Tuesday, September 05, 2006

Reducing data's risk at rest

Robin Wilton recently wrote a article questioning whether people could do anything to safeguard their own data when you hear about data losses at more and more companies:

This recent reported lapse at AT&T, exposing some 19,000 sets of customer details (including credit card details) is as good an example as any. Short of simply not giving their credit card details to any third party, it's hard to see how AT&T's subscribers could modify their behavior in a way which would mitigate this particular risk.

I do use one important feature of my DiscoverCard to help mitigate risk associated with such loss: Discover's Secure Online Account Number feature.

With this feature, I create a unique account number that I provide to each merchant I work with (and I'm up to 335 network identities -- most of which include credit card info). The card, unlike the one-time-use cards, can be repeatedly used at the same merchant, acting pretty much like the regular account number for that merchant. However, once used at a particular merchant, the card is not usable at any other merchant.

This restriction to a single merchant makes the data fairly useless should it be stolen. Of course, they do get my other data that is stored at the same vendor and this could be used for identity theft attacks, but at least the risk of them being able to do something with the credit card itself is mitigated.

Now, if I could only get Discover to get rid of their flashy flash application and make this feature available from a simple web page, life would be faster, happier, and easier.

Tags : / / / /

No comments: