Apologies for starting another "O2 Sux" type thread, but a fairly worrying thought has just struck me: During the fiasco today, I, like many others, got bumped off to the "failover" page for iPhone ordering and duly filled in all our personal details (including name, address, Credit Card details, etc) and submitted it. Reading one of the other threads, it appears that the people who were successful with this have generated orders that will input manually by operators.
This raises several questions based on the fact that this page collected highly sensitive information:
1) How are these orders passed to the operators: Email(!), printed(!!) or in some secure manner
2) Do the operators input the credit card details, etc, from the page?
3) What are O2 doing to protect this information, and they off-shoring it for processing?
In some respects, I've been lucky because I never managed to successfully submit my details, but it did look scarily like a basic data collection page and at this stage, I wouldn't put anything past O2 (i.e. send the details out via e-mail!). If anyone did manage to submit their details using this failover form, it may be worth a call to ensure your details are being handled with the required security and respect...
This raises several questions based on the fact that this page collected highly sensitive information:
1) How are these orders passed to the operators: Email(!), printed(!!) or in some secure manner
2) Do the operators input the credit card details, etc, from the page?
3) What are O2 doing to protect this information, and they off-shoring it for processing?
In some respects, I've been lucky because I never managed to successfully submit my details, but it did look scarily like a basic data collection page and at this stage, I wouldn't put anything past O2 (i.e. send the details out via e-mail!). If anyone did manage to submit their details using this failover form, it may be worth a call to ensure your details are being handled with the required security and respect...