Good day. I wanted to ask if it is possible for TIL to track someone’s Trainline account and have access to it from a ticket purchased at the station using Apple Pay and if they can also gain access to Trainline using just your name ?? Surely there are so many people with the same name so that can’t be accurate ? Please help !!
-
Our new ticketing site is now live! Using either this or the original site (both powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!
Trainline tracking from card details
- Thread starter yazmy
- Start date
- Status
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R
RailUK Forums
As far as I know, generally the only way they have access to Trainline purchase records is by scanning a m/eticket bought on that account.
For example if an inspector scans the aztec code on my ticket bought via Trainline (or any other app) and sees that I have only bought a ticket from A-B and actually travel to C, they can request tranline purchase history to see if I have been regularly avoiding fares.
Not sure what they can do regarding paper tickets and card transactions.
For example if an inspector scans the aztec code on my ticket bought via Trainline (or any other app) and sees that I have only bought a ticket from A-B and actually travel to C, they can request tranline purchase history to see if I have been regularly avoiding fares.
Not sure what they can do regarding paper tickets and card transactions.
Fawkes Cat
Established Member
- Joined
- 8 May 2017
- Messages
- 3,910
I can't give a precise answer to this question because I don't have either the technical knowledge of how Trainline and Apple Pay work, or the legal knowledge about whether TIL would be able to obtain this information from Trainline. But I do know enough about the law to know that when suspected crime is being investigated, the investigators have very wide powers to obtain information.
So it isn't safe to assume that something that you've done won't be uncovered, and there is an obvious downside to denying something which the investigator can prove happened. This means that if someone (let's call them X) has done something which they hope an investigator won't uncover, then essentially they have three options
- actively deny that they did the something: if the investigator has no evidence of the something then this may put them off. But if the investigator knows that the something did happen, then they also know that X is lying, which means that they've got reason not to believe anything else that X says
- don't mention the something: again, this doesn't draw it to the investigator's attention - but if they do know about the something then this may raise doubts about how much X is engaging in the process '(X knew they did something: why didn't X tell us? Is there anything else that X is hiding?')
- be open about what has happened. The bad news here for X is that it may bring things to the investigator's attention that they didn't know about, but the good news is that X is clearly co-operating so that there's no reason for the investigator to think that there's anything they don't know about.
None of these options are great. But to my mind, being open is the least worst.
So it isn't safe to assume that something that you've done won't be uncovered, and there is an obvious downside to denying something which the investigator can prove happened. This means that if someone (let's call them X) has done something which they hope an investigator won't uncover, then essentially they have three options
- actively deny that they did the something: if the investigator has no evidence of the something then this may put them off. But if the investigator knows that the something did happen, then they also know that X is lying, which means that they've got reason not to believe anything else that X says
- don't mention the something: again, this doesn't draw it to the investigator's attention - but if they do know about the something then this may raise doubts about how much X is engaging in the process '(X knew they did something: why didn't X tell us? Is there anything else that X is hiding?')
- be open about what has happened. The bad news here for X is that it may bring things to the investigator's attention that they didn't know about, but the good news is that X is clearly co-operating so that there's no reason for the investigator to think that there's anything they don't know about.
None of these options are great. But to my mind, being open is the least worst.
Last edited:
The best option where you have other offences which you don't want discovered is often to keep quiet, and not disclose it. Note that this is different to lying or being dishonest. If you are asked about it, you have the choice not to answer. Do not under any circumstances volunteer information spontaneously about other offending. It is not in your interests.
We aren't talking about a body under a patio here but low level fare evasion. Keep quiet and do not do the investigators' work for them by wilfully providing them with evidence.
In the event the OP's case proceeds to court, which there is a good chance of, it's most likely they will be charged with a single Bylaw offence as we usually see TIL choose to do. Keep it that way and don't add charges by admission.
We aren't talking about a body under a patio here but low level fare evasion. Keep quiet and do not do the investigators' work for them by wilfully providing them with evidence.
In the event the OP's case proceeds to court, which there is a good chance of, it's most likely they will be charged with a single Bylaw offence as we usually see TIL choose to do. Keep it that way and don't add charges by admission.
There are strict rules about holding card details in a data base
You cant hold card numbers on your main database, they must be held in a vault. Not even temporary files. You access the vault using an api. You hold a token on your database as a key to the card details.
You need to have a damn good reason to de-dokenise the card.
Call centre staff should not write down card numbers, and and call recording should stop while the card details are being taken. A proper call centre should not allow staffs personal phones into the workplace (so they cant photograph their screens)
Only when you seek authorisation for a card transaction can you access the actual card details, and again, they should not be saved into any database file, and not displayed on a screen (except when masked, so only the last 4 digits is displayed)
All this part of the terms and conditions of being a card merchant, and the rules are set out in The Payment Card Industry Data Security Standard (PCI DSS)
You cant hold card numbers on your main database, they must be held in a vault. Not even temporary files. You access the vault using an api. You hold a token on your database as a key to the card details.
You need to have a damn good reason to de-dokenise the card.
Call centre staff should not write down card numbers, and and call recording should stop while the card details are being taken. A proper call centre should not allow staffs personal phones into the workplace (so they cant photograph their screens)
Only when you seek authorisation for a card transaction can you access the actual card details, and again, they should not be saved into any database file, and not displayed on a screen (except when masked, so only the last 4 digits is displayed)
All this part of the terms and conditions of being a card merchant, and the rules are set out in The Payment Card Industry Data Security Standard (PCI DSS)
Wethebest838
Member
Anything is possible but I highly doubt they will even bother.
- Status