Thursday, 14 March 2013

Identity protection is an uphill battle

Lately it seems I'm receiving requests to do things that other people advise very strongly not to do - hand over a copy of my passport and leave details of my credit card with people.

A couple of the projects I'm working on at the moment, are paying me as an employee rather than as a consultant.  It's been a while since I've been through the engagement process as an employee and the request for identity documents and proof of my work status is the thing that has changed.  I am being requested to provide a copy of my passport which will be held on file.  The reason being cited is so that they know I am allowed to work in Australia.  The most curious part of one of these requests is that the request was made by an organisation for whom I already work sporadically!  At one stage I was advised that every separate department would require a copy of my passport which I thought was bizarre.

I had a conversation with the HR department who told me that they need to be satisfied that I am eligible to work in Australia.  I guess that's fair enough, but what about all the warnings about identity fraud?  Oh - they hadn't thought about that.  I don't need to provide a copy of my passport to everyone in the organisation now.  I reminded them that I'm already working for the organisation and they gave me my favourite answer, "we're required by law".  Of course my follow up question was "which law?".  The response to that was "I'll put you through to my supervisor" which is always a sure sign that they don't know what law, it's just an easy phrase that ends most lines of questioning.

So I speak to the supervisor who tells me again that "it's the law".  When pressed, she tells me it's the "Immigration Law".  "But I'm not an immigrant - I was born here."  Silence.

"I was born in Australia.  I'm not an immigrant.  I'm not sure what your requirements are."

Silence again.

"I've had a look at the Department of Immigration website and employers certainly need to minimise the risk of employing someone illegally.  Given that I'm from here, surely you can ask me to sign a declaration."

"No.  We need to see your passport."

"What happens if I don't have one?"


"It's your choice."

And if I choose not to follow their instructions, then I will no longer be able to work on the project, despite being personally approached.  i called Fair Work Australia to see what they thought about the requests but was told they didn't know anything about it.  "We've never heard of this happening" they said.  Well I'm telling you now!

My passport has recently expired.  I'm in the process of renewing it and noticed the warnings about keeping identity papers safe.  Not very easy to do, it would seem.

The other request is to do with security deposits at hotels.  I understand the need for hotels to guard against dishonesty and to secure stuff that unscrupulous people could easily walk away with. There is a wide variety of practices.  Some hotels just want to make sure you have a valid credit card - taking one cent to prove it.  Other hotels are happy with a cash deposit or EFTPOS bond - both refundable immediately.  The thing I particularly rail against is the taking of a credit card imprint and holding anywhere from $100 to $200 as security bond on the card.  The funds are not able to be used, but there has been no actual charge to the card.  This process is done in an instant, but takes between 3 and 7 business days to reverse.

"We know that's a long time, but it's not our fault - it's the bank's."

Having been burnt a couple of years ago, I have learnt not to leave details of my credit card behind.  I did this once and had charges being put onto my credit card long after I left the hotel.  They were not my debts either!

This week in Perth I was booked into a hotel that wanted my credit card so they could hold $150 security bond.  We had the usual question on check-in.  It's another one of those "choices" - you don't have to do it, but if you don't they won't check you in.  When I checked out, I asked for my credit card details to be destroyed (they had a paper imprint).

I was advised that the details would be destroyed after they had contacted my bank.  They told me that this would happen that day but that it would then take 7 - 10 business days for the funds to be released.  Yes that time frame has extended from the original quote.  I said that I wasn't satisfied and that I wasn't prepared to leave my credit card details with them.  It was then revealed that the funds could be released immediately if the hotel faxed the bank.  To do this I would have to provide the bank's fax number.  My cab to the airport was waiting outside and I didn't have the fax number for my bank on me, so couldn't take up this option.

So in the digital age where money exists as code somewhere on the web, to get something done immediately requires a fax to be sent.  I don't buy it.

There are two things I'm going to add to my travel kit - the fax number of my bank and a load and go plastic card that I will put $200 onto specifically for the purposes of security deposits at hotels.  Or I'll leave them cash.  I've tried this before and for some reason some hotels won't take cash as a deposit.  I wonder why?

I phoned Consumer Affairs about this last year.  I received the shrug of the shoulders and was fobbed off to the Financial Services Ombudsman who deal with complaints against financial institutions.  My complaint is about hotels.

The other thing I don't understand is that when you need a refund for a purchase anywhere with a credit card, that refund is processed immediately upon presentation of the card used for the original purchase.  When I raise this point, I receive blank stares.

Perhaps I'm being paranoid, but I like my identity and have read enough about victims of identity fraud to know that I don't want to be one of them!


  1. Keep up the questions Tanya - you are right on both counts - I would hesitate to say that the company's request for Passport is small minded bureaucracy, but I'd suggest you don't tell the HR department that. How about giving them a photocopy or your passport with some key details covered?

    Much worse in Italy where the hotel wants to have your passport the entire time you are with them...

    I got a sharp reminder of security this morning when Facebook told me that someone in Ohio had logged in to my account. It is possible that that was an app that I allowed to use my facebook details, but at 1AM on Monday morning, even the apps should be asleep. It prompted me to change my facebook settings are require an SMS login for new computers. This is also available on Google (called 2-Step login) so I suggest you use what extra security you can...

  2. I use the 2 step log in for everything these days. It can cause a problem with multiple devices if you forget that you have it, but I love it now that I am clear about how it works. Regarding passports and Italian hotels - I found that was true in Spain also. I always refused and there was never a problem.

  3. Bring in your passport and let HR 'sight' it, and write a file note to that effect.
    They may baulk at having to have any personal accountability, but tough for them.
    If they can provide you the specific provisions that they must have a copy on file, only then give them that.

  4. Hey,

    This is the government's solution to your problem - VEVO! I'm not sure if it works for non-visa holding Australian residents.