Welcome to Extract’s new blog. Today in the mail, my wife and I got new replacement credit cards. We didn’t order them. We got them because there was a “possible” security failure and the credit card company isn’t sure who may have seen our credit card number. There was no phishing. Our numbers weren’t skimmed. Our wallets weren’t stolen. It was the credit card company’s security problem.
Big deal, right? Identity theft happens all the time. This is the third time we’ve gone through this in about as many months.
Every time this happens we have to call all of our automatic payments, like for church or the dry cleaner, and let them know the new number. That is a big deal. My wife and I didn’t cause the problem but we are certainly impacted by it. So far, our accounts haven’t been hit and we have no reason to believe our identities have truly been stolen.
I suspect these databases have more information in them, including personally identifiable information, than is required for business purposes. That’s an easy mistake to make... just dump the information in and move on. Many databases contain information that is simply not needed and this information results in unwarranted risks. It is especially unwarranted because these credit card databases are getting probed all the time, risking our personally identifiable information to identity theft.
Even if all the information is needed, they could use techniques like truncating a portion of the information. That would help protect the data but still make the database useful. Extract provides that service for our customers on a regular basis.
Oh well, I guess the silver lining is that I’ve got a shiny new credit card now.
About the Author: David Rasmussen
With 30 years’ experience leading software companies, David is driven by the challenge to consistently find groundbreaking ways to solve customer problems and finds it rewarding to hit the customer’s target and create a great team, build a solid infrastructure, and emerge with a strong value proposition.