Council demanded payment card details via email

Latest news

    Cars parked in roadImage copyright Getty Images
    Image caption Residents were told they had to email in the payment form to apply for a parking bay suspension

    A London council’s data protection efforts are under review after it told residents to email in their payment card details for parking bay suspensions via a Word document.

    Islington Council had required residents to share the security code from the rear of their cards, as well as their address, among other details.

    One security expert said this appeared to be a breach of the payment card industry’s security rules.

    The system has now been suspended.

    “We have begun an internal investigation into the process of applying for and paying for parking bay suspensions,” a spokeswoman for the local authority told the BBC.

    “In the short term, we have removed that form from our website.”

    Image caption Payment processors are not supposed to store credit and debit card security numbers

    The Local Government Association said it was not currently aware of any other incidents like this.

    ‘Insecure method’

    The matter came to light after one resident contacted the council in order to secure a spot outside his home for a furniture-moving service.

    “I was really surprised that they were collecting credit card details over email, because email isn’t secure,” said Dafydd Vaughan, who works for a technology consultancy.

    “If something happened and the details were leaked, they could be used by other people, and the bank would hold me responsible for sending my details in an insecure way.

    “I asked the council if I could pay online or over the phone, but was told that email was the only option.”

    One cyber-security expert said that Islington Council appeared to have violated a requirement that payment cards’ security codes never be stored by third-parties.

    Scott Helme added that there were also several other ways to transmit the other payment information more securely.

    “I hope the council will take steps to ensure they properly erase any historic data they have collected in this fashion and notify those involved of any risk they may face,” he said.

    “We need to know how many staff had access to these emails, could copies have been made, were they properly erased after use, or are they still stored.

    “It will be interesting to see what steps will be taken to prevent incidents like this in the future given this seems to be the only way that constituents had to access and pay for this service.”

    Image copyright PA
    Image caption Islington Council says it is carrying out an internal investigation

    The Payment Cards Industry (PCI) – which represents Visa and Mastercard among other issuers – sets rules for organisations that store, process and transmit cardholders’ data.

    However, it is up to the individual companies to enforce compliance.

    The EU’s General Data Protection Regulation (GDPR) also introduced a legal requirement that “appropriate technical” measures be taken by organisations when handling such details.

    “All organisations processing personal data have a responsibility to do so safely and securely,” commented a spokesman for the Information Commisioner’s Office.

    View the original article: https://www.bbc.co.uk/news/technology-44548481

    “If anyone has concerns about how their data has been handled, they can make a complaint to the ICO.”

    In the same category are

    Barclays customers hit by online glitch Image copyright Getty Images Frustrated Barclays customers have been locked out of their online accounts for hours today.The problem began on Thursd...
    Tom Watson mocks Corbyn aide Andrew Murray over ‘deep state’ claims Image copyright PA Image caption Tom Watson said Andew Murray's claimed sounded "a bit John le Carre" Labour's deputy leader has dismissed a sugge...
    Russia’s anti-doping body reinstated after ban The suspension of Russia's anti-doping agency (Rusada) has been lifted despite widespread opposition.The World Anti-Doping Agency's (Wada) executive ...
    GoPro Hero 7 camera films smooth videos without gimbal Media playback is unsupported on your device Media captionWATCH: GoPro's new stabilisation put to the testGoPro's latest action camera promises to p...
    Brecon Beacons sheep rescued by Thai cave team members Image copyright SMWCRT/Hook News Image caption Rescuers Mark Morgan (left to right) Gary Evans, Dave Dunbar, Vince Alkins and Pete Hobson with the ...
    F91 Dudelange v AC Milan: ‘Sensational’ Europa League debut campaign for Luxembourg champions F91 Dudelange's head coach Dino Toppmoller has had more media attention than normal ahead of their Europa League tie with AC Milan"The Europa League ...

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.