Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Internet

Private Identifiers Not Private

See also

Today’s commerce occurs very much online, with products and services ranging from A to Z. Hence, these many online merchants have hundreds of millions of people around the globe registered with them for convenient purchases.

To verify authentication as the true user of these services, the registrant must supply personal data. If cyber criminals get ahold of this data, much of it can be changed by the user after the breach, such as user name, password and even the address they’ve been using.

However, the Social Security Number and date of birth cannot be changed. When cyber crooks get personal data off of these online retailers and service providers, it invades the customer’s privacy.

Online enterprises must take full responsibility for stolen data. It’s a real serious issue when permanent (“static”) data like DOB and SSN is breached, as opposed to temporary data like a password or answer to a security question.

Of course, the registrants to these sites do bear some culpability when they post their personal data in the public domain. But business sites make posting personal data a requirement to use their site. Unique data like the SSN should not be a requirement.

The online commerce world should know that such a requirement destroys confidence in current and potential customers, and that their competitors who abandon this practice will have the upper hand in gaining and retaining business.

More and more users are realizing that the security systems of online enterprises are weak, putting users at risk for identity theft—a risk that they’re catching onto.

NSS Labs, Inc., a world leader in information security research and advisement, has the following recommendations:

  • Online businesses should limit requiring data that can be shared among other enterprises.
  • Online enterprises should be designed with the anticipation of possible data breaches; this way they’ll minimize risk and be more prepared to mitigate problems.
  • Third-party data breaches should be analyzed by online companies to protect users if data seeps out.
  • “At risk” users should be able to be re-authenticated.
  • Governments need to reassess the idea of using static data like DOB and SSN.
  • Online enterprises must embrace the possibility that legislation will eventually make it illegal to require SSNs from users.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

Advertisement

Don't Miss

  • Crew
    'The Crew' preview: Ubisoft has on its hands the 'Destiny' of racing games
    Games Preview
  • Cell phone
    A bill legalizing unlocking phones has passed Congress and is expected to be signed into law
    Video
    Tech Buzz
  • Destiny
    The 'Destiny' beta: 7 things we absolutely love about Bungie's new franchise
    Camera
    Games Feature
  • Cortana
    Cortana takes on Siri in a hilarious new commercial for the Windows Phone
    Tech Buzz
  • Unity Exclusive
    'Assassin's Creed Unity' exclusive: Tell the world, 'I'm coming home'
    Camera
    Games Interview
  • Typing
    Is your brokerage account safe from the attacks of cyber thieves?
    Video
    Headlines