cards be fraudulently used
then couldn't you:
5) walk into a shop and physically, you know, buy one? How's that hard?
"and was told by her bank that they had never heard of private companies asking for this information."
Whoever told her that is an idiot, and so's she for believing them. Private companies ask for verification documents all the time, leaving aside the fact that many online retailers will do exactly this for suspicious orders, the likes of solicitors, estate agents, letting agents, investment advisors, banks etc all do exactly the same for everyone that walks through the door (and are all private companies), though more for money-laundering than card fraud reasons.
-
Tuesday 14th May 2013 05:49 GMT Richard 12
Re: Easy workaround
4) Don't want to be yet another victim of identity theft by handing the full package off to anybody who happens to be listening or gets the forwarded email.
4.5) Would like to deal only with companies complying with EU data protection laws.
- I cannot work out how this request can possibly comply, as its neither "reasonable" not "secure", both of which are necessary under EU law.
-
-
Monday 13th May 2013 10:44 GMT Anonymous Coward
Apple is not unique...
Other retailers have done this. You don't need to send them a statement that shows transactions... you can blank out the transactions if you want, blur them or whatever. All they want to see is what you're already being asked by other retailers. I am not surprised when some company insists that I provide a utility bill and/or bank statement along with driving licence to prove who I am. Blank out all unnecessary information, and you're sorted.
That an online vendor does it is somewhat unusual, but considering that this retailer (Apple) has been hit a lot with fraudulent transactions (generally purchases of their goods with cloned cards, which then get cancelled and Apple left out of pocket), this is arguably the only way they can make sure you are you and your card purchase is legit.
-
Monday 13th May 2013 11:59 GMT Davidoff
this is arguably the only way they can make sure you are you and your card purchase is legit.
Nonsense. The proper way for Apple (and any retailer that acts professionally and not just like a bunch of morons) is to flag the transaction as 'suspicious' with their payment provider, which will trigger the customer's CC provider/bank to cross-check with their client to make sure the transaction is genuine. Simple, easy and secure. No need to ask for personal information from your customers.
When consumers are so naive to give out personal data without thinking first it's no surprise CC fraud levels are at an all-time high.
-
Tuesday 14th May 2013 13:50 GMT Anonymous Coward
Re: this is arguably the only way they can make sure you are you and your card purchase is legit.
Davidoff, you'll find that Apple does this too, in addition to the request for address verification for very high-value items. Once they're satisfied once that you are who you say you are, they'll flag it and you don't have any other issues.
When you change cards on your Apple account and immediately try to buy a high-value item, be prepared to have the 'fraud alert' trigger again.
-
-
Monday 13th May 2013 12:10 GMT FutureShock999
Re: Apple is not unique...
Totally laughing that someone downvoted you on this...because you are 100% correct. As someone who does a LOT of online purchasing, I have had it happen at least 3 or 4 times, plus innumerable times I've had to phone my bank and verify a transaction because of fraud prevention. And none of it from Apple (I usually go to an Apple store for fruity purchases).
Anyone that is raising a stink about this just hasn't done that much online shopping - it isn't unique to Apple, it applies to any company that is being hit hard by fraud and has easily re-sellable merchandise. The banks have policies to ensure THEY don't get stuck with fraud as much anymore, so now it is on the retailer.
The "email us these things in an unecrypted email" side is a worry however...as someone said, a secure upload to a HTTPS:// site would have been better.
-
Monday 13th May 2013 12:29 GMT Da Weezil
Re: Apple is not unique...
I Still think the correct people to inquire about the authenticity is the CC issuer, they have a lot of information on file already, information that is "historic" and verified. Apple cannot have as much of a factual base for a check of submitted "documents" as your CC company / DC issuing bank would have if they called you for a verification check - which would use information already supplied and held on file.
Too many companies seem to think they have the right to chapter and verse about us. I wouldnt/havent had any issues over being called by the card issuer, I would be very disturbed to be asked to submit ID documents to a company selling me something, especially via an insecure submission method, thats without the data protection issues that may arise.
-
Monday 13th May 2013 15:50 GMT Anonymous Coward
Re: Apple is not unique...
@futureshock999
Sorry but I cannot disagree more. I have been asked for this type on info (only once - and refused point blank). I have never been asked by any other service and buy everything online (yep, even food and clothes - 'cos I'm a lazy fecker).The claim by the company asking (pixmania in my case) was 'to reduce fraud'...blah-blah...So why then, I asked them, have you decided to do this check AFTER you have debited my credit card? If you wanted to prevent fraud you would do this check before debiting a 'possibly stolen' card wouldn't you?
All the reseller has to do, as stated before, is either check to make sure the delivery address is the same as the CC address, use one of the 'verified' schemes, or flag the sale as suspicious - they have no reason to see any personal ID documents. The funny thing with pixmania was they wanted to confirm my address and asked for a copy of my passport (which doesn't have my address on it - idiots).
-
-
-
Monday 13th May 2013 10:46 GMT DrXym
Not uncommon for this kind of nonsense
Services like Entropay are so anally retentive about security that if you don't use your account frequently enough for their satisfaction that they'll suspend the account and you'll have to screw around supplying documentation to reactivate it (and usually 3 or 4 rounds of argumentation to random customer service drones trying to explain you've supplied it multiple times already).
Some businesses just have a stick up their backsides about fraud and / or security that they force customers to jump through hoops. I've given up using Entropay because of this. I can't be bothered to deal with a service which treats customers like criminals the whole time.
-
Monday 13th May 2013 10:52 GMT The BigYin
"Apple told me they carry out spot checks for security reasons. But I don't think any private company should have the right to ask you to send over such personal documents by email."
They have the right to ask, you have the right to tell to go and fiddle with themselves.
Also, never, ever send such data in the clear via email. It's why we have encryption and other security measures.
-
-
Monday 13th May 2013 16:12 GMT The BigYin
Re: correction
Not really.
So long as you have verified the contact (by some means) and they have need to see the data (for whatever reason) you can send it (or let them retrieve it). That communication should, however be secured and the recipient required to keep their copy secure until they are done with it (whereupon it should be destroyed).
I wouldn't reply to a random email though. I'd call the company and then ask them for an FTPS site, GPG key or something similar.
-
-
-
Monday 13th May 2013 10:54 GMT Lee D
Has nobody spotted the biggest problem?
BY EMAIL.
Unencrypted email.
Bog-standard, plain-text email.
Not a chance in hell, matey, even if I thought you had a genuine reason to ask for those documents (and T&C's do not make a genuine reason, sorry... otherwise everyone's T&C's would include "user must give financial control of his bank account in case he does a runner").
Sod the fact that they asked for it (hell, take out credit and everyone will ask for all sorts of things that you probably won't want to give them anyway), question why an IT company - of all people - would ask you to send important personal documents by unencrypted email across a public Internet.
And then ask why this customer only queried the request AFTER HAVING SENT THE DOCUMENTS. I mean, come on. FFS.
-
Monday 13th May 2013 10:56 GMT Kebablog
Not sure what the big issue is to be honest, I just applied for 12 months 0% interest on a lens, I had to submit a copy of my passport (or photo driving license)
Maybe the credit score for the person in question didn't quite meet up with the criteria for an outright pass and required additional ID.
-
Monday 13th May 2013 10:59 GMT Matt_payne666
"Customers are apparently allowed to black out "sensitive details" on the copied documents, according to our source. "
Well, that's sorted then... they can have a copy of my back statement and passport... ill just blank my photo, my address, DOB, Account & passport numbers, expiries, transactions, bank address, etc....
and possibly scan a turd for good measure too..... effort to clean the scanner glass after - totally worth it....
-
Monday 13th May 2013 11:22 GMT nexsphil
Taking the piss again
Apple will have to start reining in this type of arrogant shit. Joe Public is not as enamoured as they once were in the iphone heyday, and people who follow the tech news tend to really dislike them. They've had their wild youth, now it's time to grow up a bit before a significant backlash kicks off.
-
This post has been deleted by its author
-
Monday 13th May 2013 11:50 GMT Don Jefe
The Crappy Part
Is that the only way this sort of behavior doesn't manifest at other companies is for customers to go through the process, validate their identity then cancel the order. If people refuse to hand over the documents then Apple (in this case) will assume they've stopped a fraudulent transaction. If Apple proves that this method cuts down on charge backs then the practice will grow everywhere. The only way to document that legitimate sales are being negatively impacted is for people to cancel after proving who they are: This is a real clusterfuck for everyone.
-
Monday 13th May 2013 12:08 GMT Davidoff
the only way this sort of behavior doesn't manifest is for customers to go through the process
No, it isn't. And it's naive to think that Apple will consider all cancelled orders to have been fraudulent. It's even more naive to believe that sending them the requested documents and then cancelling will teach them a lesson that asking for these documents in unacceptable. If anything, it just confirms that most consumers are like kettle on the way to the slaughter house, ready to be taken out.
The *ONLY* way to address this is to tell Apple (or any merchant trying this nonsense) that this is unacceptable and that they should go through their payment provider who will gladly trigger a verification with the customer's CC provider or bank.
-
-
Monday 13th May 2013 12:03 GMT heyrick
I was asked for this stuff to "register" my mobile phone with the provider
[in France, other jurisdictions may vary]
Apparently some anti terrorism excuse (isn't it always these days?). I said I would *post* a colour copy of my passport with "copie" written on it in board marker, and there is no way in hell they are getting copies of bank statements. And using email for this is not an option. I would havepointed out that other providers exist, but the girl I was talking to sent me the postal address by SMS while I was talking to her.
-
Monday 13th May 2013 12:23 GMT ThatGuy
It could be Apple clamping down on fraudulent app store activity
I live in South Africa, and we have our own app store. Quite frankly it is absolute crap. Not even angry birds is available. So a lot of iOS devices are registered with fraudulent US/UK addresses in order to gain access to those respective app stores. Maybe Apple is trying to stop this sort of activity.
-
Monday 13th May 2013 14:13 GMT Anonymous Coward
Adobe did me, and Nominet too
When I wanted academic discount on Adobe CS Design Premium set, I had to send them scans of passport or ID card, bank statement proof of address, statement of fees to University, and student card — weirdly (at the time) they wouldn't accept PDF via email.
I also similarly stung by Nominet once, when after having my domain for more than a decade, decided they needed proof of who I was and that I should have right to own my own domain. Not only did I have to send them scans of IDs, but also email logs and proof that I had purchased things with my email domains (e.g. invoices or delivery notes with my email addy on).
-
Monday 13th May 2013 16:32 GMT Paul Hovnanian
Why?
Apple is in a somewhat unique position with their product. They probably have the ability to reach out and 'brick' it should the payment not go through. Many iGadgets (with communications capabilities) can be bricked by their owners should they be stolen. It would surprise me if Apple hasn't retained some sort of 'God Mode' capability for themselves.
Its possible that the identification requests are related to its network/communications capabilities and the desires of some governments to track all online and wireless traffic back to a real live person's ID. Back in the 'old days', I used to be able to land anywhere in Europe, pop into a phone store and pick up a SIM for my phone for cash. Now, many countries network operators seem to want a copy of a passport. Even for cash. That's not a payment issue. That's identification.
-
Monday 13th May 2013 17:54 GMT clean_state
another one on the list: Nymgo
VoIP outfilt Nymgo lately rejected my payment (which already went through with the bank) and started asking me for all sorts of private documents. Of course, their support never replied when I said "no way" and their support escalation procedure was equally a memory hole. Avoid them.
-
Monday 13th May 2013 18:34 GMT Anonymous Coward
One point though.
The article says that they sent the ID to a notary. Working in a Solicitors practice I can be considered to be an authority on money laundering regulations as per the British money laundering regulations, and I have to ask a single question.
Why did they send the ID to a notary? Maybe it's just me knowing what Solicitors and Notaries public can actually do, but while:-
You can produce a copy and then certify that document as being a true copy of the original. You cannot certify a scanned copy as being a true copy of the original without sight of the original.
You can certify a document as presenting a true likeness of the holder. You cannot do that without the holder being present.
So, what are apple actually requiring the ID for?
we certify this copy to be a true copy of the copy some bloke emailed us is not a way of checking ID. Comment from Apple is required here, and this deserves some digging because the answer apple have provided does not make any rational sense.
-
Monday 13th May 2013 20:12 GMT channel extended
I really need to know your data -U.S. Gov.
Perhaps the reason that Apple is doing this is that govs are now requesting and storing more and more data on their citizens. After all computer security would be much easier to do if we simply give a company our data. They can track us and report when we do something suspicious or when we just do something.
-
Monday 13th May 2013 20:29 GMT microfarmer
apple's innards may be nefarious
Being wary of any request like this is necessary, even when coming from Big Corps. No doubt there are criminal gangs inside that are slurping out private information and using it for nefarious reasons.
Having directly researched an event where an Apple store clerk asked for an email password then having that password slurped into a spam botnet... no doubt there are others asking for more private details that they use for their own purposes.
So Apple may have valid reasons for the request, but 100% guarantee they don't have good protections of that information from criminals on the inside.
-
Monday 13th May 2013 20:47 GMT Darren2k10
Additional Verification
iPhones, iPads and iPods are amongst the most favourite items for fraudsters to use. The UK legal system is such that 99% of fraudulent card transactions are never brought to prosecution.
All major banks state that 3d-secure in and of itself doesn't protect someones liability on its own, and it has been proven that there are high volumes of card transactions that pass 3d-secure where their bank do not implement the policy (Capital One, MBNA, to name but a few big names who often omit 3d-secure from their cards) - leaving the liability totally with the business.
After performing basic checks, where there is doubt as to the authenticity of the billing person, identity documents and proof of address are the only methods whereby a company can verify that someone is not using a card fraudulently.
People need to wise up to the dangers businesses face online, and when a company requests such documents, firstly, it is reasonable to contact the company separately to obtain or check the correct email or contact details to send the information to, secondly, to block out any private details that aren't required (lines from your bank statement for instance, but a piece of dark paper over, and scan in the copy), but also then to realise that these requests are unfortunately a part of the world we live in, and until our government get tougher on Card fraud, and stop thinking of it as a victimless crime because the consumer gets compensated from the bank or the business (wherein the business becomes the victim), it will be the only way to ensure that fraudulent phones, computers, and what-not aren't sent everywhere.
-
Monday 13th May 2013 21:17 GMT bill 20
Re: Additional Verification
NO. People do not need to "wise up" to anything. It is NOT the place of retail businesses to start demanding sensitive, potentially exploitable PII from customers in order to back-up purchases. That kind of fraud-prevention is the duty of the banks and card-issuers; they are are the trusted holders of individuals' sensitive personal data. Anyone who willingly hands over such information to a retailer deserves everything they get. I can remember having to demand to speak to the store manager of a PC World branch because (even though I was paying cash for a small-value item) I refused to give my postcode at the checkout. The drone on the till simply could not proceed with the sale without that piece of information because of the way the company had chosen to design it's point of sale procedure. This unregulated harvesting of PII by the retail sector needs to be clamped-down on hard, with legislation if necessary.
I repeat: IT IS NOT THE PLACE OF THE RETAILER TO DEMAND SENSITIVE PERSONAL DATA IN ORDER TO VERIFY A CUSTOMER'S IDENTITY: THAT IS THE ROLE OF THE FINANCIAL INSTITUTION PROVIDING THE MEANS OF PAYMENT.
-
Tuesday 14th May 2013 02:10 GMT Darren2k10
Re: Additional Verification
And in an ideal world, there would be no fraud, and no-one would attempt to make profit. I agree that the financial institutions need to do more, however, we aren't living in a utopia, and as they have the power, it is as ever the middle-man the UK Small Businesses who foot the bill. So, sure, you can rant and rave if you want, but if it was your cash that was being used to have to pay for someone elses stolen credit-card, you may think that perhaps a little extra checking was worth the hassle.
-
Wednesday 15th May 2013 12:09 GMT heyrick
Re: Additional Verification
A little extra checking may BE the hassle.
Who are you giving the information to? What will be done with it? What guarantee do you have that it won't be thrown out unshredded into a bin for easy harvesting by somebody? Is the person asking qualified or even authorised to be accepting this sort of information?
The customer does indeed need to wise up, but perhaps not in the way that you think.
-
-
-
-
Monday 13th May 2013 22:42 GMT DaddyHoggy
Handing over CC details
I once had to go to work in Cape Town in South Africa. The hotel I was to stay in wouldn't confirm my booking until I had sent them, via email, a colour scan of the front and back of my credit card.
I rang my credit card company (Tesco Mastercard) explained - they took the hotels details and the dates I was staying in SA. Told me they would process charges on my card only for my time in South Africa and from the hotel itself for one additional week after I checked out.
It was the credit card company who suggested I put the images in a password protected zip file - email them - and then ring them up and give them the password. This we hoped would slow the casual/opportunistic interception.
It was a worrying couple of weeks but it actually all went smoothly and I have since learned this is standard MO for many big hotels in SA.
However, if a company like Apple wanted these details, just so I could give them money to buy something from them... well, that's easy, I wouldn't be buying anything from Apple...
-
Tuesday 14th May 2013 00:09 GMT Anonymous Coward
Out of all the things to get upset about people pick on Apple. Again... Yes I agree in the ideal world they should have no business asking for ID and any other personal info. But since when is this world perfect? I also agree that banks should be liable for fraud damage, may be then they would spend less on fat useless managers and implement the much needed verification techniques to help fight fraud...
Anyway, what was the damage? A driving license/passport/any other id that you would have used in various places dozens of times already. Seriously? Okay, the bank statement is probably one step too far, but then again, do you really think your shopping habits are private? Wake up people... you are being tracked all the time. What's more you'll be under constant surveillance by Google in a few months once enough glasses are out there.
The funniest part was when a threat to become an android user was issued. Yeaaaah like they care about your privacy and your data. Except they make money of your data. So why do you willingly post updates, personal info, photos, geolocation info and all other stuff on 'social networking' sites, but get aggro as soon as someone asks you to verify your identity? Do you not think next time it may just save you the headache if your card details get nicked?
-
Tuesday 14th May 2013 06:12 GMT Richard 12
No, it's facilitating ID theft
If a miscreant gets hold of that email - easy to trivial - then they now have a handy and complete package to go on an ID fraud spree.
After all, it's the full package of ID information a company like Apple consider good enough to identify you. So it's also enough for anybody else to claim to be you.
-
-
-
Tuesday 14th May 2013 06:35 GMT Anonymous Coward
Re: Not oresent
Perhaps she doesn't live close to one, or prefers the convenience of ordering online?
It is crazy that Apple is asking for all these details, but I have to imagine that buying Apple stuff is pretty high on the hit list for stolen credit card information. Phones and tablets are probably the ideal for them, because they have a very high value per weight and per volume as compared to TV sets, and are much easier to resell compared to jewelry.
When I had my credit card details nicked a month ago there were a few smallish purchases, then a $1649 online purchase from Best Buy. At the time I had assumed they tried to buy a high end TV, but now that I think about it, if they were smart they went for a few iPhones or GS3s.
-
-
-
-
Tuesday 14th May 2013 10:31 GMT Anonymous Coward
Re: Colour copies of passports illegal ?
Ahh. Good old joined-up government. The UK Border Agency (or whatever it is called this week) requires employers to examine and keep copies of documents that prove an employee's right to work in the UK. Amongst the acceptable documents for this purpose is the UK Passport. The relevant UKBA guidance says nothing about copyright or colour copies.
http://www.ukba.homeoffice.gov.uk/sitecontent/documents/employersandsponsors/preventingillegalworking/currentguidanceandcodes/comprehensiveguidancefeb08.pdf
However employers are not, apparently, on the list of those auithorised to make and keep copies of passports according to:
http://www.hmso.gov.uk/copyright/guidance/gn_20(old%20format).htm
-
-
-
Tuesday 14th May 2013 04:57 GMT cordwainer 1
YGTBFKM
That acronym is the only possible response....and mind you, I've been a Mac owner since 1985. But I swear some of their decisions the past few years are jaw-droppingly, mind-bogglingly WTF??!!!!
It all used to be so easy, and friendly, and fun, and my hardware was so simple to upgrade and add to, and my OS so....so....stable (sob)
Weeping and forlorn,
c
-
Tuesday 14th May 2013 09:13 GMT JMcL
Add Amazon to the wall of shame
Amazon UK asked me for a scan of my passport last year when I had the temerity to buy, yes BUY, a Kindle book from the UK store, and have it delivered wirelessly in Ireland. This obviously caused an alarm and flashing red light to go off in the Amazon bunker warning that somebody might be trying to buy something via the UK (EU) rather than the US (err... not EU), where Amazon decided (in SOME fairness to them as a result of territorial rights bollox) that somebody who might not be living in the UK had to buy their books. I gave them a short and not very polite suggestion as to where they could stick their demand, and haven't heard from them since.
Speaking as an author with a book available on Kindle, frankly I don't give a flying f**k if somebody lives on the moon if they want to buy a copy of my book.
-
Tuesday 14th May 2013 11:46 GMT YeahRight
On the other hand
I'm a victim of identity fraud, someone using my name and address set up a bank account and direct debit for an iThing which would eventually have brought debt recovery agents to my door. When I approached Apple they were more efficient and more help than the police, my bank and the company providing the credit agreement. I'm not a fanboi by the way.
Apple seems heavy handed asking people to send proof of identity but their products are popular with criminals so they are in a tough position.
I have had to sign up with CIFAS to make sure that any future finance agreements in my name go through more stringent checks. Something I've had to pay for. If Apple and the financial institutions involved were more on the ball I would have a lot more confidence in them and be twenty quid better off.
-
Tuesday 14th May 2013 16:09 GMT bouncingwilf
Cash is king!
Buy direct from retailers using cash and deny the banks their "cut" of the transaction. You also frustrate the nasty " we want to know everything about everyone brigade" (Although I've had some interesting conversations at the checkout of say Dixons who always ask for postcode and house number - needless to say, I always tell them loudly it's none of their business!)
-
Tuesday 14th May 2013 17:11 GMT Anonymous Coward
Well, it's about time
Cuddo's to Apple. It is about time somebody got serious about security and sought out legitimate means of verifying identities for over-the-net purchases.
In fact, I think Apple should ask for a colour photo of every purchaser's penis, to be saved for comparison on future orders.
Sorry girls, but a picture of the snatch would just be a shot in the dark.
Or Apple could ask for a different photo and count the petals of everyone's rosebud, saved for comparison of course
Another reason I will not buy Apple. They give fruity a bad name...
-
Tuesday 14th May 2013 20:32 GMT Anonymous Coward
If we're not careful, this ends up being the new normal
And it really is data slurping under the guise of fraud control. There are other ways of verifying identity. Sadly, The Reg isn't the place for massive, decision changing negative publicity. Don't expect t hear about this from any major news outlet.