We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
MSE News: Compare The Market reviews security following passwords probe
Former_MSE_Darryl
Posts: 210 Forumite
"Price comparison site Compare The Market is reviewing security after a newspaper investigation exposed failings in its current system..."
Read the full story:
Compare The Market reviews security following passwords probe
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
Compare The Market reviews security following passwords probe
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
0
Comments
-
One could be forgiven for thinking that this story has been given extra promotion to scare people into not using CTM, and instead a competitor like, say, MoneySupermarket? ;-)0
-
billbennett wrote: »One could be forgiven for thinking that this story has been given extra promotion to scare people into not using CTM, and instead a competitor like, say, MoneySupermarket? ;-)
As a regular site user, you couldn't really be forgiven for thinking that. This story has been covered in a number of national newspapers. It is a security flaw - we cover those. Are you saying we shouldn't have done
We give MoneySupermarket no priority or special treatment whatsoever on this site as legally enshrined by the editorial code www.moneysavingexpert.com/site/editorial-code. You'll see the evidence of this in our car, home, life insurance guides etc where you'll see we base our picks solely on our independent research..Martin Lewis, Money Saving Expert.
Please note, answers don't constitute financial advice, it is based on generalised journalistic research. Always ensure any decision is made with regards to your own individual circumstance.Don't miss out on urgent MoneySaving, get my weekly e-mail at www.moneysavingexpert.com/tips.Debt-Free Wannabee Official Nerd Club: (Honorary) Members number 0000 -
I think it is a clear indicator that no commercial organisation should be permitted to store any personal data after transactional use unless there is an essential reason not defined by the business but by law.
All comparison sites should be rejigged to offer a transparent downloadable file to a customer user which he or she can upload again to save time when next logging in. The comparison site should delete all personal data the moment a user logs out. The Information Commissioner should be able to access any computer system containing personal data at any time to ensure that it is being destroyed on customer log out.
Collecting data "for marketing purposes" should be severely curtailed to name and address only (no other data including telephone data should be allowed - businesses lost the right to hold our telephone data when they all decided it was a good idea to hide their own so we can't complain directly to chief executives).
Login and other data used to verify security should never include any standard data - the questions- What is your full name?
- What is the first line of your address and postcode,
- What is your date of birth, and even
- What are the last three digits of your home telephone number
I would expect that organised criminals have all this data on most of us by now, and of course far more because they buy it, and it is quite amazing who is selling it.
A database with 20 million records is no big deal anymore. Criminals operate them. I can run one on a standard laptop and mix it with other massive databases and update and clean it constantly from any source that comes my way. So what is the point of fooling ourselves anymore that our most basic personal data is "safe" for businesses to use to claim they are protecting us?
The tolerated trade in personal data is disgraceful. It should be stopped dead. We have taken a wrong turn and should reverse. Collection and holding of data used for one-time quotes doesn't need to be stored.
It is not needed. CRAs are not needed - they are unsafe and corrupt - they are the worst traders of our data and they are politically motivated because they can skew business decisions for a fee if they mould our data in a politically attractive fashion for certain buyers.
I was reminded of Delphi and CII by another poster yesterday, Dr_Cuckoo3. These are hidden databases (to us) which hold scores which are sold to businesses. It is unlawful yet it is happening. Those unlawfully contrived data will be being used alongside comparison website collected data for example. No business holding data will be immune. The transmission of information occurs like a virus now. Seriously. We all know that a virus transmits itself by matching a side of itself to a known pattern on the host. Our personal data is the host. The known pattern is our name and address and date of birth, and as this awful trade in our data continues, the virus will be harder to kill as it matches itself to known data that we hadn't realised marked us for fools.
Databases are constantly mixed, and we fools' receptors are hunted for just like a virus, and nasty data seeking viruses are farmed even without directors of businesses fully understanding how their databases are maintained. In simple terms you could call a manually formed data-seeking virus a database query with a deliberate opportunistic join to one or more other databases. Matches occur when an operative runs the query. Those matches will form new information (yes new!) about the data subjects in all the databases potentially. Statistical methods can be used to "clean" the new information to the most likely values if there is an uncertain match. In commerce the process is constant and automated and oh so fast. That new information is "added value" which is constantly traded without our knowledge.
The only way to prevent the industrial scale abuse is to ban storage of personal data by all except the government.
There is simply no need for it even to satisfy ongoing contracts. I have bank accounts which do not require my name or my card to access fully. They use completely non-descript keys or codes known in full only by me and the banks system knows enough to interrogate me on the secret codes and decide if I am granted access. Those bank systems do not ask my name or my date of birth and they do not know me from Adam when I log in but they know that it is safe to grant me access.
I also discovered from another poster yesterday that a visit to a comparison website for a motor quote is quite likely to result in multiple searches on my CRA file. Why? They have no right other than rights they sneakily give themselves in small print (via the comparison website who therefore are no better). There is absolutely no reason for CRAs to allow access to motor insurers simply quoting for business or at all, and there is no reason for them to store the fact that those searches were made so that it is possible for the CRA to design a saleable product based on my shopping activity. I never authorised it. It is unlawful. It must stop.0 -
VictimOfImpersonation wrote: »I also discovered from another poster yesterday that a visit to a comparison website for a motor quote is quite likely to result in multiple searches on my CRA file. Why? They have no right other than rights they sneakily give themselves in small print (via the comparison website who therefore are no better). There is absolutely no reason for CRAs to allow access to motor insurers simply quoting for business or at all, and there is no reason for them to store the fact that those searches were made so that it is possible for the CRA to design a saleable product based on my shopping activity. I never authorised it. It is unlawful. It must stop.
Stop with your "unlawful" rubbish. The terms and conditions state that a CRA search is a possible result. The majority of people pay their insurance by instalments and so receive a loan for their premiums. Do you expect these loans to be quoted for without the lender knowing the insureds credit history?
Likewise, people in financial distress are more prone to quote manipulation/ fraudulent claims hence why some insurers also use credit score as a rating factor on top of the loan consideration. You dont want your CRA file checked then chose an insurer/ service that doesnt state it will in their terms and in the meantime those of us that have a reasonable history and arent luddites can enjoy a reduced premium to reflect the lower risk we represent.
Yes data is sold, you can always opt out of this though. No, large companies don't blindly sell your data if you have opted out.
The vast majority of people like the fact that they can streamline their life by 1 click requoting or 1 click ordering because the website/ merchant stores their details. Again if you dont like this then go to a shop and pay cash to avoid the paper trail and obviously dont use any clubcard/nectar etc0 -
Terms and Conditions are not law. They are typically exploitative and full of tricks. You may coin them, but they do not stand even if I see a nasty little pop up which says "if you proceed with this website you agree to our terms and conditions".
You know about insurance InsideInsurance. So do an awful number of people with nothing better to do in this sorry land where nothing useful is manufactured anymore except printed money for those that monopolise it.
But do you know anything about relational databases and did you understand my suggestion of automated database queries as viruses?
I think you are rather naive to believe your data is not sold without your permission. Have you authorised Experian to sell your data via Delphi?
And don't insinuate that I am a luddite please. As I am arguing for big changes, in this discussion you look more like a luddite than I do.0 -
Insurers can get your permission to access an appropriate level of credit report data, and use scores calculated using credit report data, to check your identity and, where relevant, provide quotes on paying insurance premiums using credit terms, which many people choose to do. You will always be told before a credit search is carried out. Importantly, any search relating to a quote is clearly marked as such on your report and is not seen by lenders, just you.
James“Official Company Representative
I am an official company representative of Experian. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
Posts by James Jones, Neil Stone, Stuart Storey & Joe Standen0 -
Goodness me, who rattled Experian's cage ? Let's get this straight. There is no lending risk beyond a month's insurance premium - twenty quid in my case - and that isn't enough to justify any large insurer doing business as a small-time lender crawling over my credit file so Experian and the other CRAs have no business allowing it.
Personally I never pay monthly and never choose to. I pay up front. Even if I did want to pay on credit the offer of it could be made subject to status and so even by the largest stretch of imagination, a search can then only be justified by the company that gets the acceptance of their offer to do business. None of the others. If no business is done, no credit search is justifiable.
So, I don't know why Experian have leapt in officially to say their piece so early in this thread but it does look rather big brother :snow_laug, doesn't it ?
Thanks James for the usual CRA skewed take, but no thanks for improving the world. Perhaps we'll simply have to leave the lead on that messy business of reforming commercial data science practice, and on privacy reform to the next Messiah.
God help us all if we have to endure visitations by official CRA representatives:santa2: on Christmas Eves until then to keep us on message.
Do have a very Happy Christmas ! :rudolf:0 -
There is no lending risk beyond a month's insurance premium - twenty quid in my case
The annual premium is being borrowed. Not the monthly.and that isn't enough to justify any large insurer doing business as a small-time lender crawling over my credit file so Experian and the other CRAs have no business allowing it.
So, you are proposing a breach of the consumer credit act then. Any payment for services that cannot be paid within 4 payments in a period of 12 months or less falls under the consumer credit act. Whilst it used to be ok for insurers not to use credit agreements, they now have to do it that way to comply with law.
The agreements in place are therefore regulated under the consumer credit act as well. That gives consumers protection and it gets the creditor protection as well.
It seems you are recommending they do not act within the law and that is somehow beneficial to consumers.So, I don't know why Experian have leapt in officially to say their piece so early in this thread but it does look rather big brother , doesn't it ?
And I don't know why you are posting conspiracy theories but you still do it.I am an Independent Financial Adviser (IFA). The comments I make are just my opinion and are for discussion purposes only. They are not financial advice and you should not treat them as such. If you feel an area discussed may be relevant to you, then please seek advice from an Independent Financial Adviser local to you.0 -
Don't spin dishonestly, dunstonh, for that is what you do if you do not disclose all you know about the history of the assertion you bluntly lay out as if it is some truth. It isn't, and you have been around long enough to damn well know that it isn't.The annual premium is being borrowed. Not the monthly.
Banks and insurance companies dug their own grave long ago if they wanted to uphold that old assertion. They have been constantly urging competitors' customers to cut and run from existing "annual insurances" if they pay monthly. "Just cancel the direct debit and start with us." I would have argued the same thing as you 30 or even 25 years ago but not now. Things have changed enormously.
Firstly the ability of an insurer to actually press home "short period" i.e. unfairly loaded rates for mid-term cancellations has been heavily eroded by their own greed. Instead they have completely stopped offering goodwill to customers who naturally change their vehicle at some point or move house or add or subtract a vehicle or, wish to change named drivers, and instead see that as an easy opportunity to grab an administration fee and loaded premium and the customer can lump it. I worked for one of the best motor insurers 35 years ago. Our premiums would never appear at the top of any price comparison chart but we had significant market share and we kept it. We wouldn't have dreamed of adding admin fees and rarely would have charged more than pro-rata unless we were trying to make a fair business point that the customer should not even have dreamed that any new insurer would countenance moving away mid term from his existing insurer. But of course even the best companies lost their way in the end and joined the herd of stinking moneygrabbing outfits.
Second, a motor insurance can be cancelled electronically in such a way that police can tap into the cancellation immediately. A paper motor insurance certificate not backed by electronic confirmation is worthless, and so it should be because insurer cover note control went out of the window more than twenty years ago. That immediately limits the potential bad debt. Insurers do not report the cumulative differences between "time on risk" and the full annual premium on all incepting policies in an accounting year as bad debt, now do they? Of course not. It doesn't even cross their minds to treat the unused premium portion of a cancelled notional annual policy that way. Why would it except for the purposes of your skewed and woefully outdated assertion?
Insurance has traditionally always been paid for in advance but "time on risk" is all that matters for an insurers bottom line to be sure they've collected the money required to balance their underwriting. If they have cancelled when a monthly payment has failed then they lose a month's premium maximum while they chase it and make that decision whether or not to cancel. They are morally entitled to no more and to suggest that they need to do an in advance credit check for some significant loan based on the biggest number you can think of (the whole year's premium) that they are about to give is again misleading. They don't send anyone round to knock on the door to collect the balance do they? If there was a legal entitlement then insurers would sell that debt to debt collectors and we'd constantly hear about it. But we don't do we? So stop telling porkies.
Furthermore, the terms of the "credit" they offer are the same for every customer - it isn't tailored beyond whether yes they will give it or no they will not. With your protestation, you haven't justified the practice, merely confirmed that bad culture is alive and well in the whole industry. And you have not addressed the fact that many of us are not even making a credit application but still get credit searched multiple times.
Oh diddums, poor things found that in order to cut out bona-fide lenders from "premium instalment plans" they had to comply with some pesky regulations in order to have their cake and eat it you mean ?So, you are proposing a breach of the consumer credit act then. Any payment for services that cannot be paid within 4 payments in a period of 12 months or less falls under the consumer credit act. Whilst it used to be ok for insurers not to use credit agreements, they now have to do it that way to comply with law.
What protection does the consumer credit act give untold hundreds of thousands of poor unfortunates whose personal data is compromised so comprehensively merely because nefarious organisations that cornered the business of access to multiple quotations (price comparison websites) have their eye on one thing only and couldn't give two hoots about anything else? Why did these organisations ever get a toe-hold? It is because financial services companies had become so bad in reputational terms through multiple scandals that they did not even want their names and telephone numbers remembered. They just wanted a cut of the market, in ... wham thank you m'am ... out, in ... out ... and repeat anonymously using 6 different trading names like a bloody soap or catfood company competing against itself flogging boiled down whale blubber extracts, or knackered donkey-meat in different branded tins.The agreements in place are therefore regulated under the consumer credit act as well. That gives consumers protection and it gets the creditor protection as well.
Now you are definitely spinning dishonestly. I thought you were clever , dunstonh, but stupid comebacks like that are not smart. Not a good thing to be seen to be doing as an upright representative of any part of the financial services industry, I suggest!It seems you are recommending they do not act within the law and that is somehow beneficial to consumers.
Theories? I am just telling what I know and what I see. What's your excuse for deflecting truth and misleading the general readership on the safety of entering into business, or even seeking quotations from financial services companies?And I don't know why you are posting conspiracy theories but you still do it.
Oh and I nearly forgot ... careful you don't splutter or choke on your Norfolk turkey, and do have a very Happy Christmas !:rudolf:0 -
Have you started on the eggnog early in your household?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.6K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards