Comments on: Storing Private Information In An Online Database http://aldebaranwebdesign.com/blog/storing-private-information-in-an-online-database/ Just another WordPress weblog Sat, 15 May 2010 18:18:37 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Jill Olkoski http://aldebaranwebdesign.com/blog/storing-private-information-in-an-online-database/comment-page-1/#comment-5148 Jill Olkoski Fri, 31 Jul 2009 16:35:23 +0000 http://aldebaranwebdesign.com/blog/?p=634#comment-5148 Hi Tina, Excellent question. So far, I've never had an ecommerce client who needed to do a credit check. I presume that this kind of check would be necessary to get a loan, versus making a purchase. In general, I would NEVER submit my SSN number via any online service, unless it was the government or one of the big three credit rating agencies. Just too dangerous, my personal opinion. Whenever I've been required to give SSN number, it was either via phone, or via fax. Note, that I've been contacted by a few loan companies who wanted me to do just this, to collect SSN numbers and send them in the clear, via email. I've refused these jobs, concerned they might be scams. Now, I'm no security expert. I have heard that it's possible to encrypted in the database, but I haven't done this before - it's simply out of the scope of what I'm comfortable doing. If you need to collect and store SSN numbers, you should consult with a web developer security expert who has done this type of thing before. I'm sure there are other things as well, it's just out of my field of expertise. Hi Tina,
Excellent question. So far, I’ve never had an ecommerce client who needed to do a credit check. I presume that this kind of check would be necessary to get a loan, versus making a purchase. In general, I would NEVER submit my SSN number via any online service, unless it was the government or one of the big three credit rating agencies. Just too dangerous, my personal opinion. Whenever I’ve been required to give SSN number, it was either via phone, or via fax.

Note, that I’ve been contacted by a few loan companies who wanted me to do just this, to collect SSN numbers and send them in the clear, via email. I’ve refused these jobs, concerned they might be scams.

Now, I’m no security expert. I have heard that it’s possible to encrypted in the database, but I haven’t done this before – it’s simply out of the scope of what I’m comfortable doing. If you need to collect and store SSN numbers, you should consult with a web developer security expert who has done this type of thing before. I’m sure there are other things as well, it’s just out of my field of expertise.

]]> By: Tina http://aldebaranwebdesign.com/blog/storing-private-information-in-an-online-database/comment-page-1/#comment-5147 Tina Fri, 31 Jul 2009 14:48:51 +0000 http://aldebaranwebdesign.com/blog/?p=634#comment-5147 This is good information. I'm curious how you would handle a client who requires Social Security number information necessary to process a credit check on a customer. Suppose the client is very adamant that this information be captured, as it's vital to his business. I would assume the obvious: if it's to be stored in a database, the SS number needs to be encrypted and the data transfer needs to be via SSL. But what other security measures can be taken that haven't already been mentioned above? This is good information. I’m curious how you would handle a client who requires Social Security number information necessary to process a credit check on a customer.

Suppose the client is very adamant that this information be captured, as it’s vital to his business.

I would assume the obvious: if it’s to be stored in a database, the SS number needs to be encrypted and the data transfer needs to be via SSL. But what other security measures can be taken that haven’t already been mentioned above?

]]>