Council demanded payment card details via email

Latest news

    Cars parked in roadImage copyright Getty Images
    Image caption Residents were told they had to email in the payment form to apply for a parking bay suspension

    A London council’s data protection efforts are under review after it told residents to email in their payment card details for parking bay suspensions via a Word document.

    Islington Council had required residents to share the security code from the rear of their cards, as well as their address, among other details.

    One security expert said this appeared to be a breach of the payment card industry’s security rules.

    The system has now been suspended.

    “We have begun an internal investigation into the process of applying for and paying for parking bay suspensions,” a spokeswoman for the local authority told the BBC.

    “In the short term, we have removed that form from our website.”

    Image caption Payment processors are not supposed to store credit and debit card security numbers

    The Local Government Association said it was not currently aware of any other incidents like this.

    ‘Insecure method’

    The matter came to light after one resident contacted the council in order to secure a spot outside his home for a furniture-moving service.

    “I was really surprised that they were collecting credit card details over email, because email isn’t secure,” said Dafydd Vaughan, who works for a technology consultancy.

    “If something happened and the details were leaked, they could be used by other people, and the bank would hold me responsible for sending my details in an insecure way.

    “I asked the council if I could pay online or over the phone, but was told that email was the only option.”

    One cyber-security expert said that Islington Council appeared to have violated a requirement that payment cards’ security codes never be stored by third-parties.

    Scott Helme added that there were also several other ways to transmit the other payment information more securely.

    “I hope the council will take steps to ensure they properly erase any historic data they have collected in this fashion and notify those involved of any risk they may face,” he said.

    “We need to know how many staff had access to these emails, could copies have been made, were they properly erased after use, or are they still stored.

    “It will be interesting to see what steps will be taken to prevent incidents like this in the future given this seems to be the only way that constituents had to access and pay for this service.”

    Image copyright PA
    Image caption Islington Council says it is carrying out an internal investigation

    The Payment Cards Industry (PCI) – which represents Visa and Mastercard among other issuers – sets rules for organisations that store, process and transmit cardholders’ data.

    However, it is up to the individual companies to enforce compliance.

    The EU’s General Data Protection Regulation (GDPR) also introduced a legal requirement that “appropriate technical” measures be taken by organisations when handling such details.

    “All organisations processing personal data have a responsibility to do so safely and securely,” commented a spokesman for the Information Commisioner’s Office.

    View the original article:

    “If anyone has concerns about how their data has been handled, they can make a complaint to the ICO.”

    In the same category are

    News Daily: Hate crime report and Raab takes up Brexit reins Hello. Here's your morning briefing:'Postcode lottery' for hate victims Image copyright PSNI The first official report into the handling of hate cri...
    Shona McCallin: Olympic gold medallist on effects of ‘brutal’ concussion Shona McCallin on her struggle with concussion2018 Hockey Women's World CupDates: 21 July-5 August Venue: Lee Valley Hockey and Tennis Centre, Queen ...
    The Papers: ‘Tearful Cliff’ and ‘Boris twists the knife’ Image caption Sir Cliff Richard's court victory against the BBC makes the front page of the Daily Star. It quotes the singer as saying he "won't go...
    New operational service medal recognises fight against IS Image copyright Ministry of Defence Medals honouring UK military personnel involved in the fight against the Islamic State group in Iraq and Syria h...
    Israel approves controversial ‘Jewish nation state’ law Image copyright AFP Image caption Mr Netanyahu said the bill's passing was a "defining moment" Israel's parliament has passed into law a controver...
    New Brexit Secretary Dominic Raab set for talks with EU Image copyright AFP/Getty Image caption Dominic Raab will be fronting the UK's negotiations with the EU The UK's new Brexit secretary will hold hi...

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.