Reliance Communications used for my Father's ID Fraud

In February 2009, my father Divya Shah, went to Ahmedabad, India for an operation.

He is a British Citizen and hence not a resident of India and neither does he have any address in India.

He was in Ahmedabad for a period of 21 day and left in February of 2009.

In October 2009, a person in Ahmedabad managed to open a  Reliance Communications Post Pay Account under my father's name.

You will note that my father left India in February 2009 and this account was opened by Reliance Communications in October 2009.

They did this as they required a bill with y father's name and a local address on it to give to Kotak Life to mess about with a life assurance policy my father has with Kotak.

I found out in September 2012 that this Reliance Communications bill with my father's name and an Indian address was used at Kotak. This is clearly ID Fraud and against the law.

I subsequently asked Reliance Communications to look into this and provide me with details of the evidence submitted to prove that the person opening this Reliance Communications telephone account was my father, but rather than investigate this ID fraud i am simply being pushed from pillar to post by Reliance Communications.

Is there anybody within Reliance Communication who after reading this Blog can assist in investigating what paper work was used to open this account under my father's name? My father left the India in February 2009 and is a British Citizen who does not have any Indian residency, so how did Reliance Communications open an account on his name?

Reliance Communication by law would have been required to do some checks to prove that the person who claimed to open the account under my father's name was genuinely my father. As my father was never in India what was used to open this account?

So far Reliance Communications email Help simply keeps telling me that I should go to my nearest Reliance Shop, but I am in the UK. Its amazing what sort of people are at the end of this Reliance Communications email helpdesk.

This is ID Fraud, simple. Reliance Communication's lack of ID checks made this possible and they need to take ownership of it.

Mr Anil Ambani, are you going to look into this at all, or you not care just like your email helpdesk?

BAA Heathrow T5 Parking Pod failure - No face for BAA CUstomer Services here

This is a failure of the Heathrow T5 Business Parking Pod system where you pay premium parking rates.

Its not bad that it failed, because these things do fail, what was worse was that they refused to send anybody down for the 20 minutes it was out of order.

We had to listen to a voice hiding behind the screen, who after a while stopped picking up the help phone also.

This is Customer Services which is truly shameless. It was 9.30pm, totally dark but BAA Heathrow refused to send any person down to assist or help calm passengers - they even stopped responding to the support telephone also.

BAA Heathrow - can I expect a refund (Heathrow Airport parking confirmation - Ref U4LWJQ).

A video of the BAA person hiding behind the screen refusing to pick up multiple times I available at:

So rather than even pick up the remote phone service, they hung up on us, not once, not tice but nearly four times.

It is clear that the Pod is entirely unmanned and that vulnerable people or people travelling with young children will face a very hard time when the system breaks down, as BAA is an effort to save money will not have any real person to assist you.

When it works its great, but when it breaks down, BAA sends no real person and people at the end of the phone don't want to speak to you either. This is truly wrong!!!

Why can a real person not be available at the Pod itself, its totally wrong they refuse to put a real person on hand, especially during failures.

So

Lovefilm an Amazon company. Why can't they respect the Data Protection Act.

I left Lovefilm, now an Amazon company, as a customer last year.

But for the past one month Lovefilm has been harassing me with phone calls trying to win me back virtually every single day.

Despite informing them to stop calling me in line with the Data Protection Act, they have refused to do so. They simpy don't get it that I no longer wish to be a customer. How desperate can a company be for some business, and how exactly do they think by harnessing customers, will they get more custom?

Here is the number of times they called me from their 0845 286 1740 call center in just the last few days:

7th August - 10:05

6^th August – 11:43

3^rd August – 16:58

3^rd August – 11:01

2^nd August – 15:12

31^st July – 18:32

30^th July – 16:28

I even emailed this to the Amazon legal team but they have still not shown any respect to statutory law.

I will keep updating the Lovefilm calling list untill they stop.

Hopefully this public shaming will stop them... I hope!!!

Fuel Genie and the 3% fuel cost saving claim.... I won

As a company director i use Fuel Genie for my company cars. I was attracted to this because of a claim of save 3% on fuel costs by Fuel Genie when i joined in 2009.

However this claim has never materialised and mutiple emails have been ignored by Fuel Genie.

Today 29/6/12 i got an email from them saying this claim was based on a 2009 study carried out but never checked again although they kept using this claim. They have now agreed to take this claim off thier website and i hve asked for the claims to be taken off all petrol forecourts that Fuel Genie can be used.

As a business user there is fundamentally no saving to me in using Fuel Genie and its time they take responsibility for thier actions.

I have asked for a 3% refund, on all my Fuel Usage simce 2009, lets see what they do as clearly thier advertising was misleading and hence against the law.

But the one thing I am proud of is that a single small person like me finally forced Fuel Genie to admit their advertising was against the law and hence to take it off.

You only have to do a Google Search on Fuel Genie 3% discount to see cached website showing the misleading advertising.

Big Gaff by GiffGaff Mobile Network

As one does, i requested for VAT receipts for payments made to GiffGaff Ltd who i use for two of my mobile telephones.

What subsequently happened was simply amazing however quite embarrasing for GiffGaff i am sure.

A little digging on my side revealed a lot and quickly put GiffGaff back in its box.

Attached below are communications from GiffGaff from thier "Ask an Agent" part of thier website where one can ask for help.

Few things to note from this message from GiffGaff Ltd:

1) GiffGaff believe VAT Invoices are protected under the UK's Data Protection ACT as they believe it contains sensitive information.
2) GiffGaff claim that although VAT receipts are protected under the Data Protection ACT that they can be simply emailed as a PDF. (I dispute the fact that an Invoice is protected under the DPA to begin with). However it is fasinating to note that GiffGaff believe information which is protected under the DPA can simply be emailed over plain text email.
3)However the statement which really makes me laugh is: "Our email servers here at GiffGaff are secure and protected.

A simply quick check via NSLOOKUP against a public DNS Server shows that GiffGaff uses Google Hosted Email for its entire corporate email.

Hence neither can these email be considered "Our email servers here at GiffGaff" and nor can they be considered "secure and protected" as Google's own terms and conditions clearly state that the information on Google Servers can be held anywhere in the world. This obviously goes against the UK Data Protection ACT as the ACT requires the information to be held in certain countires only.

This however is not a issue for Google, as they are not selling Hosted Email which is compliant with the UK DPA, but an issue for GiffGaff who believe they can fool a customer like myself by stating they actually own and physically host their own email server.

There is nothing wrong in using Google Mail, even i use it, byt for GiffGaff to sell it as UK DPA compliant is simply laughable.

When i pointed out this Google Email Hosting issue to "Joe the Agent" he quickly changed his tone and agreed to post out the the VAT receipts by 1st Class Recorded post no less.

This might be just a one of Rouge Agent Joe who thought let me just try and make a mockery of the customer, but i did on every ocassion also copy the emails into Mike the CEO of GiffGaff. As i also got an out of office reply from Mike the CEO, the emails clearly did get to him. However Mike the CEO of GiffGaff did not reply once at all.

Hence i can only assume that the replies from Joe were fully sanctioned by GiffGaff.
I have forwarded this matter to the UK Information Commissioner's Office.

If GiffGaff Ltd wishes me to change any of this information, as long as they can provide the necessary justification i will be happy to do so.

Choice of Credit Card Hashing Algorithm

In December 2011, i tried a Groupon code that allowed me access to four boxes of nibbles to be delivered to my door.

Lets call this company that delivered the nibbles to your door as Company A. We all know who this company is!!!

Although all i wanted was the four box trial, i had to enter my credit card details.

I tried my first box and was unhappy with their delivery and the fact they put all the onus onto Royal Mail rather than accepting the fact that legally it is the responsibility of Company A to deliver the item to my door and whoever they choose, if they are let down, legally they are still held accountable.

So i requested for my account to be closed and requested for all 4 boxes to be delivered as per my trial and made it clear on the 11th of December that they should not charge my credit card.

On the 15th of December a charge appeared and hence this set of a series of issues.

Now to the part part of the Blog.... I askedCompany A how they protected my credit card details while held on their servers and their response was simply amazing:

Reply from Krista@Company A on 16th December 2011 was - The one-way hash that we use is MD5 encryption algorithm.

• For a start MD5 is a Hashing algorithm and NOT encryption.
• Secondly the PCI (Payment Card Industry) Code themselves ask you not to use a weak Hashing algorithm.
• Finally MD5 is probably the weakest algorithm you can choose.

So i asked Company A why they used such a weak algorithm and why they did not understand the difference between Hashing and Encryption.

The reply from Krista@Company A on 16th December was - We will give no furhter details on this or on our use of the MD5 algorithm as that in itsself would compromise security. 

So Company A confirm they use MD5 to hash the credit card number, with so many public hacks regarding MD5 why on earth does Company A use it? And why would it make this public to me on an email? If i was their security chap i would never state this to start this.

Even if this hash is further encrypted, at some point within their system it will have to be stored as an MD5 hash to be processed (charge a card, refuse, etc). So at some point the MD5 hash value of my credit card would be available.

Please Company A can you kindly stop the use of MD5 and move to either SHA-1 or SHA-256?

 And if you have made the change since you provided the information of the 16th of December, can you let me know so i can update the Blog?