Retailer demands personal information before issuing a refund. How much is too much?

Forums › ICT Policies and Regulation › Retailer demands personal information before issuing a refund. How much is too much?

1 | 2 | 3

antonknee

1133 posts

Uber Geek

#2537175 9-Aug-2020 17:14

SirHumphreyAppleby:

Why should I give a random Customer Service person at a retailer information that potentially puts my financial interests at risk? Posts in this thread haven't exactly painted a favourable picture of retail staff, citing them as one of the main perpetrators of refund fraud.

I obviously haven't filled out my date of birth on my Warehouse account, but with a full name, date of birth, phone number, address and account number, they'd have most of the information required to verify my identity with the bank. Default bank passwords used to be your mother's maiden name, so with a quick trip to a major library to look up birth records, there's a good chance you could check that off the list as well.

But they didn't ask you for that, they just asked for your name.....

SirHumphreyAppleby

2844 posts

Uber Geek

#2537226 9-Aug-2020 18:10

antonknee:

But they didn't ask you for that, they just asked for your name.....

Sorry, I realise that paragraph wasn't clear. The date of birth is optional information they request. All the details in combination could give someone sufficient information to access personal financial details from other organisations that weren't thorough with their checks. This is particularly true if people are willing to go a little further and steal mail, which would also give the such details as account numbers and credit limits, both of which serve as additional evidence of identity.

Keep in mind this thread was posed as a series of questions, in the ICT Policies and Regulations forum. If organisations are allowed to make demands for information they don't need, how much is too much? Clearly, there are differing views on what people consider appropriate, and I am genuinely interested in knowing where other people would draw the line.

BlakJak

1275 posts

Uber Geek

Trusted

#2537228 9-Aug-2020 18:16

Your name is pretty basic. Knowledge of your name is not going to exposure you to much of anything.

Refusing to give it out to a business with whom you are doing legitimate business, is heading toward pointless paranoia.

In your scenario i'd question the need for an address (possibly required), a date of both (not required) or any other personal information. But your name? Sheesh.

If you suspect an org or an employee at an org is going to use information you provide to commit identity theft, you shouldn't be doing business with them (and you wear the consequence of that). One can't assume the worst of everyone one deals with

No signature to see here, move along...

SirHumphreyAppleby

2844 posts

Uber Geek

#2541257 14-Aug-2020 18:57

This issue has been resolved. It turns out they didn't want my full name at all. Attempts to clarify the actual information they needed kept being bounced back to the same customer service person, destined to repeat the demand ad infinitum.

As for paranoia, I have no significant objection to giving people my first name and surname, it's my full name I refuse to disclose. I called the bank on Monday and was asked two security questions, the first of which was my full name; the very information I refuse to hand over indiscriminately. The second security question was a card number of my choice; another piece of information that a retailer would necessarily be provided. With just that information, I was able to converse with bank staff regarding transactions on my account.

Technically, my phone number was the third piece of information they matched, but it's trivial to present an outbound caller ID matching any number and my bank makes it easy to find which numbers are linked to accounts by telling the caller they've recognised the number. I actually called from my my landline, where I present my cellphone number for caller ID. And in case anyone is wondering, that is legal and there are valid reasons to do it. It's not just scammers who do that.

1 | 2 | 3