Andrew Doyle (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

107. To ask the Minister for Finance the fraud prevention measures that are in place at the local property tax call centre in view of the alleged debit and credit card fraud allegations; and if he will make a statement on the matter. [23548/13]

Michael McGrath (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

111. To ask the Minister for Finance the steps that have been taken to establish the events which led to attempted unauthorised use of data belonging to customers who contacted Revenue's local property tax helpline; and if he will make a statement on the matter. [23569/13]

Michael Noonan (Limerick City, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 107 and 111 together.

I am advised by Revenue that the issue to which the Deputies refer was first brought to its attention late on Thursday night, 9 May 2013. The issue concerned people who filed and paid via telephone through the LPT Helpline and who used credit or debit cards as the payment method. In total, the details of 11 credit/debit cards were improperly obtained by an unauthorised employee of the company that operates the LPT Helpline on behalf of Revenue, and attempts were then made to use some of them for personal benefit. The incident did not impact on anybody who filed and paid via computer, nor did it affect any of the other available payment options for Local Property Tax (LPT).

I know that Revenue is extremely concerned about the incident and has, and continues to be, in contact with the company concerned. I fully support the strong response and prompt action taken by the Commissioners. I am informed that the matter is now in the hands of the Gardai and in the circumstances it would not be appropriate to comment further on that aspect of the matter.

In regard to security, the company that operates the Helpline was able to very quickly identify the person responsible for the inappropriate access because it has very sophisticated call management and recording systems available to log all calls. On concluding its investigation the company, which is both ISO and PCI accredited, assured Revenue that the incident was an isolated matter relating to a single individual. It was not related to any technology or systems breach and was not related to the secure on-line payments system for LPT.

When Revenue extended the facility to file and pay on-line, via the LPT Helpline, special arrangements were put in place with the company in line with best practice, including setting up a filing team which is located in a “clean” and secure environment, with additional monitoring features, who do not have access to mobile phones or any other facility to record personal or payment details. The person in question was not a member of this team, and had no authority to request any payment details from customers.

Since the incident also constituted a data protection breach, Revenue reported it to the Data Protection Commissioner on Friday, and is continuing to liaise with that Office.

Revenue has asked me to reassure the public that payment of tax by either credit or debit card is completely secure, and that in the unlikely event of any illegal access, the card owner will not suffer any loss.