dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1
share rss forum feed


RizzleQ
Cunningham's Law Enthusiast

join:2006-01-12
Windsor, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to roadkill401

Re: [TekTalk] what a group of idiots

Wow, dude, you need you chillax about the HIGH security protocols TekSavvy employs before your account can be accessed or modified. Someone gaining access to your Internet and/or Phone provider is a BIG deal.

A LOT of people can know your name, phone number, and postal address which is why they insist on asking for a combination of information beyond that, which is extremely likely that only YOU will know. They simply ask for the last 4 digits of your CC # and not the whole thing and they ask for your email address because it can be any completely random email address that you only supplied to them when you signed up for the service, therefore, it can be difficult for other people to guess it.


Pir8pete

join:2003-09-05
Ottawa, ON
said by RizzleQ:

Wow, dude, you need you chillax about the HIGH security protocols TekSavvy employs before your account can be accessed or modified. Someone gaining access to your Internet and/or Phone provider is a BIG deal.

A LOT of people can know your name, phone number, and postal address which is why they insist on asking for a combination of information beyond that, which is extremely likely that only YOU will know. They simply ask for the last 4 digits of your CC # and not the whole thing and they ask for your email address because it can be any completely random email address that you only supplied to them when you signed up for the service, therefore, it can be difficult for other people to guess it.

they don't need to be asking for cc numbers period, thats why I never give mine in the first place ;P
--
:Firmware upgrade Team:
mlord See Profile (Ottawa) - DCM475 & DCM476
Pir8pete See Profile (Ottawa) - SB6120, SB6121, SB6141 & SBG6580
Teddy Boom See Profile (GTA) - DCM475, DCM476, SB6120, SB6121, SB6141, SBG6580
zinc See Profile (Waterloo/Kitchener) - DCM475 & DCM476


RizzleQ
Cunningham's Law Enthusiast

join:2006-01-12
Windsor, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
said by Pir8pete:

they don't need to be asking for cc numbers period, thats why I never give mine in the first place ;P

If your payment method isn't a credit card, then they will never ask you anything about credit cards as part of verification.


jaysona

join:2000-03-22
Toronto, ON
kudos:1
Reviews:
·ELECTRONICBOX
·TekSavvy DSL

1 edit
reply to RizzleQ
said by RizzleQ:

Wow, dude, you need you chillax about the HIGH security protocols TekSavvy employs before your account can be accessed or modified. Someone gaining access to your Internet and/or Phone provider is a BIG deal.

Well, actually it's more optics than actually a *HIGH* security protocol. As stated by yourself, many unauthorized people potentially have access to the information used as part of the validation, even the credit card number is not secure, I just need to raid your garbage can or mail box to figure that part out. True, less and less people get paper statements, but the point is still valid and extremely effective.

Smoke & mirrors security theatre aside, so far the only question I have been asked by TSI that;

- could be difficult to guess
- could be difficult to find or somehow come across via unconventional means

is the e-mail address used for billing.

Personally, I think CID, e-mail addy and secret phrase/word are enough to validate/authenticate the caller. Anything more is pure optics and adds little to no meaningful security value.

xdrag

join:2005-02-18
North York, ON

said by jaysona See Profile
Personally, I think CID, e-mail addy and secret phrase/word are enough to validate/authenticate the caller. Anything more is pure optics and adds little to no meaningful security value.



Also, if someone REALLY wanted to impersonate someone. It's already been done. All the research and information would be already in hand. None of these CSRs can tell.

And, they would not call into technical support. They want to avoid detection.

IMO, the point of "security" questions for internet/cable/wireless is just to make sure they linking the "right account" to the "right person".

i.e. not cancel "john doe" internet for another "john doe".