Rogue Employees Sell World Cup Fans' Passport Data 128
An anonymous reader writes "Reports are coming in that the Information Commissioner's Office has started investigating FIFA, the world football governing body, over allegations that details of thousands of World Cup fans' — including their passport data — were accessed by one or more members of staff and then sold on the black market. It is alleged that the details of more than 35,000 English fans — who visited Germany for the 2006 World Cup — had their passport and allied data sold to ticket touts for marketing purposes."
One more reason just to kill scalpers. (Score:2)
It is alleged that the details of more than 35,000 English fans -- who visited Germany for the 2006 World Cup -- had their passport and allied data sold to ticket touts for marketing purposes."
No wonder, they're scalpers.
Re:One more reason just to kill scalpers. (Score:5, Insightful)
Re: (Score:1, Redundant)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
I'm curious if scalpers sell more or less tickets than the original vendors would have sold had they used the scalper's prices to begin with.
The question is, do the scalpers inflate the prices artificially by monopolizing the supply?
Re: (Score:3, Interesting)
Another factor is the sold-out cred. The optimum price (defined purely economically) will tend to leave a few unsold seats. There is a lot of cred in the entertainment world to selling out an event. Not selling out is seen as a sign of flagging popularity.
in baseball... (Score:2)
The Boston Red Sox make a point of making their ticket prices a bit low, so that they get credit for a sell-out as the scalpers pick them up; this also moves unsold-ticket risk form the owners to the scalpers.
Figures; I got the tix for the 2 games I went to off StubHub.
Several dozen games in the same place might be different from concerts spread out over the country/continent/world (with 1, maybe 2 or 3, stops per city), I don't know.
Re: (Score:2)
Somehow, I doubt the Sox would have much trouble selling out Fenway even without the scalpers. It's not that big a park for such a popular team.
In fact, they'd look even better without scalpers since with them, not every "sold" ticket means a filled seat. Without scalpers, it would. Not that I see a whole lot of empty seats anyway.
Re: (Score:2)
I believe I read about this in dead-tree form, so I don't have a link handy.
Maybe it's a *slight* discount essentially offered to the scalpers to work according to the mechanism described.
Yeah, Fenway at a shade under 40K is one of the smallest parks in major league baseball.
Indeed, I saw very few empty seats when I was there on July 3 and 4. (I got in on a cheaper standing room only ticket each day; I found an empty seat in the upper grandstand rows. Both times, it was filled by someone several innings lat
Re: (Score:2, Insightful)
What you're suggesting is a little bit like buying up all the oil quickly, then gouging the hell out of it when the people without the means to get
Re: (Score:2)
Actually, there are limits. The scalpers often go to extremes in order to snap up huge quantities of tickets in lots of 10.
Re: (Score:2)
I'm sure that if you know someone in the inside those limits can be bypassed.
Re: (Score:2)
Probably, but mostly they just initiate many many sessions and buy 10 tickets each. They do it a bit like the high frequency traders do on Wall street.
Re: (Score:2)
Don't start me off, or I'll mention that ticketbastard [wikipedia.org] are just legalized, certified and officially authorized scalpers.
If you reply to this post, I'll charge you 28 million dollars response processing fee, 15 million dollars credit card processing fee (unless you don't pay by credit card, in which case I'll charge you 98 trillion dollars for something else).
And if you don't reply, I'll charge you 17 million dollars unresponsivitynesstude surcharge. And if you complain about that ... see above.
Re: (Score:2)
Perhaps the ticket sellers could do more...although I'd imagine the only thing that would be likely to work is to require that all tickets have a name associated with them at time of sale, and that only the named party is able to use them. Barring that...it's a distributed attack. The scalpers can get thousands of people to buy tickets on their behalf for a small payout, and then they can take ownership of those tickets and resell them at a high premium. How are the ticket sellers suppose to know that Bo
Re: (Score:3, Insightful)
The argument is that scalpers monopolize the ticket supply, which is like oil sheiks selling the oil at inflated prices. Your response is that because one product is necessary and the other isn't the entire comparison is absolutely insane.
So, I'll start the argument again. I assert that ticket scalpers monop
Re: (Score:2)
The parent poster wasn't going off on a tangent, he was simply stating that monopolizing o
Re: (Score:3, Insightful)
Re: (Score:2)
Well, you can certainly choose to feel otherwise, but if the provider of the entertainment I want to attend wants to sell the tickets to their event at a price which I am able to pay, and some douche does an end run around the provider's restrictions to monopolize the supply and then sells those same tickets for a price I'm not able to justify paying...I get a little ticked by that. If a band/team/whatever else wants to give their fans an equal shot at being able to attend their event, they should be able
Re: (Score:1)
considering i just paid a hundred bucks for a framed last peanuts comic i think i have to say. stupid people will pay money for anything.
Fixed that for you.
Re: (Score:2, Interesting)
Re:One more reason just to kill scalpers. (Score:4, Insightful)
It's because nobody likes leaches that jump in the middle of a transaction and grab money from both sides. Such people contribute nothing and so should gain nothing.
If the tickets were an unlimited resource, few would care, but more typically the scalpers descent and snap up all of the tickets leaving people no choice if they want to see the event.
The original seller may well have an interest in the affordability of the event. For example, it's strongly in their best interest to not have fans give up on getting tickets ever again and lose interest.
Re: (Score:2)
but more typically the scalpers descent and snap up all of the tickets leaving people no choice if they want to see the event.
The problem is that a) there is a big difference in the ticket prices and their perceived value, especially the "last ones", and b) they can buy enough tickets to cause a problem. Scalpers merely buy low, and sell high.
Last time I heard, the entire world economy was based on that idea. Why does nobody object to the stock market?
Re: (Score:1)
Re: (Score:1, Insightful)
Scalpers will hawk events and pounce when tickets go on sale and buy MANY tickets. If you want to see the event and are at work, you won't have time to sit and refresh the screen over and over just to get two tickets. Scalpers have automated the buying and can pretty much buy the entire arena if they want. The "buy low and sell high" isn't all that is happening. It should be "buy fast and sell high". I've heard of a couple of events where scalpers bought more tickets than people who want to go see the
Re: (Score:3, Insightful)
You haven't been paying attention. PLENTY of people object to one or more aspects of the stock market. Some object to the entire class of people who inhabit it.
Re: (Score:2)
No, we recently heard that as an excuse for people in power to bail out their friends at everyone else's expense. That and in the finance world, we have turned the whole thing over to 'scalpers'.
Re: (Score:1, Interesting)
Well, it depends: If you want only your richest fans to attend, yes. But sometimes there are sectors of fans who can only afford the lowest prices, and so tickets are priced accordingly. Yes, yes, it's not perfect capitalism, but it sometimes makes more sense to sell the $5 ticket to a kid who's going to come every week to the great games and the minor games, than the $100 ticket to someone who isn't all that interested in the team but wants just to see the one spectacle. Cheap tickets to major events can g
Re: (Score:2)
This will anger a lot of American people, but the free market has been known to do things that are bad.
Make the punishment fit the crime (Score:5, Funny)
When they catch the people who did this, they should be forced to listen to those vuvuzelas at high volume until their ears bleed. That'll teach 'em.
Re:Make the punishment fit the crime (Score:5, Insightful)
On a serious note, if it's the second scenario supposed in TFA.... Keeping that sort of personal data for that long without any proper use for it shows either a heavy degree of incompetence or a desire to use it for their own promotions and that they are sour that "rogue" employees beat them to selling the information.
Re: (Score:2)
Re: (Score:2)
Passport would make for a form of ID even if other forms (drivers license, whatever) would also be accepted.
Maybe it's a way to 'encourage' fans to take care of that rather important preparation for going overseas to the event.
Re: (Score:2, Funny)
Probably to ensure that known violent football hooligans do not get tickets? I seem to recall reading some time ago that some of these violent hooligans were flat out banned from traveling to, let alone attending football games because their primary intent is to get drunk and brawl with rivals. And by brawl I don't mean a couple of drunks engaging in fisticuffs but mass fighting on a scale that we in the U.S. would call a riot.
That's b/c if any fight gets larger than a few people here in the U.S. a gun will almost always become involved.
Re: (Score:2)
You almost sound proud of that fact.
Re: (Score:1)
Re: (Score:2)
I'm sure some of these thugs are perfectly sober when they get up to their violence. Also it's for the police to keep them traveling.
Re: (Score:2)
It's more likely the former probably in terms of "We never thought about getting rid of the data we collected". Along with "We never considered making sure we only collected the minimum data we actually needed or the maximum period of time each datum needed
FUD...? (Score:2)
Fear!
Uncertainty!
Doubt!
While I think the media does all they can to sensationalize ev
Re: (Score:2, Funny)
Hippocrates much
Re: (Score:1)
M. D.
Medical Doctor.
Hippocratic oath.
You're the idiot.
Re: (Score:2)
Re: (Score:1)
i am not with you... there is no "we"... you're an idiot.
can't fight your own battles without fictionalizing a group that agrees with you?
you are pathetic.
Re: (Score:1)
Re: (Score:1)
you are NOTHING
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Why would FIFA have this data? (Score:5, Interesting)
Why would FIFA even have passport data at all? At what point to they collect passport data from attendees? What happens if you refuse to show them your passport?
Re:Why would FIFA have this data? (Score:5, Informative)
Re: (Score:2, Insightful)
According to the article they have a lot more than just passport data on fans, and it isn't just hooligans, its EVERYBODY!
Too bad this seems to be so normal that the article and most people on Slashdot seem to be taking this collection of data as NORMAL!
It's bizarre. If I ever go to a sports game and somebody asks me for my passport, d
Re: (Score:3, Insightful)
The data of those who are not banned need not be collected. But alas, it was.
Re: (Score:2)
Re: (Score:3, Insightful)
The data was collected because there was no other way to identify the hooligans.
No, the GP's right. You could enforce it just as easily by keeping a blacklist of names and passport numbers and simply use it as a comparison - without actually storing the number you're checking.
Re: (Score:2)
Even better: a blacklist of hashed names and passport numbers.
Haven't they heard of shadowed information ?
Re: (Score:2)
Absolutely! And it certainly doesn't need to be collected by private organizations either. If a hooligan commits a criminal offense, his data should be collected by the local police.
If a permanent ban from sports is needed, that information should be sent back to the authorities in the perpetrators home country according to international agreement.
For later matches, border control in the hosting country could then request a blacklist from each participating country.
Re: (Score:1)
"Passport data"? (Score:2, Interesting)
Why did FIFA have the "passport data" of fans at all?
Re: (Score:1)
Re: (Score:2)
What's that got to do with passport data?
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
> The name on the ticket must match the passport.
No need for them to record any "passport data". You show your passort when you pick up your ticket. Either the names match or they don't.
LOL parent marked insightful... (Score:2)
When did /. turned far right?
soccer bashing - come on now. (Score:2)
they could just as easily bash your preferred forms of entertainment. Just as valid - or just as invalid.
How Dare They! (Score:2)
It is alleged that the details of more than 35,000 English fans -- who visited Germany for the 2006 World Cup -- had their passport and allied data sold to ticket touts for marketing purposes.
How dare they do this without being a corporation! Now I'm going to go use my Mastercard on Amazon, have essentially the same thing happen, twice, and nobody will say a word.
Admittedly, the passport data angle is a new twist, but the advertising companies that bought the data don't actually care about the passport numb
Re: (Score:2)
Your credit card details can be changed in a flash at zero cost and relatively little hassle. It would be obvious very quickly if they were being abused and it's unlikely that a credit card on its own could be used as ID to take out other lines of credit.
Further, there's a mechanism to establish whether or not a card is valid built right into the entire system. How many merchants are still using those old-fashioned card swipers which don't connect to the bank? I think I've seen two in the last ten years.
Re: (Score:2)
are you talking about the imprinter? (big thing where you lay the card down put a credit slip on top and make it go THUNK to prove you had the actual plate during the transaction) Just about everybody taking credit cards should either have one of those or know one of about a dozen ways to do the same thing.
Re: (Score:2)
Even for website merchants, they often have an imprinter and pads as backup. Hell, I've got imprinter pads (thanks Amex) despite having no actual terminal at all.
Re: (Score:2)
FIFA is a type of corporation.
Have you considered the possibility that that just might have something to do with the fact that you know that this evil thing you are concerned about will happen when you use your Mastercard on Amazon but intend to do it anyway?
They must have a good alignment (Score:1)
The Guardian covered this last week (Score:4, Informative)
This is what happens when companies are too big (Score:1, Interesting)
I've worked for several "big" companies, and this is a common problem:
1. Outsourcing - Has too much access, particularly the Philippines and India are getting access to peoples SSN's, I still wonder why the hell any company outsources their customer service when the only thing they can use to verify the account is a SSN. Good god. These people should only be provided with the customer's first name, and electronic verification only (eg that ASSET TAG number on your PC), not be re-verifying the account. Hell
No Primary Key (Score:4, Informative)
- My name (for common names, no big deal)
- My birthday (kinda private, but I give i
- My gender
- My birthplace
- Where I got my passport (issuing authority)
- Date validity (when I got it and when it expires)
That's it.
My name is not exactly a secret (I give it to total strangers all the time). Plus, it's a common one in the US, so (obviously) a lot of people have it.
My birthday is kind of personal, but there very little someone could do with it without having more data.
My gender is easily guessable once you know my first name.
My birthplace lists only the country, and not the city. Useless.
My issuing authority is even less specific: 'US Department of State'.
Date validity is also useless.
It's not as if my passport lists my SSN, home address, credit history, or anything else that can be used to steal my money or identity. Perhaps they have a lot more personal info in other countries' passports, but not in mine.
Re: (Score:1)
Re: (Score:2)
http://en.wikipedia.org/wiki/British_passport#physical_appearance [wikipedia.org]
TFA talks about English fans; the info in that passport seems to be similar to your list.
Re: (Score:3, Informative)
It'll also have a passport number, which means there's quite enough on there to produce a fake passport. It may or may not pass muster at international borders, but it'd almost certainly be adequate ID at a bank.
Clue: Anyone who wants to purchase 30,000 valid passport details almost certainly has the resources to get their hands on genuine blank passports from the country of their choice and print them appropriately. The only clue that the passport they produce would be fake would be the photograph, and
Re: (Score:2)
Re: (Score:2)
Which is why I said that anyone who wants to buy 30,000 sets of passport details almost certainly has the resources to deal with issues like that.
Even if it is an issue, it's only a problem in certain circumstances - maybe if you're entering a country with well-trained, smart customs officials who know most countries' passports inside out and can smell a rat at 100 paces. Put it this way, I wouldn't try to enter Israel on a fake passport.
Re: (Score:2)
Re: (Score:2)
All this is in your birth registration, which is public.
With the passport number, it's enough to produce a fake passport. In many places a pass
Re: (Score:2)
How exactly would they get my birth registration? Would they send a request form (and required fee) to every municipality in the my country asking for a copy? Without my birth city, it's really hard to get a copy of that in the US.
I don't think so. In addition to my passport number, the forger would also have to know my signature (which is not stored when the RFID is read), and once they knew it,
Re: (Score:2)
Re: (Score:1)
Well, several things wrong with it.
1) That is enough information for someone already possessed of the necessary technology to clone a copy of your passport, which could be used to do all sorts of things that would eventually be traced to you.
2) That information would be of great assistance to someone wanting to uncover more information about you, either mechanically (which researchers showed in 2009 SSNs can be reliably derived from your birth date and birth place) or as leverage to acquire other informatio
Current security is inadequate (Score:2)
For security, credit cards rely upon... nobody who has ever run your credit card being hacked. For security passports rely upon... nobody who has ever recorded your passport being hacked. This is just not secure! By design, this system can *never* adequately secure people's information, because information alone is not secure enough for a transaction.
Options:
Credit cards pass through a Visa or MC controlled layer. Visa or MC then authorize a new single-merchant / single client code combination, which wi
Re: (Score:2)
A 2nd piece of information that by agreement can never be stored, but can be used to permanently authorize a particular merchant. For example, the first time you purchased something from Amazon.com, you'd be required to enter your visa password through a visa-controlled interface. Afterwards, Amazon would be allowed to utilize your credit card. This would include recurring billing.
doesnt this already exist in the form of VbV and secure3d??
except in that case you have to enter it for each transaction, and it is used only for Indian sites, foreign sites do not ask for the password.
Re: (Score:3, Interesting)
Security in the real world is seldom an absolute.
While you're absolutely correct that there's room for improvement, there will always be fraud. The bad guys aren't going to jack it in and take a respectable job just because you've made their life a little harder. Developing a layer to reduce that fraud costs a lot of money - it's easy to devise a theoretical solution, it's rather harder to ensure it'll work reliably with the millions of card users worldwide without significantly impacting on legitimate t
Re: (Score:2)
I have been cardjacked recently, my fiancee has been card jacked, and most of our friends have had some degree of card fraud. Anecdotally at least, the problem seems endemic.
And while I agree that security levels cost money and require expensive changes, the security of credit cards was setup to be adequate for single-occurrence swiped transactions. For any sort of stored-on-server permanence, current credit card security is a 1960's solution to a problem that started in 2000. The security of the entire
Re: (Score:2)
This is exactly why Chip & PIN was rolled out in Europe. The traditional small swipe machines that read and store the magnetic strip become effectively useless.
Re: (Score:2)
A 2nd piece of information that by agreement can never be stored, but can be used to permanently authorize a particular merchant. For example, the first time you purchased something from Amazon.com, you'd be required to enter your visa password through a visa-controlled interface. Afterwards, Amazon would be allowed to utilize your credit card. This would include recurring billing.
So, 3DSecure then?
Security of employees (Score:2)
In this case, one of the staff members is selling the data off. Really, what's to stop this from occurring in government offices, or anything else? If price-to-gain > possible repercussions, then there is a chance staff will do something like this.
Working as a contractor, I have (many times) had access to very sensitive data. It's interesting how lax companies are with this stuff, and especially the government.. I think this story is just going to repeat again and again for governments, companies, etc (l
Why is your passport # needed to buy a ticket? (Score:2)
Why is your passport # needed to buy a ticket?
Re: (Score:3, Informative)
Hmmm (Score:2)
Scalping itself... (Score:2)
Okay, I understand that the data breach is the main point of TFA.
However, the rational economist in me finds it hard to get angry about scalping itself.
Either the lowered initial ticket prices are irrational, or rational in some non-obvious/non-direct manner.
Re: (Score:2)
"Never mention the war"