Recently, two ridiculous, antiquated requests have been made of me in order to verify my identity to two companies that I like: Twitter and Target. I somewhat understand the fax requirement for a Twitter impersonation report so I’ll focus on Target. (FYI I’m the real @emilybinder and @adoreajabakery and @thedigitaldive_. If any other handle claims to be me, it’s not me: I wouldn’t set up a handle that required a number on the end because my desired name was taken. I would find another handle. I don’t do numbers on the end.)
A couple weeks ago, I signed up for a Target RedCard in-store. I applaud Target on the convenient offering of quick sign-up with the cashier by providing a blank check and a driver’s license: no forms or visiting guest services.
Annoyance #1: Lack of Internal System Network Cohesion
The RedCard account must be set up with the address on the customer’s driver’s license. Mine happens to be my old address. The cashier couldn’t enter another address or update it after setup. She instructed me to call the RedCard 800 number immediately afterward and request an address change so that Target wouldn’t mail my new card to my old address. My blank check — tied to a bank account with what is necessarily a more reliable current address than the one on a driver’s license which doesn’t expire for years — should have sufficed for proof of address.
Annoyance #2: Human Error Followed by Outsourced Customer Service Giving Dangerous Instructions
I called the RedCard 800 number and asked to change my address. The lady in India asked for my driver’s license number, which I read aloud. It did not match my account: the cashier had mistyped my DL number. The lady said that since she could not verify that I was the account holder, she could not change my address. For that to happen, I would need to send a letter in the paper mail to Target headquarters including:
- name
- old address
- current address
- driver’s license number
- social security number
- last four digits of new Target RedCard
She did not instruct me to explain the situation – just to list these things.
A of all, that is a joke if you think I’m sending my social through the paper mail to your PO box.
B of all, I told her that, and she said, “Okay, you can exclude it.”
Identity Theft
But her protocol was to tell the customer to send the above and nothing else. That would be a great formula for
1) no action due to lack of context
2) identity theft with that piece of paper floating around Minneapolis
Some customers are ignorant though, and would have followed those instructions. NEVER GIVE YOUR FULL SOCIAL unless you truly need to and you’re dealing with a trusted government entity or a bank, for example. Every single time a company or office has requested my social, I’ve refused and they’ve said it wasn’t necessary after all. Comforting. Keep it secret keep it safe. -My high school
I couldn’t print that day. So I, Emily Binder, hand wrote the letter. To make a petulant point about how ludicrous this was. After filling two sides of a page (many details to cover by this point) I finished with, “Please call or email me to confirm your receipt and processing of my request.” (That never happened.)
The Outcome
Two weeks after sending the letter, no card. I called the main Target customer service number. The system required entry of the last four of my RedCard and social. The lady who answered sounded like she was in Minneapolis. Great, maybe she will actually be able to update her own company’s system that she is staring at right now. She said the account showed my current address and that my card was just mailed. So my handwritten letter worked, which blows my mind. (I hand wrote it because I expected my request to fall into the void and I planned to later complain that I was merely providing information in the 1800s format they requested.)
Why couldn’t the outsourced RedCard 800 number customer service rep use the same credentials to verify me and change my address on that first day?
My letter provided no new (or verified) information that I wasn’t telling her over the phone or that I couldn’t email. At least with an email, the sender’s identity is somewhat traceable. USPS does not require a return address. Anyone could have sent Target a letter from “Emily Binder” and given any address where my card would then be sent to a scam artist. Note: Target still sent a RedCard to my old address.
The Customer
Do not burden the customer. If an onerous hard copy type of action is needed, there better be a good reason why electronic submission would not suffice. It’s ludicrous for anyone to think that fraud is any less likely by requiring a customer to print and put a stamp on the same letter they would otherwise email. Even if it includes a scan of a photo ID. It’s a scan. This mailing a letter ballyhoo is simply a waste of paper, time, and resources and in fact creates a greater chance of identity theft because there is a paper trail. Or, for the unfortunate ignorant or trusting customers in my position, it creates paper floating around with the customer’s full social security number on it. This 5% off all purchases better be worth it.
Wow, this is ridiculous. I agree…you’d think by now that we’d evolve beyond needing to mail stuff in….aren’t there ways they can confirm this stuff online?
Didn’t know about the SSN part though. Next time someone requests it, I’ll ask to see if they really need it.
Yes, there are ways to confirm online. That was my confusion: what about faxing in that scan of my license to Twitter made it more reliable or verified than emailing them the same PDF? If someone had hacked my email or was impersonating me while submitting an impersonation report, they too could fax the information. I know faxing is an extra step which could discourage casual identity thieves who are just messing around online but what added security does it really provide?
SSN: It’s scary how many companies or even doctor’s offices will ask for your full SSN when no SSN or the last four will suffice. It’s great when they ask you to hand write your social on a piece of paper that is going in a file cabinet. The more times you do that in your life, the harder it will be to ever pinpoint where your identity was stolen, if that happens.