Consumer Privacy: Top Priority
By Mary Lou Jay
Pretexting was one of the biggest consumer privacy stories in 2006, but even before the first news reports hit the newspapers and television networks, and Congress passed legislation late in its last session before adjourning for the year, wireless carriers were taking aggressive measures against the companies trying to fraudulently obtain their customers’ information. Media reports detailed how data thieves illegally obtained customers’ personal information from a number of sources, including phone companies’ customer call centers. The data thieves employed a variety of techniques, sometimes arming themselves with one piece of a customer’s information (their social security number, for example), and posing as the customer when they contacted the call center, or possibly claiming to be an employee of the company itself to con customer service representatives (CSRs) into giving them call record details.
The most high profile pretexting case involved Hewlett Packard executives who, in an attempt to find a leak on their board of directors, allegedly approved pretexting as a way of getting their call records. Despite such notorious cases, pretexting is not a common occurrence. “The percentage of customers who have inquired or expressed concern about this problem is small compared to the large customer base that we have,” says Heidi Salow, senior counsel and director from the office of privacy at Sprint Nextel. “But we don’t treat any of these requests lightly, so even one customer inquiry deserves serious attention.”
Beefing up privacy and security protections
Wireless carriers have accepted the responsibility of protecting their customers’ privacy and have dedicated many resources to that purpose over the years. All have high-level executives and departments within their organizations that are responsible for the security and privacy of customers’ information. So when the carriers first started hearing about and investigating reports of pretexting, they were positioned to quickly respond to the fraudulent efforts.
They started by examining and then strengthening their internal practices and procedures. Today, the national wireless carriers no longer permit their CSRs to verbally provide a detailed list of calls made or received. Restrictions have also been put into place regarding e-mailing or faxing call records. Some carriers
may choose, of course, to send an electronic invoice if the customer has chosen electronic billing, and respond to customer inquiries and concerns about particular items or charges on a bill. Carriers may also send a duplicate bill to the account’s address of record.
