Personal Data on the Web

[Dragoon]

After the recent data and thefts from two major gaming web sites. Xbox being the latest. I got to thinking, (a painful process for me) of websites such as TMP and many others always ask for Date of Birth a password and a clue such as mothers maiden name.

The same sort of data that you need to access a bank account or worse still a credit card account.
Now I'm not saying that TMP is going to buy a ready painted DBA army on my credit card, but think of a much, much larger internet company or one of a very few, that we all use.

My son, an IT consultant says there is no such thing as a secure site, just some with varying degrees of security.

A secure PC , from cyber crime, isn't connected to the internet.

I use a normal network including two printers in my office and a PC not on the network for sensitive data.
When I need to add a new customer the data is split between non sensitive and all other data.

Of course, if I had a burgulary and they decided to take a second hand PC, undoing a nightmares worth of cable, instead of ten grands worth of cigarettes, then well, it's not safe.

Not practical for a lot of companies, but if things did go wrong, I would be able to claim due dilligence, thats the new buzz word that coucils use to stuff small businesses.

So after boreing everyone rigid, ask yourself this the next time you set up a free mail account, do you really need to give your real date of birth or any other clue to a password.

Just because I'm paranoid, it doesn't mean they're not out to get me.

Regards

Mike 'er smith  (age 29)  ;-)

[Maenoferren]

Er hi Mike err smith I have a part name, not my full name and the date of birth is actually my sister's date, my brothers month but my year  I dont know what the hell it is so nobody else gets a chance
Cheers
errr Monty clarke

[Dickie255]

Just because I'm paranoid, it doesn't mean they're not out to get me.

So very true!

[Leon]

It is slightly worrying.  Personally, I'm useless and only have a couple of passwords for any site I use.  I try not to sign up for too many things though, and won't buy from sites who require too much info.

It was something we considered with Pendraken, as we didn't want to ask customers for loads of info, as it puts people off buying.  So we kept it to a minimum, and so far there's not been any complaints.  It was also a factor in choosing PayPal, as it means that we have no access to anyone's payment details, so don't have to worry about any of those issues.

[wargamesbob]

I agree that asking for mothers maiden name or other info that banks normally want is bad practice and I always fire off a complaint/strongly worded comment to any company that asks for one. Though I must admit that I also fire off complaints to companies who list Wales as a country but not the Isle of Man!  I too am a somewhat password lazy and generally use the same username and password for all non sensitive sites and "intelligent well constructed passwords" (ones that will take fifteen or more seconds to break) for anything that involves money. Multiple email accounts are also a useful tool for trafficking spam and other trash away from your more important mail such as the Pendraken newsletter.

Having said all that I would rather pay by a computer secure link than give my card details over a mobile phone. I once worked with a gang of plate-layers who used to listen to scanned phone calls during lunch as it was more interesting than listening to the local radio station! When all is said and done though the only really safe method to pay for something is to pay cash, providing that your not mugged on the way to the shop of course

[Leon]

I was reading an article the other day actually, which I've just remembered.  PayPal/eBay are developing something called X.commerce, where instead of logging into a website as normal, e.g. Amazon, Pendraken, etc., you would login instead using your PayPal details.  This takes away all the storage of data on all your various shopping sites, and instead keeps it all in one place.  

So for example, we would install the X.commerce code on the Pendraken website, you would then login into our site using your PayPal login, and buy whatever you wanted, checkout, etc.  We wouldn't see or store any of your details at all, the only people with that information would be PayPal.

Now whether PayPal and eBay having that kind of monopoly on everyone's personal details is a good thing, is another issue.  

...your more important mail such as the Pendraken newsletter.

Good to know someone reads it!

[Techno]

Do the same as you Dragoon.

Keep all of our 'sensitive' data on an unconnected PC too !

Cheers - Phil.

[Lord Kermit of Birkenhead]

Having had a postman who refused to climb steps and was eventually sacked for stealing mail nothing is secure.

Did we all give our CC numbers over the phone in days gone past.......

Nothing is 100% secure, take the risk.

IanS

[Hertsblue]

Not often I agree with Ian but in this case I do. The actual risk is about on a par with walking out in front of a bus, and worrying about what might be is usually futile. So long as you are sensible and take reasonable precautions (like looking both ways before stepping out) the odds are acceptable.

[GrumpyOldMan]

Hi

I've just gone and altered my profile to hide my email address because some clown has harvested the email address to cold canvas me in the hope that I might sell him some of my 10mm stuff to his business (he obviously hasn't seen my painting skills or lack thereof  ).

Unfortunately the days when you could leave such information around is long gone, mores the pity.

Cheers

GrumpyOldMan

[Luddite]

Interesting topic.

Especially as i'm a Data Protection Officer...  

It's suprising how many online commercial operations process personal data yet aren't on the Data Protection Public Register.

[Techno]

Can I ask a question here chaps ?

With the effing cold calls 'one' gets....Would it be classed as assault if you blasted a ref's whistle down the phone when you get one of these ?
Some 'peasant' (that sounds as though he's phoning from India) rings me on a fairly regular basis and always asks me if I'm Mr Bevan.......That's NOT my surname....And I'm ex directory....so it must be a random number generator.

I give some abuse and put the phone down....But I'd like to do MORE.

Cheers - Phil

[nikharwood]

Don't put the phone DOWN Phil - but put it down...without hanging up; these muppets have a script which they'll keep reading for a good while before they notice no-one's answering: cost them some money  

I also do this with junk email: take the junk letter from Company A & remove any personal info [name, address etc] & put it into the prepaid envelope from Company B - and vice versa - put them back in the post so that they receive junk mail and have paid for the privilege. Strangely satisfying.  

[Leon]

I also do this with junk email: take the junk letter from Company A & remove any personal info [name, address etc] & put it into the prepaid envelope from Company B - and vice versa - put them back in the post so that they receive junk mail and have paid for the privilege. Strangely satisfying. 

  I like that!

I tend to put the phone on the side as well, and leave them chatting away to themselves for a bit.  Or I tell them "Hang on, I'll just get him/her..." and leave it. 

[Techno]

I think that's good advice Nik/Leon...I AM tempted to put on a silly voice and give completely made up details sometimes....Then again...putting the ****ers 'on hold'  sounds a satisfying idea.

Thanks - Phil.