Online entry and hackers

[Toreador]

Do you expect me to click on that link? Instinctively I won't because I don't recognise the URL

If you've not come across xkcd before then you've got many wasted hours browsing ahead of you ;-)

[bigfella]

If you've not come across xkcd before then you've got many wasted hours browsing ahead of you ;-)

Yes, thank you, I've already started, my employers may not feel the same though...

[mr brightside]

Don't know about Fabian4 but Sportident (in the UK) is the franchise of Martin Stone a consummate IT professional. Before making SI his full-time business, Martin ran it as a paying side line alongside his main business of installing, programming and commissioning high end servers. I would be very surprised if he did not have all the bases covered.

Cheers WD. SI has some of my data with me renewing my FRA membership online now, good to hear it's a well run operation.

From the Sportident Privacy Policy website page:

"To be able to use the SPORTident SI-Card system we have to ask for and store some basic personal information about you. By using our online system to purchase an SI-Card or by registering an existing SI-Card for the unified UK database of SI-Card owners, you consent to the collection and use of this data in the manner described.

Buying a New SI-Card

When buying a new SI-Card we will ask you for your name, address, email address and telephone number. The address you give will be used to mail out your new SI-Card and the email address will be used to send out a confirmation of your purchase. The telephone number allows us to contact you if there are any problems with your purchase.

If you choose to pay by credit card we will also ask you for your credit card details. These are only held by HSBC bank, not by SPORTident UK Ltd.
Registering an SI-Card

If you choose to register your SI-Card on the unified UK database of SI-Card owners we will ask you for your SI-Card number, name, date of birth and gender. This information is the minimum we require to add you to the database as it allows us to calculate your age category and class. We will also ask you for details of any sports you take part in and, where appropriate, the membership numbers and club names associated with these sports. This information about your sports is optional.

The reason for having a unified UK Database of SI-Card owners is to make this limited information available to event organisers and their sport's governing body for use with the SPORTident timing system. Therefore by registering an SI-Card on the database you accept that your data will be made available in this way. This includes allowing authorised event organisers to download this limited information directly from the internet. We do not use or provide this information to anyone for a commercial purpose and can reassure you that as we do not hold addresses or telephone numbers, it is not possible for you to be contacted.

The SPORTident Email List.

When you register your SI-Card on the unified UK database you are also given the option to opt into the SPORTident mailing list. If you choose to do this we will use your email address to keep you informed of any developments to SPORTident and of any events that are using the SPORTident timing system. Any email address you supply for this purpose will only be used by SPORTident and will not be made available to any third parties.

If you have any questions or comments about our privacy policy please send them to Martin Stone at SPORTident UK."

In other words - if it isn't stored, it can't be accessed and downloaded.

Perhaps the OP would care to make the effort (5 seconds) and research Fabian4.

Well done for cocking up another potentially interesting thread.

Grump, we can all read what these, and every other site including TalkTalk, say in their privacy/security policy but I don't believe any site is immune from hackers. Yes, storing credit card details in plain text and laying yourself open to SQL injection is just negligent. SI has my email address and presumably may others which could potentially be retrieved by a determined hacker. It doesn't have to be any fault of the web site owner, all operating systems, web servers have security flaws which are continually being fixed by the vendors. You also have to trust the service provider who is hosting your web site / database.

Hackers don't need much information to try scam you, just sufficient to con you into providing the rest.

I believe this forum has been hacked in the past but I assume that this was nuisance rather than malicious and that our email addresses and other personal details weren't compromised.

So yes, you are right to be concerned, but just be sensible and think carefully about what information you disclose to anyone and certainly don't respond to unsolicited phone calls or emails.

Just to be clear, I'm sure SI is as secure as Martin can make it and I don't have any concerns about using the site. If someone claiming to be Martin emailed me saying they had a problem with my FRA subscription and could I please confirm my bank details then maybe I would smell a rat.

You're right, they don't need much. Dark web sites could probably fill in any blanks and give someone enough to take out a credit card in your name, say.

[Manix]

Sites like SportIdent, Fabian4, Entry Central etc will use third parties (e.g. Sage Pay, PayPal etc) for financial transactions. None of your credit card data will be stored on their own sites. This third party web services are dedicated to online transactions, and their security will be tighter than an English Champs entry limit...