[plug] Iinet security
krystindix at lothar.id.au
Tue Jul 29 10:16:08 UTC 2014
The only security questions asked were
First and last names (This is 1 Point)
Address (This is 2 Points)
Date of Birth (This is 3 Points)
The thing to note here Luke is that they would have had to verify that the Caller Lind ID matched the numbers on the account – Generally if it’s the DSL number or mobile number this satisfy 3 points of our ID Check system. This check would only complete if our Caller Application detected a CLID was present and that it matched the account that the ID check was been passed on (it is not something that can be checked or ticked in our widget).
Have a look in the task notes inside toolbox (all customers have access to their notes written by Customer Service). The first few Fields that are formatted will show things like the Callers Name, and then their ID Check Passed / Failed and with which points passed.
Having answered those questions iinet provided the account username and password, a list of linked accounts and passwords for all the things.
Does anyone have any suggestions on who to contact to get this fixed?
As I can see you can ask to have a challenge set or to remove the alternate method of passing the ID check. IE to ask for the account primary password and name of the account holder. This is fine for some clients however for people that do not know or even want to know their password been asked for it as the primary means of passing the ID check can be infuriating. I have found in my calls that I have taken for iiNet that clients are more happy / receptive when ID checked using the Name / Address / DOB / Caller Number ID.
I work for iiNet in the Hosting department. If you have any questions you would like to raise off the list please email me kdix at staff.iinet.net.au<mailto:kdix at staff.iinet.net.au>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the plug