Sir, – With reference to “Why does Revolut keep asking me to reveal my PPS number?” (Business, November 14th), I accept that there may be a valid legal basis for financial institutions (and other specified bodies) to collect my PPSN but I have concerns regarding the manner in which this data is typically collected.
For example, shortly after reading the article I was asked by a bank to complete and sign a form sent to me by email and return the completed form as an attachment to an email to be sent to the bank. The data required in the form included my PPS number as well as other personal data.
To send personal data using an unencrypted email is the equivalent of writing it on the back of a postcard and posting it in a letterbox.
The practice of transmitting documents by email seems to have grown during Covid but also (in my experience) is used to collect forms “that we forgot to ask you to complete when you visited our office”. Often the customer is under time pressure to complete a transaction and left with no option than to put their data at risk.
Tony O’Reilly, Nell McCafferty, Ian Bailey and more: 50 people who died in 2024
Women are far more likely to re-gift unwanted presents than men
Restaurant of the year, best value and Michelin predictions: Our reviewer’s top picks of 2024
‘I personally only come here for the ladies’: Fog hits racing but not youthful glamour at Leopardstown
Regarding the security of credit card data, a recent advertisement for a charity appearing in the newspaper facilitated the making of donations by credit card by including spaces for credit card and CVV number to be inserted in a form to be cut out and sent to the charity in the post.
It would be very unwise for a donor to use this option to make their donation because of the risk that their full credit card data could be lost or stolen. Card scheme rules (which a merchant must comply with) are that the CVV is to be used only for online or telephone authentication purposes and should not be retained in written form.
Companies or other entities collecting personal data should be required to provide a secure means of capturing personal data from customers and to implement controls (particularly training and monitoring) to ensure that it is used rather than reliance on unsecure emails or paper forms which put customer personal data at risk. – Yours, etc,
JOE FLEMING,
Glenageary,
Co Dublin.