Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Exclusive – London venue scanned payment cards as identification

by The Gurus
October 28, 2014
in Editor's News
Share on FacebookShare on Twitter

London music venue 93 Feet East has confirmed it has stopped a process of storing scans of payment cards, after attendees complained about the privacy aspects of it.
 
IMG_20140920_214158Someone who had visited the venue told IT Security Guru that upon entering, their credit card details and photographs were taken at the door by the security staff and when asked what they did with the information, they were told that they “hold on to it for around three weeks”.
 
The source told IT Security Guru that he was “at a complete loss as to why this is seen as acceptable”.  He said: “I understand being searched and checking for drugs, weapons etc. This is, in my view, a complete breach of the Data Protection Act and I do not see why credit card details are required to secure entry and why, indeed, your photograph is taken?
 
“I have attended meetings in a number of Government buildings in Westminster including the Palace of Westminster where, I completely understand why my photo would be taken, but they didn’t take my credit card details.”
 
The source questioned the legality of requiring that piece of information. He said that when he asked what happens to the credit card details, he was told that they hold on to it for around three weeks.
 
“My friends were told that they had to give their credit card details if they had no photo ID in order to get in,” he said. “They were attending an arranged event but I suppose could have decided not to enter.”
 
Asked what the process was from a visitor point of view, he said that the identification was scanned, but it was not clear how securely this was stored, or whether there was consent to share the information with a third party.  “Do the police have automatic access to any of this information and if so, under what law?”
 
Another person who had visited, said that he was advised that he would not be admitted without a credit card being photographed, and these were scanned into a purpose-built system. “They scanned it in and it uploaded onto the screen and I think it then uploaded to somewhere else (I was trying to look but the main bit of the system was obscured),” he said. “There was a small purpose-built scanning bed with single click for the scan, no opportunity to refuse and he said data was kept for two to three weeks but was not sure, it was very worrying.”
 
“We were also told that no details of the bank details could be obscured, and this was visible on the screen to the next person in the queue.”
 
In an email to IT Security Guru, a representative for 93 Feet East said that it has a policy of seeking photographic ID (which is scanned into its ID scanner) as a condition of entry at certain times. “This policy has flowed directly from police requirements and recommendations,” the representative said.
 
“In the past when a prospective customer did not have photographic ID with them, then such customer has (at the discretion of management) had the option of instead providing a bank card as an alternative means of confirming and recording his or her identity.”
 
However, they said that this policy has recently been reviewed by 93 Feet East, and bank cards are no longe
r scanned as an alternative to photographic ID and no bank card details are held now by the scanning system.
 
The venue declined to answer a second email asking how long the scanning process had gone on for and how many management members of the venue and its parent could access stored data.
 
The spokesperson said: “Scanning prospective customers’ personal data is only done with that person’s consent.  Personal data on the ID Scanner is held securely and only authorised personnel are entitled to access it.
 
“While security personnel (all of whom are SIA accredited and are not employed but provided by a third part contractor) have the ability to scan into the ID Scanner, only management staff (not the security personnel) can thereafter access the data.”
 
A spokesperson for the Information Commissioner’s Office told IT Security Guru that it was unable to comment directly on a hypothetical situation that it had not directly investigated, but any organisation processing personal data needs to ensure they comply with the principles of the Data Protection Act.
 
“This includes processing the personal data in a fair and lawful manner, making sure the personal data is secure and not keeping it longer than necessary,” he said.
 
“The venue would be strongly recommended to undertake a privacy impact assessment to identify and reduce privacy risks. It would also be recommended to have a privacy notice detailing why it is collecting this information and how it will be processed. We would only investigate in a situation like this if someone brought a concern to us.”
 
One of the visitors confirmed that they had contacted 93 Feet East regarding data privacy, but had not heard back.
 
The ICO spokesperson said: “Privacy notices don’t always necessarily have to be actively communicated, but if they have one it should be available on request.”
 
A spokesperson for the Payment Card Industry Security Standards Council (PCI SSC) said that she was unfamiliar with this, but any time an organisation handles payment card info, it is subject to PCI DSS requirements.
 
“In this case, it sounds like it has stopped the practice and is no longer holding the payment card detail, so PCI wouldn’t apply,” the spokesperson said.
 
 
Our next webcast will take place on Thursday at 11am GMT, where CISOs Amar Singh and Craig Goodwin will talk about the impact of and fixing major threats such as Heartbleed, Shellshock and Poodle. https://www.brighttalk.com/webcast/11399/131731

FacebookTweetLinkedIn
Tags: Credit CardsData Protection ActLondonPayment Cardsprivacy
ShareTweet
Previous Post

Securing your weakest data breach links

Next Post

Leak Within The FBI, AGAIN?

Recent News

software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information