Today’s commerce occurs very much online, with products and services ranging from A to Z. Hence, these many online merchants have hundreds of millions of people around the globe registered with them for convenient purchases.
To verify authentication as the true user of these services, the registrant must supply personal data. If cyber criminals get ahold of this data, much of it can be changed by the user after the breach, such as user name, password and even the address they’ve been using.
However, the Social Security Number and date of birth cannot be changed. When cyber crooks get personal data off of these online retailers and service providers, it invades the customer’s privacy.
Online enterprises must take full responsibility for stolen data. It’s a real serious issue when permanent (“static”) data like DOB and SSN is breached, as opposed to temporary data like a password or answer to a security question.
Of course, the registrants to these sites do bear some culpability when they post their personal data in the public domain. But business sites make posting personal data a requirement to use their site. Unique data like the SSN should not be a requirement.
The online commerce world should know that such a requirement destroys confidence in current and potential customers, and that their competitors who abandon this practice will have the upper hand in gaining and retaining business.
More and more users are realizing that the security systems of online enterprises are weak, putting users at risk for identity theft—a risk that they’re catching onto.
NSS Labs, Inc., a world leader in information security research and advisement, has the following recommendations:
- Online businesses should limit requiring data that can be shared among other enterprises.
- Online enterprises should be designed with the anticipation of possible data breaches; this way they’ll minimize risk and be more prepared to mitigate problems.
- Third-party data breaches should be analyzed by online companies to protect users if data seeps out.
- “At risk” users should be able to be re-authenticated.
- Governments need to reassess the idea of using static data like DOB and SSN.
- Online enterprises must embrace the possibility that legislation will eventually make it illegal to require SSNs from users.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Check out Google’s Password Alert
Cyber crooks have phony websites that masquerade as the legitimate site you want to log onto. They’ve spun their web and are just waiting for you to fly into it. Google now has Password Alert, which will tell you if you’ve landed into such a non-Google web. For the Chrome browser, this extension will prompt the
- Log Out, Log Out, I repeat, LOG OUT
One of the most common yet underreported causes of data breaches is users’ failure to properly log out of public PCs. Is your work computer accessible to others, perhaps after business hours? How about your home computer? Does its use extend beyond your immediate family, to your kids’ friends or babysitters, for example? Do you ever
- What is “Social Registration”?
Social media has evolved into the fifth major form of media: print, radio, television, Internet, social. While social media functions on the Internet, there’s no denying that it is its own platform. It encompasses most forms of media in one tight and neat package. Some social networking sites have more users than number of residents
- It’s Time for You to Use a Password Manager
If you are like me, you have several online accounts, each with a user name and password. Though it is tempting to use one password for every account, this can be troublesome as it is a huge security risk. So, what is your only option? To use a password manager. According to a recently concluded survey
- Weak Passwords Can Cost You Everything
If your computer or mobile was hacked or your passwords were cracked and your data was lost or if all the websites you have an account with were hacked and all that information was the hands of a criminal, how devastated will you be? In McAfee’s study on the value of digital assets, consumers estimated the total