Sunday, February 18, 2007

Amex isn't exactly helping...

Speaking of phishing, while I was off attending the RSA Security Conference, American Express called and left a message on our home phone asking me to call them about some charges on my account. They added that this was not a sales call -- they weren't trying to sell me anything.

So, I pulled out my handy AmEx card and called the number on the back of the card. After wading through the "we want our computer to talk to you" menus and finally getting to a person, the customer service agent, who was very nice, was unable to tell me why they called and said everything looked alright, so the problem must have been fixed.

Later that week, I received another call from them. This time they left an 800 number that they wanted me to call and again were clear about this not being a sales call (not sure what they expect me to interpret that as since most sales guys would say the same). Of course, following good guidelines for identity theft prevention I would not call a number left on my answering machine, so I again called the number on my card.

Again, they had no clue why I was calling and told me I should call the number that was left on the message. I told them that I wouldn't call a number left on my answering machine. They asked for the number and after about 5 mins on hold, they connected me through the people who were calling and leaving messages. Apparently it's a different branch of Amex that looks at strange merchant transactions vs strange member transactions.

I pointed out that there was a problem with their system and that I wouldn't call a number left on an answering machine, but they said it would be ok... I don't understand that and I questioned them saying that if I called them they would ask me for information that identifies myself and that's exactly what a phisher would want... "Oh we wouldn't do that"...

Clearly they need to fix this as this is the exact behavior that leads to consumers having the identity stolen. At the minimum, I should be able to call the number on my card to resolve any problems/queries they might have.

Tags : / / /

1 comment:

Safe Cruise Blog said...

Are the Privacy and Security of Millions of American Cruise Vacation Customers at Risk?

What kind of security procedures and privacy rights exist for customers concerning the vast amount of personal data gathered and catalogued by the cruise line and other travel companies. They not only have our Social Security numbers, credit card numbers, phone and address info but they have our spending, eating, gambling, and shopping habits as well as medical information they ask for or obtain during incidents. They also have names and phone numbers of our relatives and friends used for emergency contacts. Most worrisome of all is all of the photos and videos they have of us from the ship and sail cards and surveillance videos. Can those images be converted to face scans? Evidently they can according to this New York Times article: February 17, 2007 By ADAM LIPTAK