This is an email I have sent to info at invernessleisure dot co dot uk but information contained within it is important to remember generaly.
I am writing concerning the security of the personal information provided by users of the High Life membership scheme. This information contains a photograph name, address and telephone number and credit card details which could be used by identity thieves if it is not properly secured. Is the data encrypted at the storage level? Who has access to the data and are they vetted for a criminal record etc.
The use of remotely readable cards to carry information is dangerous as it is possible to create a fake remote readable card if the card has passed within 25cm of a thief's (boosted) RFID scanner. A criminal could also wipe or change the details on the card.
It is very important that all personal information is securely held and as limited as possible because Identity theft is a self perpetuating crime where the criminals are making so much money that they can afford to have their own research and development people to work out how to extract personal information in order to make more money and unless those companies who are collecting the money keep it securely they could have the data stolen and their customers would loose money and the company would loose face and possibly be sued. You have my personal information (under my real name) and I want to make sure it is well protected.