Comments on: Banks Move From SSNs to Personal Details http://blogs.law.harvard.edu/infolaw/2006/11/09/banks-move-from-ssns-to-personal-details/ Information, Law, and the Law of Information Tue, 24 Nov 2009 00:08:14 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Suzanne Meehle http://blogs.law.harvard.edu/infolaw/2006/11/09/banks-move-from-ssns-to-personal-details/comment-page-1/#comment-1556 Suzanne Meehle Thu, 30 Nov 2006 19:02:15 +0000 http://blogs.law.harvard.edu/infolaw/2006/11/09/banks-move-from-ssns-to-personal-deta#comment-1556 I have a data parity problem with my name. I have had to fight with varous financial institutions about what, exactly, my middle name is. When I married, I took my husband's last name and moved my maiden name to the middle position. The Social Security Office in its infinite wisdom refused to drop my middle name, and so I am "Suzanne M** D** Meehle" in their system despite the fact that legally my name is "Suzanne D** Meehle." You would not believe the confusion that has caused, or the number of institutions that, having been given my legal name on every scrap of paper I have filled out for them, insist that I do not know my own middle name. I have a data parity problem with my name. I have had to fight with varous financial institutions about what, exactly, my middle name is. When I married, I took my husband’s last name and moved my maiden name to the middle position. The Social Security Office in its infinite wisdom refused to drop my middle name, and so I am “Suzanne M** D** Meehle” in their system despite the fact that legally my name is “Suzanne D** Meehle.” You would not believe the confusion that has caused, or the number of institutions that, having been given my legal name on every scrap of paper I have filled out for them, insist that I do not know my own middle name.

]]> By: Phutatorius http://blogs.law.harvard.edu/infolaw/2006/11/09/banks-move-from-ssns-to-personal-details/comment-page-1/#comment-1391 Phutatorius Fri, 17 Nov 2006 21:21:19 +0000 http://blogs.law.harvard.edu/infolaw/2006/11/09/banks-move-from-ssns-to-personal-deta#comment-1391 A question I have is why, suddenly, I'm asked to provide this additional 3-digit "security code" whenever I buy something online with a credit card. The security code appears on my card and not, presumably, on the magnetic strip. I suppose the "genius" of it is that someone who simply swipes my credit card number won't have the security code unless that person also has access to my card. Fine. But if I'm the only one holding my credit card, the only way any fraudster will get access to the number is if, at some point, I make a transaction, and some record of the number falls into the wrong hands. And if I'm now required to regurgitate the security code as well to complete a transaction, what's to keep the fraudster from intercepting my security code as easily as he did the original credit card number? My guess is that, since I did a lot of online transactions before this new security-code standard was adopted by retailers, the bad guys have had a lot more opportunities to intercept just my credit card number, and only a few opportunities to get my card number and my super-secret special code. So the requirement of entering a security code has some marginal value. But as time passes, and my super-secret special code passes over the Internet to more and more retailers, the likelihood that it will be intercepted will increase as well. What then? Am I given another code, once this interceptible data reaches a critical mass? Is there some important factlet that I've missed here, or are our credit card numbers going to get longer and longer and longer, for our greater protection (and increased annoyance)? Ugh. And not remotely on point, so sorry. A question I have is why, suddenly, I’m asked to provide this additional 3-digit “security code” whenever I buy something online with a credit card.

The security code appears on my card and not, presumably, on the magnetic strip. I suppose the “genius” of it is that someone who simply swipes my credit card number won’t have the security code unless that person also has access to my card. Fine.

But if I’m the only one holding my credit card, the only way any fraudster will get access to the number is if, at some point, I make a transaction, and some record of the number falls into the wrong hands. And if I’m now required to regurgitate the security code as well to complete a transaction, what’s to keep the fraudster from intercepting my security code as easily as he did the original credit card number?

My guess is that, since I did a lot of online transactions before this new security-code standard was adopted by retailers, the bad guys have had a lot more opportunities to intercept just my credit card number, and only a few opportunities to get my card number and my super-secret special code. So the requirement of entering a security code has some marginal value.

But as time passes, and my super-secret special code passes over the Internet to more and more retailers, the likelihood that it will be intercepted will increase as well.

What then? Am I given another code, once this interceptible data reaches a critical mass? Is there some important factlet that I’ve missed here, or are our credit card numbers going to get longer and longer and longer, for our greater protection (and increased annoyance)?

Ugh. And not remotely on point, so sorry.

]]>