What does an organisation need to know to transact with you? A lot less than they usually ask for. One thing that is almost never needed is your name – indeed as Dave Birch argues in this video, a preoccupation with using information like your name, date of birth, etc for identification is often just plain wrong.
Dave points out that for any transaction only the absolutely necessary data should be made available: your photo and that you are over 18 is enough to buy alcohol and nothing else (not a card with name, address, date of birth, etc.). To pay for something you just need the PIN expected by the chip on the card – everything else printed on the card including your name is just a fraud risk.
Contact centres routinely increase the risk of fraud: to pay with a card on the phone, the customer service representative will actually take the data and enter it for you in their system. This reveals the entire card holder details including the security code. That’s why this process is not compliant with payment card industry standards. There is really no good reason for doing this anymore – it is a simple problem to solve for any contact centre.
About the speaker: David Birch is a digital money and ID consultant paving the way for a 21st-century identity. He is a director of Consult Hyperion, an IT management consultancy that specialises in electronic transactions.