Victor Keegan 

Which? loses its way

Serious security defects in software sold by Which? casts doubt on the consumer watchdog's reputation, writes Victor Keegan, Guardian Online editor.
  
  


One organisation that won't be getting a Which? Best Buy product this year is its own TaxCalc following disclosure of a highly embarrassing defect.

Which? admitted last night that the flaw "made it possible for an unauthorised third party to view personal and financial details [and] information submitted by purchasers of TaxCalc 2001".

The details included the addresses and credit card details of more than 2,700 people who purchased the software from its website.

Wow, that won't do Which? any good. Nor will it do anything for millions of web users around the world who are already extremely worried about security on the net. The standard response to such worries is to say - which was true at least until recently - that security on the web is much more better than most people realise.

Credit card fraud on the internet - once porn sites have been removed - is miniscule and the cost of default mostly falls on merchants rather than consumers. But no one is going to believe such figures when respected bodies like Which? fall victim to breaches of security the consequences of which could be quite devastating to the customers whose details have been revealed.

Much of the damage has already been done because, rightly or wrongly, a lot of people contemplating online purchases will deduce that if this can happen to a respected body such as Which? - that castigates other sites for their inadequacies - then what can one expect from less well endowed sites? As Chaucer wrote, "if gold rusts, what will iron do?"

This raises another important point. Which? as an organisation has a conflict of interest. It is both a watchdog and a content provider. It earned its "brand" by giving independent assessments of consumer products then used the success of that brand to sell products - like TaxCalc and internet access - to its customer base.

When it fails in the provision of its own services, it calls into question the authority of the quality of the independent assessments it does on other products. Maybe it should stick to what it knows best.

It will take Which? a long time to recover from this fiasco and could deter worried customers from giving their credit card numbers online to other organisations. I bought my first copy of TaxCalc earlier this year to test it out for myself with this year's tax returns but haven't yet got around to using it. Sometimes there are real virtues in leaving things until the last moment.

Email
vic.keegan@theguardian.com

Related articles
22.06.01: New e-minister is no technophobe
22.06.01: Web security breach
23.08.00: Another blow to confidence in internet banking security

Useful link
Which?

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*