Feeds

back to article Apple asked me for my BANK statements, says outraged reader

Apple is believed to have asked some online shoppers to hand over copies of their driving licence, passport and bank statements to verify their identity. A concerned Reg reader alerted us to Apple's data-slurp requests after she received one herself - and was told by her bank that they had never heard of private companies asking …

COMMENTS

This topic is closed for new posts.

Page:

You want to buy subsidized phone, cough up your private data. They are lending you money and want to ensure you don't default. Buy a phone upfront if you don't like it. Even people in poor countries cough up full dough to buy phones.

1
150
Silver badge
FAIL

FAIL - no Credit Agreement with Apple

No subsidy, no loan.

The customer is buying on a Bank issued Credit Card, so as far as Apple is concerned the customer is buying it outright.

The Bank is taking the credit risk, not Apple, and the Bank has already completed the necessary identity verification to issue the card.

92
4
Anonymous Coward

Re: FAIL - no Credit Agreement with Apple

I'm guessing that Apple have had so much fraud that the banks are holding Apple liable for fraudulent purchases unless they demand extra proof of identity.

4
3
Silver badge

Re: FAIL - no Credit Agreement with Apple

Actually, for an on-line transaction where the customer is not present, the bank reserves the right to charge back to Apple in case of fraud, so in this instance Apple are indeed taking the risk. The three-digit security code on the back helps a bit, but if someone's nicked your card, or noted the details while handling it, that's not much of a barrier.

I'd still tell them where to stick their security check though. Perhaps there needs to be a mechanism where they can put it through normally but raise a flag with the bank, who will contact the customer to verify that it's a genuine transaction on the card (as they do occasionally anyway if you raise one of their security flags).

23
0
FAIL

read the frickin' article man

Seriously not far in, just at the start of the third paragraph

"After ordering an iPad for her young son" - so not a phone, and not subsidised

34
0
Mushroom

@Velv - (Unfortunately) you are wrong!

While I find Apple's behaviour in this contemptible, your comment "The Bank is taking the credit risk, not Apple" is not actually correct in the harsh reality of business banking.

I used to run a small web-based retain business and I used to accept credit/debit card payments. It's all unnecessarily complicated, but basically, if you are a company and the target of credit card fraud then I wish you the very best of luck getting your money back from the bank after you have shipped the purchased goods and then find out the card was used fraudulently. The bank will usually point at clause xyz and tell you to whistle.

It really annoys me when I see adverts aimed at Jo Public with tag lines along the gist of "don't worry about using your card on-line - we (the bank) will make sure you don't lose out". Notice that the banks DON'T say that THEY will cover the costs. That's because they don't! They pass the buck on to the retailer. This is why the banks have never really taken credit card fraud seriously. Because most of the time, the cost to the bank is nothing; either the customer pays or the retailer pays.

17
1

Re: FAIL - no Credit Agreement with Apple

Not if they implement Verified By Visa or Mastercard SecureCode, which moves the onus on the bank in verifying a genuine user.

11
1
Anonymous Coward

Re: FAIL - no Credit Agreement with Apple

"Perhaps there needs to be a mechanism where they can put it through normally but raise a flag with the bank, [...]"

Both my Mastercard and Visa cards have the potential of a further online password double-check by the issuing bank. The Mastercard transaction requires knowledge, on both sides, of a two-part password set by myself.

When the online credit card transaction goes to completion the screen is transferred to the issuing bank's verification service. It then presents me with a personal phrase that I constructed - to which my reply is my personally constructed password. Not perfect, especially against a screen scraper and key logger, but pretty good verification. It gives me confidence I am not being phished for my password.

It would be even better if I could use my Pin Sentry mechanism to produce an offline authentication code like I do for my bank account.

0
0
WTF?

"Apple" and "Subsidized" in the same context?

That's pretty challenging! Don't people realise that there are other options than handcuffing yourself to Apple?

9
1
Mushroom

New Apple Motto

All your identity are belong to us.

5
0
Anonymous Coward

If you read the article, the lady in question was buying the ipad outright and not asking for credit or a subsidised device. This is intrusion of the worst kind and shows how arrogant some companies are, it used to be the case that having money was enough reason for a compant to sell something. to someone.

If it were me I would tell them to stuff their product and go else where

9
0
Anonymous Coward

Re: FAIL - no Credit Agreement with Apple

"Not if they implement Verified By Visa or Mastercard SecureCode, which moves the onus on the bank in verifying a genuine user."

Only one of my Mastercards has that online verification. The Barclaycard Mastercard one doesn't - yet the Barclaycard Visa one does.

One day the Barclaycard Mastercard bounced a big order to my regular IT supplier to my normal address. They left it to the supplier to tell me. Apparently a <£1k transaction triggered their fraud alarm. The helpline put me through a lot of questions. I pointed out that I bought expensive things from that supplier several times a year - which a history check would confirm. They admitted their fraud data trend only went back about a month or so.

To add insult to injury - it then took another four phone calls before the supplier reported that the transaction was finally unblocked for them.

0
0
Silver badge

If you are buying direct from Apple, it isn't a subsidised phone. Subsidised phones come from the telephone companies like O2, Vodafone and so on.

0
0
Anonymous Coward

Speaking as a credit card fraudster, I'm outraged Apple will no longer accept transactions that are flagged by the credit check service as potentially fraudulent. Don't people realise Apple are a big company and should be prepared to simply foot the bill. I'm glad you all on this forum agree it is mighty discourteous not to dispatch goods to me, even if experience as shown you, you will more likely as not be footing the bill. It's my right you should sell me whatever I demand and frankly, if you want to see proof of my ID. FUCK OFF.

Sorry anyone who disagrees with me is affecting my livelihood and therefore an arse-hole.

4
9
Linux

subsidized or 'look at all the idiots out there'

you people are stupid morons if you think apple is subsidizing anything!

3
0
Silver badge
Trollface

wow

89 downvotes as a I write this. I salute you Mr. Troll and just so you hit your triple digit target have another but know I don't do it out of malice but out of respect.

1
0
Anonymous Coward

Another info/access grab lurks in your Paypa account

After many years of Paypal use with no issues, I suddenly got a note that I was very close to passing my "limit" of $10,000 of transactions. Hunh!

Now in order to continue using Paypal, I must give them direct access to my bank account (take out money as well as put it in). They get hacked or disagree with me; they just take what they want.

The note says that this is necessary to insure my security and verify me (I guess "my realness") after at least 6 years (I believe a good deal more) and $10,000 of transactions without a problem. Virtually all me paying someone. And they have my credit card.

And there are many things that they have locked up to the point that Paypal is the only way to make a transaction. Can you say unreasonable leverage of an almost monopolistic market position. This BS should be stopped by someone in government regulation.

10
0

Re: FAIL - no Credit Agreement with Apple

Apple's attitude has always been a 'we own our customers and we can do anything with them that we feel like"

0
0
Anonymous Coward

Re: Another info/access grab lurks in your Paypa account

" I must give them direct access to my bank account (take out money as well as put it in)"

Eh? You are saying that Paypal wanted to have your username and password to your online banking?

Or are you just saying that they wanted a direct debit that you could cancel or claim back on at any time?

Other than that PayPal can't take money out of your account (apart from reversing a transaction they have made due to error with 24 hours).

Therefore I don't think you are being entirely truthful.

1
2

Re: Another info/access grab lurks in your Paypa account

Which Government would you like to step in? Their practices cover many International boundaries and jurisdictions.

0
0
Anonymous Coward

Re: FAIL - no Credit Agreement with Apple

Absolutely,

They can f*k off. Bashing Apple just became fun again

0
0
Anonymous Coward

Re: Another info/access grab lurks in your Paypa account

The way round that is set up a second bank account, link paypal to that, make sure it has no overdraft facility and never keep more than about £100 in it. That's what we did at work when Paypal and eBay wanted a bank account to link to

1
0
Bronze badge

Re: FAIL & Verified By VISA

Dunno about the Mastercard SecureCode but Verified by VISA seems to move the onus onto you to prove it wasn't you who made the purchase rather than move the burden of identifying the user to the bank.

1
0

Re: FAIL - no Credit Agreement with Apple

Verfied by Visa? I have to punch in 3 digits from my 8 digit password to confirm a lot of online purchases.

0
0

Re: @Velv - (Unfortunately) you are wrong!

And all too often, the seller has not exercised due care.

I've suffered credit card fraud on a couple of occasions, one of which involved my (rather improbable) purchase of a bicycle from a cycle shop on the South coast of England, the said bicycle to be delivered by carrier to Essex, while the registered address for the card was in the North of Scotland. No attempt was made to check before making delivery to an address other than that to which the card was registered.

0
0

Re: Another info/access grab lurks in your Paypa account

Give them the number of an account with only a nominal amount of money in it.

0
0
Anonymous Coward

Re: FAIL - no Credit Agreement with Apple

While we don't know quite all the relevant details, those anti-fraud precautions are not world-wide. I was once told that Chip and Pin was introduced to counter Fraud by bank staff. That's not a world-wide system.

What I see, from US companies, is an apparent lack of card security, compared to UK and European operations. And the big-name card handling companies, Mastercard and Visa, are distinct companies from the US corporations, just as Paypal is a separate company in Europe.

I am seeing my own problems with getting payment to US companies. Thankfully, I have not seen this solution. I don't get paper statements from either my bank or my card company.

[Anonymous for obvious security reasons]

0
0
Silver badge

Re: FAIL - no Credit Agreement with Apple

"Actually, for an on-line transaction where the customer is not present, the bank reserves the right to charge back to Apple in case of fraud,"

You need to rewrite that. Even for offline transactions where the customer IS present and has provided a PIN (and CCTV security footage shows that it is indeed the customer, not someone using a purloined cards), the banks can and will chargeback in case of a dispute - and hit with penalty charges which are not removed should the dispute prove groundless.

I know, because as a retailer it happened to me on multiple ocasions. It's one of the reasons for encouraging people to move to direct debits or bank transfers

Then there's the massively high cheque fees banks charge in an all-out attempt to encourage retailers to stop accepting them, or the high standing fees and surcharges attached if your card processing is below threshold numbers or average transaction values. Bank commissions can easily hit 30% on debit card payments if there are a lot of sub £10 transactions.

Basically the banks rape and pillage. Retailers were forced to swallow that until recently. I suspect Apple have gone too far, but I'm not surprised they're making these kinds of demands, given recent stories such as the guy who got mugged of his cards+ipad and documented the assailant making multiple purchases from Apple on stolen cards, then flogging 'em on Ebay - however in that particular case the mugger had enough stuff to fulfill most of the demands from Apple. I'd be going for a request to provide a photo showing face + holding up a handwritten copy of the order number, along with some other form of phptographic ID.

2
0
Silver badge

Re: @Velv - (Unfortunately) you are wrong!

"Because most of the time, the cost to the bank is nothing; either the customer pays or the retailer pays."

FWIW, by the time penalty charges are levied, banks make more money from fraud than they do from legitimate transactions.

THAT is why they don't do all that much to curb card fraud,

2
0
Bronze badge

Re: Another info/access grab lurks in your Paypa account

What I often see is a bit of confusion over just what is going on. From my time running a business, I know some of these things. Some people misunderstand. Some businesses give lousy explanations. And some people seem to want to boast of their superiority.

I've been with Paypal for a long time, I had to "verify" my account at the start, and that involved a debit/credit double on my bank current account. I don't think it needed an open-ended permission, but it was a long time ago. So all I can say is you should look carefully at what they are asking for. But I didn't have a problem, and getting verified is worthwhile. Once they have confirmed the current account, you can send money to Paypal through your internet banking, at a lower fee.

Paypal are a bank. So feel free to be suspicious. Being a bank is not the sign of reliability that it was.

0
1
Anonymous Coward

Re: Another info/access grab lurks in your Paypa account

Are you saying that Paypal were given access to your bank account to withdraw money?

If so then you are also talking rubbish.

The only way a company can withdraw unauthorised money from your account is via a credit/debit card, a direct debit or the reversal of transaction within 24 hours.

Credit card is the worst as you'll have to continually chargeback for each offence or cancel your card.

Direct debits can all be cancelled and money retrieved if taken.

Reversals can only be for the amount they have just credited.

Paypal will only verify if you either set up a direct debit mandate or they credit your account with two low transactions and you confirm what those amounts are.

0
0

Re: @Equitas - (Unfortunately) you are wrong!

As others have said, the seller is taking the risk, not the card holder - you got the fradulent transaction returned to you didn't you? You were mildly inconvenienced perhaps, the seller lost the funds and is out the item they shipped to the non-registered address.

The reason merchants take the risk is that so many people want it. For all sorts of reasons people find it convenient to have things shipped to alternate addresses, so merchants offer them the service and take the risk.

If you really want to blame someone who isn't the thief, blame yourself for allowing your card details to escape into the wild. Without that, the unfortunate merchant wouldn't have been defrauded (yes I recognise that with the way the system works, this is pretty much impossible and there are so many compromised cards out there that one more is utterly irrelevant. But it makes more sense from blaming the poor merchant for being defrauded).

0
0
Silver badge
Thumb Down

But I don't think any private company should have the right to ask you to send over such personal documents by email.

Having the right to ask isn't the issue. Choosing to comply is where the problem lies in my opinion.

Anyway just 'cos it's in the T&C doesn't mean it's enforcible. If a term is unreasonable it's null and void. Just tell them to stuff it and take your business elsewhere.

39
0
Silver badge

Not just Apple

I've had this kind of response from standard UK based etailers before. I once ordered a whole bunch of kit from overclockers.co.uk on a Wednesday evening, paid by card, they took payment from my account

Thursday arrives, I'm in work and then the retailer insisted that at that point they could go no further without me emailing me them scans of utility bills or bank statements, because this was an address they had never shipped to before,

I can't do that from work, so they won't ship the goods I've already paid for in time to arrive for the weekend, so I told them where they could stick their request, got a refund and bought everything that evening on the TCR.

17
0
Silver badge

Re: Not just Apple

Indeed.

"'Tell us everything about yourself or we won't sell you our products'"

Sounds fair enough, see ya.

They'll learn, as long as people stand up for themselves that is.

23
0
Anonymous Coward

Unencrypted

Remember folks - email in insecure. They are absolute morons to ask for a full ID-theft package by email. Why not https upload to the main Apple site? Still dodgy, but less so than email.

Also note the asymmetry here - why not ask for the Apple employee's equivalent data in exchange?

20
0
Thumb Down

Exactly !

Everyone and their dog can ask for everything. Everyone and their dog ARE & WILL ask for everything.

Heck, I'm asked on a weekly basis for my yearly revenue by some random people in North Africa, hunting

for people interested in solar panels. I've even been asked for the copy of the judgement for my divorce by the ***hole in charge of my kid's school ! That doesn't mean any of the people got it !

Why people are doing whatever they're asked by phone/email is beyond me. There is some teaching to be done: reflect on what the random guy is asking - determine if they're entitled to - refuse or accept.

Also, as stated above, f*** the T&C that are mandatorily agreed, as you can't do anything before you've agreed. If they are not reasonable, as per law, they're void, as per law again.

2
0
Bronze badge
FAIL

User Fail

Let me get this straight.

She's a regular reader of El Reg, yet she willingly handed over personal documents when asked for them via EMAIL as part of buying a fondleslab of the fruity variety but only thought it suspicious AFTER they were sent?

Me thinks she reads but does not understand.

14
1
Silver badge
Thumb Up

Re: Not just Apple

That shower at Pixmania were also notorious for doing this. Possibly the only occurence of things actually improving after Dixons were involved.

0
0
Anonymous Coward

Anyway just 'cos it's in the T&C doesn't mean it's enforcible. If a term is unreasonable it's null and void. Just tell them to stuff it and take your business elsewhere.

Perfectly agree with the T&C remark, but I'd still buy the goods. I take that decision on the basis of the kit's benefit to me. If I had to modify that due to the behaviour of idiots I'd spend most of my time reviewing my IT needs :).

However, I pity the poor schlob who would get the job of getting ID data off me. I do not take kindly to companies trying to acquire personal information and I have all the resources at my fingertips to make any company abandon that idea rather quickly.

Apple was in this context actually the more moderate of providers so it's disappointing to hear they are abandoning that position. I hope they try this with me, it'd be entertaining to see how they manage the PR fallout afterwards (evil grin).

0
0
zb

Re: Not just Apple

Not just Apple but airbnb too. They just asked me to upload a copy of my driving licence and did not reply when i told them no way.

If too many people just blindly follow instructions like these other companies will copy and they will soon control everything. And so will the people who hack them.

0
0
Silver badge

Re: Not just Apple @Grodon 10

Pixmania tried this on me. They lost a sale and all future sales, which might be drop in the ocean but given enough drops they should learn.

As for Apple's "It's in the T&Cs that they reserve the right to verify blah, blah , blah...", Very simple, I reserve the right to shop elsewhere.

0
0
Silver badge

Haven't they ever heard of ...

Knowledge-based Authentication?

Anyway, I thought notaries only certified documents. Do they also acts as experts on authenticity?

2
0
Bronze badge

Re: Haven't they ever heard of ...

I know several notaries in the USA.

They are little more than minor office staff who have taken a course and got a licence from the state, so that they can say "This document is a copy of the original that I saw." They have some sort of official seal locked in their desk. It's a formalised way of being a witness.

When they see the original document, and put it through the office photocopier, that's a worthwhile legal confirmation. In this case, they might be making a copy for several different files, and don't have an original document, so it sounds dodgy. Their seal and signature hardly means anything.

"notary" can mean very different things in different countries.

I can see a notary's stamp being part of routine office procedure in this area, but the foundation, in this case, is unsound.

0
0

They've been doing this since at least 2006

I remember them asking for some private information they didn't have any reasonable reason to ask for when I ordered a MacBook through the online store. I cancelled the order and went through a reseller instead.

5
0
Bronze badge

Private companies DO do this

Want to rent a flat in London? Letting agencies regularly ask for 3-6 months of bank statements as proof of income. Recruitment agencies also ask for scans of passports. To rent a car using just a debit card (not a credit card), at least one major car rental company asks for not only a driving licence, but also a passport and a proof of address such as a utility bill or a bank statement.

There's nothing particularly unusual in Apple wanting to check the identity of their customers.

9
38
Silver badge
Thumb Down

Re: Private companies DO do this

There's nothing particularly unusual in Apple wanting to check the identity of their customers.

Except that in the other examples there's no change of ownership and you are entering into an ongoing relationship. Those transactions involve trusting that the customer will continue to honour the agreement and/or respect the issuer's property.

When you're buying an iPhone you own it (last I heard). There is no need for ongoing trust between the customer and apple. Or if there is it's trust in the opposite direction eg; Will Apple provide support for me when I want it?

31
1
Silver badge
Gimp

Re: Private companies DO do this

iPad = ~£500

Car = >£5,000

Flat = >£50,000 (OK, a very tiny one, but you get the idea)

So yes, there are occasions where private companies do collect proof of identity. Pubs do it for a pint (<£5), and that's a legal thing (<18). You make your own choice if it's justified to release your personal details.

7
2
Anonymous Coward

Re: Recruitment agencies also ask for scans of passports

... because they need proof you are legally allowed to work in the UK. My employer keeps asking me for the same, but so far I insist on showing them my birth certificate instead (since that is sufficient).

4
1
Silver badge

Re: Recruitment agencies also ask for scans of passports

Given that you might not have a passport, showing an alternative is perfectly reasonable. However, they've got a box to tick on a form that asks for a passport scan and won't be able to sleep in bed at night until it's been properly ticked. It's a hard life being a bureaucrat.

However, a UK birth certificate isn't necessarily proof of citizenship. Unlike some countries, we don't automatically grant citizenship to people who are born here, although the exact rules change form time to time. I know someone who was born to a foreign mother who was not married to the British father and so ended up with the mother's citizenship despite being born in a UK hospital and so getting a British birth certificate.

7
0

Page:

This topic is closed for new posts.