Today I wanted to book an on-line ticket to see the Melbourne International Flower and Garden show. I was directed to the INTIX ticket site. To buy a ticket you had to create an on-line account, which I thought was unnecessary but because I know exactly how bad the queues during the show I decided to make an account. In order to pay you need to put in your date of birth and gender as well as your credit card details and address, email address and phone number.
I found the request for date of birth and gender totally unnecessary and potentially setting one up for identity theft if the company was hacked. If Medibank, Optus etc and today Financial Latitude have been hacked it looks like any company could be hacked. I was in the Medibank hack and it has left me feeling very vulnerable. Consequently I did not carry on with the booking.
I emailed the company about it and was told âthese are questions required by the government to translate demographics to the eventâ and that " the question of date of birth and identify as has been a question on each purchase process for the last 7 years (minus the two years it didnât happen due to COVID)".
I have attended many other events where I have booked on-line included cultural events such as RISING, the Melbourne Symphony Orchestra and this has not been a requirement.
Does anyone else see this as a security risk and is there anything else one can do about it other than not booking on-line?
I see it as collecting additional unnecessary information about a consumer.
The comment âthese are questions required by the government to translate demographics to the eventâ is interesting as I am finding more and more that non-critical government forms allow one to opt out of providing such information. Usually there is an option âPrefer not to sayâ Likewise with surveys and such like. If the government donât need to collect such information for non-critical forms, why is a ticket seller do such as using this as an excuse.
For things like plane tickets I can see why DoB/some identify information is required to verify the passenger is who they say they are when checking in (esp. in the world we currently live), but DoB for an International Flower and Garden show is an overkill and seems to be data harvesting. If it was mandatory, I would be like you wouldnât pre-book tickets and would instead try and purchase on the day at the venue where possibleâŠor put in false information if I wanted to go and couldnât avoid providing the information to get tickets.
Itâs not unique?
From another booked event, in this example one organised by Eventbrite for ASIC, attendees received advice re the booking including,
There seems to be an Australian branch, INTiX Australia. Somewhere in the two longish documents you are supposed to read and immediately comprehend and agree to; before creating an account they claim not to send your data overseas without permission⊠sure I believe it;) How could I prove it if they did, anyway? So I guess they could claim the same as Eventbrite. Though why a company operating in Australia does not need to comply with the laws of a country it operates in I donât know.
I couldnât find any other company selling tickets to the Melbourne International Flower and Garden show.
low risk for identity theft - pretty meaningless these days - always choose the âextraâ options if they are available (and a lot of government stuff these days is giving those extra options or not asking at all)
credit card details
obviously some financial risk, depending on whether the organisation is âbest practiceâ or ârubbishâ - usually unavoidable if you have to pay (and you are booking online)
address
If this is a billing address then fair enough (to go with the CC details)
email address
Sometimes stated as mandatory but not really important as you can have as many different email addresses as you can be bothered creating. Often captured for spam purposes.
phone number
If unavoidable then try to give a fixed line number (if available) so that they canât spam you forever / to reduce risk of misuse.
Iâve joined the queue at similar events, some with no fee to enter. Ticketing and entry has still been subject to a registration process where one surrenders various personal details. Itâs data collection which seems to have broad reach.
Thereâs little to clarify whether any personal data or registration is required for a ticket purchase at the gate. Iâd suggest on previous experience at other like events itâs probable.
Only the high tea tickets are nominated as having limited numbers. Similar information isnât outlined for general entry tickets. Looking at some of the days, High teas and some workshops are already sold out.
Pricing isnât provided so one doesnât know how much of a discount there is for pre-purchase tickets. I also donât know if there is a online booking fee which would erode any savings.
I am not adverse to real security measures such as scanning bags.
MIFGS is supposed to be cashless so they can collect any data that goes with our card anyway. Places like the zoo ask for your postcode.
If age data had been asked via a questionaire with an age range I would have filled it in but a DOB seems ridiculous. I can easily understand why people put in a fake age just to continue.
If I feel that the information is being unjustifiable requested I take great delight in creating mis-information just to thwart their systems. In the eyes of many organisations I must be the oldest person on the planet, having been born in 1900. Likewise for gender or anything else thatâs being requested purely for marketing purposes, and is a compulsory question, just enter garbage.
You can always use a false date of birth wherever a real DOB is not really required or punishable.
Choose a false date that is easy to remember and use it whenever the need arises. This way, if you are ever required to type in your false DOB, you can remember what it was.
Examples:
5/6/78
11/11/2011
There are now other options for sex as well.
BB
Yes, although the options can vary between questionnaires. Some include an option âwould rather not sayâ. Similar answer for age. Others have the option âotherâ and may or may not request an answer.
For what itâs worth I NEVER give my correct date of birth for anything apart from secure government sites, I use the wrong month and/or a different year.
I too am concerned about identity theft and so far so good.
What I do is provide a consistent but incorrect date of birth to any organization that I think should not need to know my date of birth but asks for it. This does create a bit of confusion on Facebook.
I am fully equipped with a consistent fake name, DOB, and an email address which does not reveal my real identity. I will use some or all of these if the occasion demands. The email address is specifically for emails which could become a nuisance. Most organisations seem to give no real thought about determining which data is necessary, they just think about what theyâd like to have.
I would certainly agree with providing a false DOB where I consider this unnecessary information, but Iâm not so keen on the âconsistentâ approach. Consider that DOB may be used as a factor when verifying your identity later, so if your fake DOB has been harvested from one site it may be used to verify you on another. I prefer unique rubbish information, for the same reason I prefer unique passwords for every site I register with, and my âpassword safeâ software is full of all such info.
I also had problems booking through Intix for the flower show. I booked on 2 Feb but the program failed after it took my Amex number & would not accept my mobile phone number. My Amex account was debited but no tickets in my Intix account. I complained & got standard acknowledgements but no tickets. I then got emails asking âdid you forget your MIFGS ticketsâ. Still no tickets. On 20 Feb I advised that I would dispute the Amex debit with Amex & the debit was deleted. In March I started the process again on my iPad & was successful. My 1st attempt I was using Firefox on my desktop while my iPad uses Safari so perhaps Intix used popups that are blocked by Firefox but allowed by Safari?
I never give my correct date of birth. It is not needed except for marketing.
I never give my full first name. Just my initial as this matches my credit card.
I never allow a website to store my credit card details.
I have now deleted my Intix account.
If I receive any future marketing emails from Intix I will mark them as âjunkâ.
I do not recommend Intix & their customer service was useless.
Good point, @duncan. If youâre going to use a fake DOB, make it a different one for every account. The consistency should be in how you select the fake date, not the date itself.
Some password managers also allow notes to be added to the login/website URL. This is useful for adding information such as email address, DoB, alias etc used for particular websites. We use ours for this as you can also store information even if a website doesnât need login credentials.