19 comments

[ 5.5 ms ] story [ 239 ms ] thread
Credit reporting. My birthday and previous addresses are listed in them, and if someone else has the same address now (old apartment), their name may show up in relation to me. Your life is not as private as you think it is.
Yep. I came here to post this. UPS definitely has your credit report.
Just doesn't seem right. When did I authorize that? If I'm only receiving UPS packages (where the sender has already paid UPS) why does my own creditworthiness matter?
I don't think it's credit worthiness as much as just verifying your identity by asking deeply personal questions about stuff they wouldn't otherwise know. How would UPS really know if the address you provided is right? They're leaning on credit companies who make a business on keeping super accurate records of our personal lives.
You would think that it would be illegal to pull my credit information without my permission. Then again, it's probably buried in a TOS somewhere.
It's worse than that. I'm supposed to be getting a package sent from Europe. The sender just called me up to tell me that they cannot send it by UPS unless they provide my social security number.

Let that sink through: UPS has convinced the guy (whose business is to produce & ship goods, not to guard my privacy) that they cannot send a package to a random US person, unless they provide that US person's SSN.

I was sure he was joking - but apparently the US government requires them to do so: http://voices.yahoo.com/why-does-us-customs-want-social-secu...

Seems like UPS, Customs and the IRS are hellbent on cataloging any transaction I make with out-of-state sellers. I don't trust their security one bit, and I wouldn't be surprised to find "list of items ordered by beagle3", "list of addresses beagle3 lived in" along with my SSN and a lot of other stuff when they are hacked.

I'm not trying to avoid customs or anything (though this item is, as far as I know, not subject to any taxation or other custom regulations)

Anyone know a way around it? A way to receive a package without exposing my SSN?

So far I've had good luck with the British postal service. Slower than UPS and FedEx but fewer issues in my experience. EMS also doesn't seem to require it either.
The way the Customs Service sees it: you claim that the package does not contain goods that are subject to customs or import duties.

Cross-border issues are tricky. Normal (U.S.) legal rights tend to disappear when a transaction becomes cross-border (excluding NAFTA cross-border traffic). My suggestion? If feasible, ship it through Canada or Mexico.

> The way the Customs Service sees it: you claim that the package does not contain goods that are subject to customs or import duties.

That's independent of requiring my SSN though: they are going to examine it anyway. If it's subject to import duty, convert it to a "cash-on-delivery" package with the missing duty, or something like that. That's how it works in other countries.

This is a ridiculous big brother info grab; it has nothing to do with proper custom or import duty collection.

(comment deleted)
IDology and other provide this as SAAS.

It's very popular way to verify identity online, for example when booking a home tour with a real estate brokerage.

Yes, it's creepy.

As an entrepreneur I can see how this verification process is very important to save time but it definitely can ruffle feathers. It's disturbing how much publicly available information about us can be found online and when combined can be extremely powerful.
They're not looking at your credit score, just a lot of the other information around it.
As others have pointed out, they use an identify verification service. In most cases, any org that uses such a service doesn't even see the data the form is asking for (i.e. it's just a pass thru, much like CC# forms in IFRAMEs).

Granted, it is scary what is aggregated about you and stored in some giant data warehouse somewhere (prbly not protected very well). But I'd rather an org use a third-party such as this vs begin to aggregate similar data on their own.

However, think about what else UPS knows about you (without this data). They have your name, address, phone and know precisely (for all things they handle) how often you receive shipments from where, how much they weigh and potentially other data (depending on whether they've done any scanning or if there is any hazardous or perishable labeling on it). If they've ever tried to deliver and needed a sig and you weren't there, they have a record of when you're not home as well.

I wonder if they (or FedEx, et al) have a policy whereby you can request all the data they have stored on you like this…

They really should, similar to Google's "Takeout" feature that lets you download all the data they have of yours. I downloaded my Google Voice data alone and it was nearly 70 megabytes of call information and text messages.
I don't think this is information that UPS actually possesses themselves. I signed up for a credit card with a bank I had never done business with before a few months ago. I had to "verify my identity" by calling in, and the agent presented me with several questions similar to the ones mentioned in the article (where I had lived, who I had lived with, etc).

I was a bit startled and asked the woman where they had gotten this information and she told me all of the questions and options were being pulled from a third party database that had something to do with my credit history.

I also remember being asked similar questions when opening a bank account a few years ago. It seems like basically any institution that REALLY needs to verify your identity can use this, although I'm sure there are limitations to what they give out, and to who. (Not really sure who "they" are though...)

It's funny that people freak out with what Facebok et al "know" about us, but there are credit companies that have been aggregating way more personal information (address, family history, bank accounts, lines of credit, etc) for our entire adult lives.

All this data is what's been used to calculate our credit scores for years...

When you move and mail is forwarded it creates a public record with the postal service. This is tracked by a large number of private companies specializing in personal information, including credit agencies, kept in databases forever. The databases keep track of everyone receiving mail at a given address during a given time. Even if you don't file mail forwarding orders formally, if you change your address with a magazine company or have a final bill sent, the company you do it with registers that information with the tracking agencies.

There are rather comprehensive records of who you are, who you are related to, where they are now, and where you are now. Also tied into credit records, and multiple databases of public information including property purchases, property tax records, corporate incorporation documents, SEC filings, lost property and refunds claims in various states, etc.

Most of the basic information is publicly available for free through any of a number of sites, with more detailed records including email addresses, phone numbers, birth dates, and identification numbers useful for credit lookups, available for a modest fee to anyone with a credit card who is willing to pay the fee, or any of their subscribers who pay for complete access.

Obviously UPS subscribes to one or more of these services, it would be strange if they didn't.

Acxiom, Choicepoint, etc. For those interested, check out Robert O'Harrow's great book No Place to Hide. Insanely well-reported.
As others have said, it's not so much that UPS knows this, but that they subscribe to a service that aggregates this kind of data. Go get your credit report online. You'll be asked similar questions. Do credit reporting agencies know this data? Not necessarily, they subscribe to a service that aggregates it so they can confirm the person trying to get your credit report is you.

UPS has, unfortunately, been quite the unintended accessory of credit card fraud/identity theft. I worked for a company that lost $30,000 to credit card fraud in a single month. Almost exclusively, the perpetrators would order $500+ in merchandise and have it Next Day Delivered to a vacant (but legal) address. Once they got the tracking number, they called UPS and had it rerouted for pickup. UPS says they check driver's licenses for pickup, but obviously this policy is inconsistently applied.

In reaction, the company I worked for modified its UPS contract to disallow reroutes. This caused an amazing number of headaches for the company's customer service staff and for UPS customer service, as many legitimate customers were caught in this net intended to prevent fraud loss. Most of my experience with UPS comes via my former company. As a mere consumer of UPS services nowadays, I've noticed a number of service improvements that I remember my previous company suffering from previously. It's interesting.