Blog

Jul 7, 2015

Toss Your Credit Cards and Other Security Musings – By: Sherri Hammons – CIO, IQ Navigator

Posted by in categories: privacy, security

Toss Your Credit Cards and Other Security Musings – By: Sherri Hammons

“Let’s post our credit card numbers and even those pesky CSV codes on the back. (Better yet, let’s just do away with credit cards altogether because, at the end of that day, it’s just a bank taking on the risk that you’ll pay back a loan.) Let’s post our social security numbers and our driver’s licenses. Let’s post everything. Overnight, the incentives to steal your data are wiped off the face of the earth. The dark databases are worth zero.”

Last year, my personal credit cards and banks were breached five times. Last week, another personal breach. Each time, I was informed by email and snail mail, a new credit card or bank account was issued, and I bought more monitoring for my credit or, in the case of one of the breaches, the company that was breached bought additional monitoring. About the fourth time, I started wondering why our industry doesn’t do something else. The traditional IT security model is dead, but we just keep propping up the body. Hope has become our strategy in the cyber security war. Read more

2

Comments — comments are now closed.


  1. In theory, Sherri Hammons open data security model makes a lot of sense. Biometrics, geographic authentication and multi-factor authentication can thwart garden variety data hackers. But in practice, I don’t think that her model cuts it…

    The hackers would return to social engineering on a grand scale. Rather than spoofing digital credentials, they would deceive grandma and grandpa into using their real-world authentication credentials toward their needs.

    They can do this today, of course, but I have an unscientific hunch feeling that it would become easier, if we no longer relied on memory credentials (card numbers & passwords) to gain access to wealth and web sites.

  2. I much prefer Passfaces. It is a brilliant and very easily implemented access/authentication mechanism that works perfectly—even with older or non-tech-savvy users. It beats most 2-factor authentication schemes and without almost zero user training.

    I wrote about it in my Blog. http://awildduck.com/?p=2268 — I will add a posting here at Lifeboat.