Skype, age verification and phone numbers

Today I want to talk about something important, privacy. I know we can have the whole debate “privacy is dead, long live privacy”.

I am teaching another digital forensics class this month and wanted to prepare a Skype instance. I wanted to create my account, which I was allowed to with a non-Hotmail or non-Outlook account. I was pleasantly surprised about that fact.

After the registration of the account Microsoft wants to do an age check, which I can understand but what I do not understand is the verification by credit card. This goes against every privacy principle.

Imagine your neighbor walking up to you and asking for your credit card details. Just to check if you are old enough to use his lawn mower.  He won’t charge you.

I understood from the text that Microsoft would not charge the credit card but as a European citizen with GDPR in place I want to point out that an information collection should only take place when required. There are other ways to verify age plus I do not imagine that every person in the world with the right age to own a Skype account has a credit card.

One thing to know is that in Belgium , KBC has decided to block all US transactions with credit cards by default. This is a preventive measure to avoid fraud. This means if you are a customer of KBC and want to activate your Skype using your credit card you will need tell your bank to temporarily deactivate their fraud protection. Very interesting no?

Have you also noticed that a lot of organizations started collecting phone numbers lately for no reason at all.  I do not see the need for a phone number being collected all the time, there are certainly use cases but not every company in the world needs it.  NIST does not recommend an SMS as a second factor, so that is definitely not a correct use case.