Rogue Employees Sell World Cup Fans' Passport Data 128
An anonymous reader writes "Reports are coming in that the Information Commissioner's Office has started investigating FIFA, the world football governing body, over allegations that details of thousands of World Cup fans' — including their passport data — were accessed by one or more members of staff and then sold on the black market. It is alleged that the details of more than 35,000 English fans — who visited Germany for the 2006 World Cup — had their passport and allied data sold to ticket touts for marketing purposes."
Why would FIFA have this data? (Score:5, Interesting)
Why would FIFA even have passport data at all? At what point to they collect passport data from attendees? What happens if you refuse to show them your passport?
"Passport data"? (Score:2, Interesting)
Why did FIFA have the "passport data" of fans at all?
Re:One more reason just to kill scalpers. (Score:3, Interesting)
This is what happens when companies are too big (Score:1, Interesting)
I've worked for several "big" companies, and this is a common problem:
1. Outsourcing - Has too much access, particularly the Philippines and India are getting access to peoples SSN's, I still wonder why the hell any company outsources their customer service when the only thing they can use to verify the account is a SSN. Good god. These people should only be provided with the customer's first name, and electronic verification only (eg that ASSET TAG number on your PC), not be re-verifying the account. Hell customers should be warned they are speaking with a foreign call center and advised in the pre-call/hold message not to share personal information. Banks continue to be stupid about it.
2. Internal security is all an act - Sure your email might be monitored, but there isn't 1 supervisor for every 1 staff member. As with the story here, nearly all employees have too much access to sensitive information, and ---have the time to steal it---, if your staff is not on call/interacting with that customer, they should not have access to any customer information. If I really wanted to call the president of the US, all I had to do is type his name in, and then, write, yes with a pencil, it down on paper, and stick it my pocket. Yes I may get fired tomorrow if someone was watching, but nobody watches. Bored staff become curious staff, and curious staff who feel anger at someone may strike back.
3. "smart" employees may be your best defence, or you largest liability, it depends how you treat them. I've seen more staff who were capable of covertly stealing information, should they want to, also tell managers about it and managers shrug it off. God, this one supervisor at one place I worked (who was absent 30% of the time) couldn't understand even the most basic security problems. Staff start sharing passwords because of incompetency or too much complexity in the password system. One call center had me memorize 11 unique logins and passwords, some of the systems permitted or prevented certain combinations or reuse. Another only had 2 logins (one for the PC, one for the CRM) Can you guess which system got abused? The more complex one did. All it would have taken to lock out every employee out of that system is one simple VBscript to enter every employee name (first letter+last name) and the default password. What's worse at there was a metrics program designed to use this security flaw that would have stopped working.
Re:One more reason just to kill scalpers. (Score:2, Interesting)
Re:One more reason just to kill scalpers. (Score:3, Interesting)
Another factor is the sold-out cred. The optimum price (defined purely economically) will tend to leave a few unsold seats. There is a lot of cred in the entertainment world to selling out an event. Not selling out is seen as a sign of flagging popularity.
Re:Current security is inadequate (Score:3, Interesting)
Security in the real world is seldom an absolute.
While you're absolutely correct that there's room for improvement, there will always be fraud. The bad guys aren't going to jack it in and take a respectable job just because you've made their life a little harder. Developing a layer to reduce that fraud costs a lot of money - it's easy to devise a theoretical solution, it's rather harder to ensure it'll work reliably with the millions of card users worldwide without significantly impacting on legitimate transactions. It's not something you can throw together in a week or so.
And when you've finished you'll have reduced one sort of fraud, which may well have an impact on others - the bad guys aren't going to retire simply because you've made their job harder.
So, questions have to be asked. Questions like "How much does this sort of fraud cost?" and "Are there cheaper ways of achieving the same end?". Given that fraud costs a lot of money, I guarantee you these exact questions are being asked.
Re:One more reason just to kill scalpers. (Score:1, Interesting)
Well, it depends: If you want only your richest fans to attend, yes. But sometimes there are sectors of fans who can only afford the lowest prices, and so tickets are priced accordingly. Yes, yes, it's not perfect capitalism, but it sometimes makes more sense to sell the $5 ticket to a kid who's going to come every week to the great games and the minor games, than the $100 ticket to someone who isn't all that interested in the team but wants just to see the one spectacle. Cheap tickets to major events can generate new long term fans.
Now, sometimes you do this by enforcing certain requirements, such as student ID, senior citizen's card etc etc. But how do you make someone prove that they're poor? (OK, jokes aside, I know there will be some really funny cracks at that). Or should watching the national sports team compete be restricted to those rich enough to afford high prices? That's a sure-fire way to kill the grass-roots of your sport.
Not everything should be done just to maximize your profit. Occasionally there's a benefit other than monetary to be gained from things, and scalpers ruin this.