Comments on: Answers: What level of security questions need to be asked?

By: Jakki

Jakki — Tue, 19 Apr 2011 10:19:12 +0000

Can anyone let me know there take on dealing Business to Business please? Different rules, types of information as things like date of birth don’t apply.

By: Luke

Luke — Fri, 11 Jun 2010 20:19:39 +0000

If a customer calls in relation to their account, they give their account number then the operator can see their personal information and they start the conversation…”Ok am I speaking to Steve Jones?” customer answers “Yes”, then operator asks,”For data protection reasons can you confirm your postcode, first line of your adress and your postcode?”
Because you have used the name before asking data questions (maybe just the first name)is this a breach of data protection as it’s not a security type of question?

Thanks

By: Jeff

Jeff — Wed, 04 Mar 2009 01:17:05 +0000

FCC Guidelines need to be followed. A caller needs to verify their name and last four of the primary acct holders social. If there is a password, then the password is the primary security method. If the caller is not the billing name, or listed as an authorized user, it doesn’t matter what info they verify. They get no access.

As far as acct info that is provided to a fully qualified caller, is also very limited. We will not release any acct info, but we can verify it. We will release information such as balance, payments, usage, rate plans, features, and so on. But absolutely no personal data will be provided. This includes specific phone numbers that were called or received, date and time of calls, and so on.

The very worse that can happen is someone might be able to slip in and change a plan or service. That can easily be fixed. But by releasing specific data, it could actually aid someone with bad intentions of locating a person to do possible harm.

By: Neil Wilkins

Neil Wilkins — Wed, 04 Feb 2009 16:09:27 +0000

Some organisations allow their customers to set their own security password. This can be very effective as it can be something personal to the customer and something that is not as easy to guess such as post code, date of birth or Landline telephone number.

By: Janette Coulthard

Janette Coulthard — Fri, 16 Jan 2009 15:07:10 +0000

With reference to the second question relating to what information cannot be given to a customer, in short an agent cannot give any personal infomation or personal data about the customer, to the customer, without first verifying the customer’s identity through the DPA check.

By: Mark Andrews

Mark Andrews — Thu, 15 Jan 2009 18:39:04 +0000

Our agents will always ask the caller to confirm 3 pieces of information on both inbound/outbound calls – usually the name address and date of birth.

By: Pinaz

Pinaz — Thu, 15 Jan 2009 16:28:35 +0000

It is critical to have security questions confirmed to ensure the account related details are being shared with the subscriber only.However,the security check may not be needed for general queries like,what are the new offers etc, as they dont involve account details.

The mandate can be at least two good checks like:

a. Billing address
b. Landline telephone number
c. Last recharge done
d. Last bill paid

By: Carl Nightingale

Carl Nightingale — Thu, 15 Jan 2009 12:23:00 +0000

There are no set questions within the data protection act, it advises that a company must take reasonable steps to ensure they have checked and confirmed the identity of the person calling. Most companies I have called myself and worked for generally ask for a postcode and date of birth after taking the callers name and agreement/reference/account number.

As long as you have asked some relevant ’security’ questions your responsibility has been covered and anyone calling and ‘pretending’ to by your customer is then the one breaking the law.