Andy,
It seems that hardly a week goes by without learning that a
company has been hacked.
Just like every day people get killed, wounded or otherwise negativily
affected by trafic accidents, beatings, muggings, etc. ?
I'm quite sure that a decade ago the number of successfull break-ins was
much higher (less security), and that the hacks you hear about is just the
tip of the iceberg (losing customers data gives a company a bad name).
The problem is not the number of hacks. The problem there is the gathering
of all that reusable(!) data at the same place.
As an example: Just make it known to the world that you have quite an
ammount of money under your mattress and see how long it takes before
someone tries to take it away from you.
If you than have the excellent idea to install extra security measures, I'm
sure you want to keep the expense for that reasonable (preferrably less than
the ammount of money it tries to protect). Alas, that means that a well
educated (sic) thief will still be able to break that security (by hook,
crook, or just social engeneering
) and transfer your money into his own
pocket.
And that is what happens to those hacked companies.
It seems to me that businesses are storing credit card numbers, and
other personal information beyond what they need to receive payment.
There are two interpretations of "beyond" here, time and ammount of. For
both:
Have you thought about possible reasons to *why* a company would do that ?
If not, what about a long-running relationship with customers (for example,
having an in-store debet account) or maybe a gouverment-mandated duty to
hold on to financial transaction records for a number of years ?
Also remind yourself that unusable data costs money (gathering, handling,
storing, keeping up-to-date), and thats not what a company wants to waste.
Maybe I missing something, but after a customer pays for something or
orders something online, their credit/debit info should be deleted
immediately after the company has received payment.
And than alienating customers by having to tell them "No, I have no idea you
are regular customer here for over a year, you just need to give me all your
info again" ? Thats a good way to loose customers.
Bottom line: Try not to give companies such long-lived, sensitive data.
But as that would be cumbersome to most customers they rather just give
everyone-and-his-dog their name, adress, credit-card number and what-not
(especially when they are offered a 10 cents or so rebate), and just bitch
when the company they willingly gave all that info to gets hit by (the
equivalent of) a mugger.
My 2 cents.
Regards,
Rudy Wieser
-- Origional message:
Andy said:
http://abcnews.go.com/blogs/business/2014/09/home-depot-hd-hack-could-b
e-biggest-card-breach-ever/
It seems that hardly a week goes by without learning that a company has been hacked.
It seems to me that businesses are storing credit card numbers, and other
personal information beyond what they need to receive payment.
Maybe I missing something, but after a customer pays for something or
orders something online, their credit/debit info should be deleted
immediately after the company has received payment.
