SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Credit Debate


The Credit Debate

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62454 Visits: 19102
Comments posted to this topic are about the item The Credit Debate

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Adam Haar
Adam Haar
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 29
Biometric. As a consumer, if my credit card data are stolen I can cancel them and get new cards. If my biometric data are stolen, I can't easily get new irisis or fingerprints (nor would I be willing to). Security for that reason must be much, much greater than we currently have.

If I'm building a device to store biometric data for your 'home garage door opener', I need to ensure that it can't be easily broken and those data used to access your bank account. Of course, a garage door opener won't have the resolution of a bank's biometric data, but another bank's database will. As might a building's security system.
majorbloodnock
majorbloodnock
UDP Broadcaster
UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

Group: General Forum Members
Points: 1467 Visits: 3062
If I'm honest, I think the question's being tackled from the wrong end. As Steve alluded, it's the (mis)use, potential or real, to which the data is put that is the important factor, not what type of data it is.

As a person, consumer and parent, I'm more concerned about my family's safety than that of my bank account, so I value the security of my childrens' name and address data more than that of my credit card number. However, as a DBA, I know many companies might get twitchier about a credit card number being mistakenly disclosed than someone's address.

I think the important thing, therefore, is to have an accurate picture of which areas of data under your responsibility are most important to keep secure, and the damage that not doing so could cause.

Semper in excretia, sumus solum profundum variat
Andy sql
Andy sql
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1603 Visits: 1315
As a DBA, the unauthorised copying of any data under my control would be deeply embarrassing. But that wasn't your question!

My first thoughts were the same as Adam's. But then I started thinking about practical uses of stolen data. Credit Card data can be used instantly for financial gain, with very little chance of being caught.

What would I do with stolen biometric data? I suppose I could try and sell it, but what would the buyer do with it? Break into someone's garage? You have the biometric data, but that doesn't allow you to circumvent the fingerprint scanner on bolted to the wall. You would have to access the main computer which processes the scans. Which means you would have to break into the house first....

And at airports and banks? What possible use is a USB stick with stolen biometric data, when the security guard tells you to look into the iris scanner? In theory latex fingerprints and contact lenses can be made from biometric data, but this is hardly within the realms of most criminals.
roger.plowman
roger.plowman
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1247 Visits: 1245
You would have to be insane to contemplate storing biometric data, especially en masse. While only in its infancy biometric data is the holy grail of identity theft. It can't be (easily) changed by a person, and theft is the *least* of your problems.

Consider if a bad guy wanted access and compromised your system. He substitutes his biometrics for X, he's in and nobody the wiser. When he's done, he switches back.

Perfect crime.

Biometrics, a *REALLLY BAD IDEA*. Especially if it becomes widespread.
Grant Fritchey
Grant Fritchey
SSC-Dedicated
SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)

Group: General Forum Members
Points: 39763 Visits: 32640
Honestly, neither.

What scares me is medical data. I was working for a software start-up that provided software to doctors. Not only did it store full patient history, but it had diagnostic software to help the doctor perform a quick diagnosis of the patients. It was a horror show of an app, built over a series of years on top of what was originally a Paradox database. One day, one of the nurses that worked with us said to me, "We're going to kill someone with this." And she meant it. I started looking for new work immmediately.

Killing people scares me. Losing their money concerns me, but it doesn't scare me.

----------------------------------------------------
The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood...
Theodore Roosevelt

The Scary DBA
Author of: SQL Server Query Performance Tuning and SQL Server Execution Plans
Product Evangelist for Red Gate Software
Dave23
Dave23
SSC-Addicted
SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)SSC-Addicted (413 reputation)

Group: General Forum Members
Points: 413 Visits: 1806
Grant Fritchey (3/28/2008)
Honestly, neither.

What scares me is medical data.


I have to agree. Medical data is definately its own kind of stress. That's what I've been dealing with for the past 10 years, from confidential clinical drug trial data, to HIPAA protected disease surveillance data, insurance claims, and clinical encounter data. I don't think that working with either financial or biometric data would be as harrowing.
jay-h
jay-h
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1913 Visits: 2337
The danger of lost biometric data is far more, though at the moment it is of minimal use. But things like SS, bank account info, etc can be changed if compromised, your bio data cannot. So 15 years from now when it's used extensively for everything from employment to insurance, you will at best be constantly putting out fires, or at worst have your reputation and finance in constant ruin.


btw why would anyone use biometrics on a garage door?

...

-- FORTRAN manual for Xerox Computers --
Matt Miller (4)
Matt Miller (4)
SSChampion
SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)

Group: General Forum Members
Points: 12211 Visits: 18574
Grant Fritchey (3/28/2008)
Honestly, neither.

What scares me is medical data. I was working for a software start-up that provided software to doctors. Not only did it store full patient history, but it had diagnostic software to help the doctor perform a quick diagnosis of the patients. It was a horror show of an app, built over a series of years on top of what was originally a Paradox database. One day, one of the nurses that worked with us said to me, "We're going to kill someone with this." And she meant it. I started looking for new work immmediately.

Killing people scares me. Losing their money concerns me, but it doesn't scare me.


Agreed. I've been involved in a series of these kinds of scenarios and it's pressure I'm just not comfortable with. It's scary stuff to have to handle. Credit can be repaired, but killing someone with bad data is a one-way ticket: there's no "replaying the transaction logs" for that. I've steered clear as much as possible from being involved in direct patient care systems.

The turning point: I was once asked to be on an eval team for an RFID system to identify patients. The RFID badges were integrated into the order system, which would then send info machines around the patient. The problem was - the effective range of the badges was 1-2 feet, which worked great under normal circumstances; when the patient had a problem though, machines routinely get shoved out of the way...and often into the effective range of the OTHER patient in the room. So the machine starts prompting that the "orders"/dosage, etc... have changed.....The system ended up being scrapped at our hospital, and purportedly updated so that doesn't happen any moer, but still - that's a level of perfection I just plain don't want to have to live up to. I have a hard enough time sleeping, and that's with a clear conscience.

As an aside - the kind of depth and breadth information you get on people in addition to all of their health info is astounding enough. Why bother going after just credit card info when you can get their payment info AND every piece of demographic info you'd ever need on them, their family members, the family's financial info....

----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Ben Holcombe-270296
Ben Holcombe-270296
SSC Veteran
SSC Veteran (224 reputation)SSC Veteran (224 reputation)SSC Veteran (224 reputation)SSC Veteran (224 reputation)SSC Veteran (224 reputation)SSC Veteran (224 reputation)SSC Veteran (224 reputation)SSC Veteran (224 reputation)

Group: General Forum Members
Points: 224 Visits: 3531
I am not an old bird but it seem like there was a time when a credit card was something important. Over time the security around a credit card has become more passé. The merchant no longer checks the signature panel, a signature is no longer required for a purchase under a specified dollar amount, you all but receive an activated card in the mail during a marketing promotion. It was much more difficult for you to "lend" your financial identity to someone or have it taken by someone in the past. Now credit cards are known to have these weaknesses and people don't trust them as much. It’s not an item I would pin my identity to anymore.

So the question I see is what will happen when we evolve and biometric data becomes treated in the same manner. What would happen if I no longer trusted my own fingerprints or retinal scan. Would I have an identity anymore? What if one identity was spread across 100 criminals could you ever catch them?
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search