Apple asked me for my BANK statements, says outraged reader Apple is believed to have asked some online shoppers to hand over copies of their driving licence, passport and bank statements to verify their identity. A concerned Reg reader alerted us to Apple's data-slurp requests after she received one herself - and was told by her bank that they had never heard of private companies …
Given that you might not have a passport, showing an alternative is perfectly reasonable. However, they've got a box to tick on a form that asks for a passport scan and won't be able to sleep in bed at night until it's been properly ticked. It's a hard life being a bureaucrat.
However, a UK birth certificate isn't necessarily proof of citizenship. Unlike some countries, we don't automatically grant citizenship to people who are born here, although the exact rules change form time to time. I know someone who was born to a foreign mother who was not married to the British father and so ended up with the mother's citizenship despite being born in a UK hospital and so getting a British birth certificate.
Actually we did confer british citizenship upon those born in this country until about some point in 83/84
After that date you only got british citizenship conferred upon you if both of your parents were british, it which case you got your citizenship rubberstamped. Otherwise you had to apply for it
So there are quite a few people of working age, who may not have a passport, but do have a birth certificate and who had citizenship automatically granted up on them.
I know someone who was born to a foreign mother who was not married to the British father and so ended up with the mother's citizenship despite being born in a UK hospital and so getting a British birth certificate
Meanwhile my younger son was born while I was on a 3 year placement in the US so he has a US birth certificate (large A4 certificate with Calif state emblem and lots of fancy script etc to put my older son's UK "short form" birth certificate to shame!) + then a 2nd certificate from the UK Embassy to confirm he was registered there along with details of myselff, my wife and both our parents along with references to the relevant sections of the UK Nationality Act which gives my son UK citizenship! And, as he was "born in the USA" he is also an American citizen (and as a result probably required to file US tax returns when he turns 18!)
large A4 certificate with Calif state emblem and lots of fancy script etc to put my older son's UK "short form" birth certificate to shame!
Actually, a US State is much more likely to issue Extracts from Vital Records (birth certificates, marriage licenses, death certificates, etc) on US standard "letter" paper (8.5" x 11" = 216mm x 279mm) than on the ISO standard A4 (210 mm × 297 mm)
*end pedantry*
*at least for now*
RE: "UK birth certificate isn't necessarily proof of citizenship"
That's right, I have friends who are married where one is American and the other an EU citizen, their children were all born here in UK — and thus have British birth certificates — and grown up and gone to school here but they cannot get British passports.
So the kids have got dual citizenships of their parents homelands, but they always think it's a bit weird (you'd think they were British if you talked to them).
"but so far I insist on showing them my birth certificate instead (since that is sufficient)."
Birth certificates are not identity documents. Given enough information about you anyone can obtain a copy - and that is the first step for anyone who is in the business of identity fraud.
The fact that birth certificates are used as the basis for a lot of identity documentation shows how much of what you trust is really a house of cards.
We may not like it but landlords, car hire companies are entrusting items worth many thousands £/$ to you and have better reason to demand ID than a mere retailer of electronic trinkets.
It's also a question of what they do with the information -- IT companies have the means and motivation to abuse that information.
"We may not like it but landlords, car hire companies are entrusting items worth many thousands £/$ to you and have better reason to demand ID than a mere retailer of electronic trinkets.
It's also a question of what they do with the information -- IT companies have the means and motivation to abuse that information."
Sure but car hire companies could drive your information around towns very fast without you even realizing it.
The real problem here is that a consumer was sent something that looked like a phishing email that then directed them to transfer highly sensitive personal data over an insecure channel. Apple was engaging in something that looks like a scam. They are encouraging people to lower their resistance to some very dangerous data practices.
Landlords and and car rental shops usually ask for these things on paper and/or face to face.
Plus there's the whole CAR or HOUSE versus a cheap gadget thing...
Being put through the wringer makes a bit more sense when $250K or $500K could be on the line.
If I apply for a job, my employer needs to know I'm eligible to work in the UK. A passport is pretty good at demonstrating that. Do Apple need to I'm a UK citizen before they'll sell me an iPad? No.
Should Tesco ask me if my papers are in order before they'll sell be some bananas?
Wow thats a lot of downvotes just to say its not just Apple, most American companies I have used from the UK require a copy of my Passport. This is mainly for renting dedicated servers, but many EU companies also do this.
I hate Apple but as Buzz has said its nothing new or out of the ordinary.
I've had a similar request from Crucial (you know, Micron's sales arm) when buying some memory from them for the first time. Come to think of it, Dell did that too the first time I tried to get something from their online store...
No big deal, I just gave them a photo of my driving license, since the driving license holds absolutely no verification value in this country where the Identity card is considered the official proof documentation.
I too have one of the old A4-sheet driving licences. It's lived in my wallet since 1999, so it's in a pretty ragged state. I ought to charge wear and tear to anyone who asks to see it without good reason. My objective is to avoid the cost / time / hassle of getting a plastic one for as long as possible.
"It's lived in my wallet since 1999"
"My objective is to avoid the cost / time / hassle of getting a plastic one for as long as possible."
The photo needs to be renewed every ten years so your drivers license is invalid and if you get caught using it you'll get a £1000 fine.
"I wonder what they'd make of my driving licence, given that it's an old non-photo one"
Gees no wonder we have crap with ID cards and national identity registers when we have thinking like this.....
Do you think Dell or Apple are going send someone round to your house to look at you before shipping a laptop or whatever?
I once had to send a copy of my pay slip (front over only - I'd have told them to do one if they asked for the inside) to prove I worked in an education for one of their hundreds of pounds discounts, which I could live with.
The next time I bought something, a couple of years ago, I went through the online HE store using work internet which is hard to get on without being at an approved institution - a stock spec MBP arrived days later without need of further documentation.
My wife was ordering a dozen charms online from Thomas Sabo, and they decided that they wanted scans of bank statements, passport etc. When my wife kicked up a stink & said that they had delivered to her before, using the same payment method and delivery address, they relented and sent out the order...
Any company sending out untraceable goods need to be extra cautious against potential fraud, as the card company WILL put a chargeback on them and they will be the ones that lose out, not the end customer, and certainly not the bank. I think the banks need to put some additional measures in place so that the company contacts the bank for proof of address or whatever, and if the bank decide that the address doesn't match, it is the bank that contacts the customer for any proofs. Then and only then does the bank release the funds to the vendor, who sends out the goods.
That won't happen though, because the BUNCH OF BANKERS that run the banks wouldn't make as much money!
Purchases of assets in a single transaction or linked transactions totally over €15,000 trigger anti-money laundering rules (as you can launder your dirty cash through buying up shiny things and then selling them on eBay etc). Once that happens, you have to check up on who the customer is.
I suspect that someone at apple (and your charm company) has overreacted to the theoretical risk that someone might buy an iPhone every day for a month without the company noticing and decided to go overboard and check *everyone*.
Sadly, whoever has made this decision has calculated that they'll suffer less for inconveniencing everyone and grabbing their personal data unnecessarily than they will in the unlikely event they get done for failing to prevent money laundering.
Then you're like me, and won't be buying that way. I can't anyway … no credit card either. I have a 18+ proof-of-age card, that's it. My bank account relies on a passbook.
My one and only Apple device, a 2008-model MacBook, was bought second hand. So I had none of this nonsense.
As for handing this sort of identity information out … I do hope for consumers' sake they provide the individuals with a GPG or S/MIME key to encrypt it with. I'll bet they don't though!
Apple's EU sales are run out of Cork in Ireland, so registration would be with the Irish Data Protection Commissioner. Link: http://www.dataprotection.ie/ViewDoc.asp?fn=%2Fdocuments%2Frights%2FRightsHome%2Ehtm&CatID=2&m=r
Sounds like a misapplied process. The transaction value in this story is far too low for this kind of verification to be required, unless the card company thought it was a "suspicious" transaction.
Actually, I just tried to buy a laptop (not from Apple) this morning and had the same thing happen to me... phone call to VISA, and was told there was no reason except that it was unusual activity -- surely if I was buying laptops regularly it would be more unusual...
just who the hell do companies like Apple think they are?
Many statements can easily be word processed, especially when pumped out by an on-line banking system. Many people don't have passports and yet more don't have driving licences.
This is yet another form of discrimination targetting well defined areas of the population.
Besides, 'supporting documentation' is easy to manufacture/forge.
CAUTION: Western Union AND Moneygram DEMAND TWO PICTURE IDs in every country they cash out in! (Even when all your documents have been stolen)
Many statements can easily be word processed, especially when pumped out by an on-line banking system.
Which is why you read reports of people complaining that someone is asking to see a bank statement as proof of id and not accepting an online banking printout but requiring an "original" from the bank which then turns out to cost £10+ for people with "online-only" accounts.
In the same situation I would have emailed my documents - the important part of the email is that the email is being sent to *THE* apple domain and not just any address that has apple in it, Thus I could be 100% certain that at the very least - the email was going to *someone* at Apple.
> certain that at the very least - the email was going to *someone* at Apple.
Well, you can be certain that one of the recipients is someone at Apple. Since email is generally not encrypted or secured against any form of interception or copying, your ID details could have been intercepted by anyone at any of the ISPs it crossed, not to mention anyone the anonymous Apple employee forwarded it to, deliberately or accidentally.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
