Re: Encrypted Fields

From: Michael Gentry (mgentr..asslight.net)
Date: Sat Feb 07 2009 - 22:55:07 EST

  • Next message: Andrus Adamchik: "Re: problem with m:n relationship/inheritance"

    On Sat, Feb 7, 2009 at 4:46 PM, Aristedes Maniatis <ar..sh.com.au> wrote:
    > Except that credit cards are not a good example here. Speak to your gateway
    > provider, but here in Australia they all let you run transactions against
    > the same credit card *without storing the card number/expiry date/cvv*.
    > Instead you store the previous transaction reference and you can use that to
    > process future card payments between that card and the same merchant.
    > Infinitely safer than storing card numbers.

    So ... you'd want to encrypt the transaction reference and the gateway
    provider would want to encrypt the card number/etc. :-) I basically
    see encryption as being desirable anytime personally
    identifiable/critical financial information needs to be stored (bank,
    stock trading, commerce, etc) or personally identifiable health
    information (doctor's offices, hospitals, testing labs, etc). I'm
    sure there are others, but those are the big ones (to me).

    > Americans certainly are strange with their SSNs. You give them out at the
    > drop of a hat to buy popcorn, and then still use them as a 'secure' form of
    > identification.
    >
    > Ari

    The SSN is almost a joke. When I first moved to Virginia, the
    Department of Motor Vehicles put your SSN on your driver's license (as
    your driver's license number). I was stunned. I was even more
    stunned to find out they had a web site where you could go look up
    someone's DL # (their SSN). Very dumb. They've fixed that now.
    Somewhat. (You could also get your Virginia driver's license without
    proving you were a resident of the state -- which is what I did, too.)

    Anyway, I know the white paper needs more work. It was something I
    hacked together right about the time I left Fannie Mae (good timing).
    I wanted to get enough details down that I could remember what I was
    thinking at the time, but there are some inherent assumptions that I
    should flesh out sometime if it is useful to others. (Since it may
    not be obvious what I was thinking.)



    This archive was generated by hypermail 2.0.0 : Sat Feb 07 2009 - 22:55:42 EST