In honor of Data Privacy Day, I have decided to share with you an abomination of security and privacy that I recently experienced. Being the rich and famous software developer that I am, I was less than excited when I got another nearly weekly offer for a “Pre approved platinum card with a four quadrillion dollar credit limit and -5% interest!” in the mail last week.
I was bored and decided sure, I’ll check it out. After all, it has a -5% interest rate, which, if my math is correct, means that they pay ME on my interest, right? (no, it didn’t, I’m being slightly facetious.)
So I visit the website that the piece of paper told me to, and it’s a pretty bland landing page to submit all your sensitive information. Of course, you’ll have to give them your social security number and sometimes drivers license number. That’s fine, and expected, they need to run a credit check. Not surprisingly, the site was using a valid 256-bit SSL connection. I always check for this (and you should too), when I’m doing anything that requires me to submit my information. Not just making sure that it’s valid, but making sure that it is an actual certificate, signed by a known certificate authority, and all that jazz.
So I send my info through their website, and wait a few seconds, and it comes back and says “Congratulations! You’re approved. You’ll receive your card in the mail within 10 business days!”. Wow, ok. That’s a little less information than I had hoped for. Maybe, congrats, you CAN get our card, if you click this button. Maybe it’s just me, but I would think they would have a “Ok, now give me the card” button, instead of just seeing if I’m actually approved for it and then automatically assuming I really want it.
All that aside, who cares really? Their site was secure, and I got me a new credit card to play with! Excitedly I check the mail every single day for the next week or so. Then finally it came. It was like the little kid from A Christmas Story, when he finally realized that his parents had indeed bought him the BB gun that everybody insisted he would shoot his eye out with. I was elated!
So I open up the envelope and see my (extremely lame looking) new credit card, and a single sheet of paper. Knowing that I’ll have to activate the card in order to use it, I look for the sticker on the card with the phone number (and sometimes instructions) to call and activate it. Not there. Hmm…maybe it’s on the back of the card? Nope, not there either. That’s odd. Maybe its on that single sheet of paper that was included in the envelope? Yeah, must be. I’ll check that.
Blah blah blah, words, legalese, percentage rates, words, and more legalese. What the hell? How do I activate my card? I read the entire sheet of paper from top to bottom. Then I see it. The monstrosity, the abomination. At the very bottom of this piece of paper, it reads: “Your card is already activated and ready to use. You do not need to call to activate your card”.
I ran to the next room to show my wife. I pointed at that sentence and said “What does that say?”. Her response was about the same as mine, except I think it included an expletive or two.
The developer in me was curious. I must know if this is actually true, or if this is some cool new way to try and catch identity thieves. Maybe there was another piece of mail that came separate with it that told me how to activate it, noting that the card itself would say that it was activated, just a security precaution. It must be! So I immediately floored it to my local convenience store and bought some refreshments with my new card. Transaction Approved.
After the cashier picked my jaw up off the counter for me, I left in a blind state of disbelief. How can this be? How is it even possible that a credit card company (who shall remain nameless) who sends out credit cards that can be used by anyone who happens to open the envelope can manage to stay in business longer than a day?
Well it’s true. It happened to me, and luckily my local post office workers are good honest people. And my son is only 8 and doesn’t check the mail. And my neighbor has a Jaguar and an Escalade and hardly needs my credit card.
I will be contacting this company soon with my concerns about their complete and total lack of security or privacy concerns. I will try and record the conversation and I will post it up for your enjoyment. Please do not use this company if you want your identity or credit score to remain where it is. If you are concerned about your customers (or your own) data security, Trademark can help. Just contact us and tell us about your concerns. We’re here to help!