Storing Social Security Number WAS:Encryption/Decryption Question
in [General]
|
Prev: Encryption/Decryption Question
Next: Storing Social Security Number WAS: Encryption/Decryption Question
From: tedd on 12 Aug 2010 09:45 At 5:30 PM -0700 8/11/10, Daevid Vincent wrote: > > -----Original Message----- >> 2. Were told it was a social security number >> (i.e., in the form of 123-45-6789). > >Stop. > >Why are you even contemplating storing SS# ?? Daevid et al: Why? Because my client wants to store SS numbers on their online system to aid them in their collection business. You see, the client in this case is not asking people for their SS numbers, but rather trying to collect unpaid debts. Their clients (i.e., creditors) have provided them debtor data, which may/may not include SS numbers. My current thoughts are that the entire process will be behind a password protected section of a web site where only the people working for the firm will have access. The point of the system will be to aid collectors in their collection efforts and to allow them to conduct business anywhere they can find Internet access. Of course, this will not stop employees from abusing the data, but that possibility also exist in the hard-copy only office as well -- that's a criminal act and will be handled accordingly. The difference here is that the data can be accessed online via password authorization. Is that too easy? My effort here with my "Encryption/Decryption Question" is to focus on the event that the web site may hacked and access to the database is provided to an intruder. In such case, then the SS numbers residing there should be encrypted and that was my current quest to resolve. Now, if federal law prohibits storing SS numbers in an online database that's accessible via password authorization then that's "end-of-story". I'll simply tell the client that federal law prohibits such practice and that will be the end of it -- it makes no difference to me. However, if the practice of storing SS number online is not prohibited by law, then what are the appropriate "due diligence" steps necessary to protect such data? Cheers, tedd -- ------- http://sperling.com/
From: Ashley Sheridan on 12 Aug 2010 09:51 On Thu, 2010-08-12 at 09:45 -0400, tedd wrote: > At 5:30 PM -0700 8/11/10, Daevid Vincent wrote: > > > -----Original Message----- > >> 2. Were told it was a social security number > >> (i.e., in the form of 123-45-6789). > > > >Stop. > > > >Why are you even contemplating storing SS# ?? > > Daevid et al: > > Why? Because my client wants to store SS numbers on their online > system to aid them in their collection business. > > You see, the client in this case is not asking people for their SS > numbers, but rather trying to collect unpaid debts. Their clients > (i.e., creditors) have provided them debtor data, which may/may not > include SS numbers. > > My current thoughts are that the entire process will be behind a > password protected section of a web site where only the people > working for the firm will have access. The point of the system will > be to aid collectors in their collection efforts and to allow them to > conduct business anywhere they can find Internet access. > > Of course, this will not stop employees from abusing the data, but > that possibility also exist in the hard-copy only office as well -- > that's a criminal act and will be handled accordingly. The difference > here is that the data can be accessed online via password > authorization. Is that too easy? > > My effort here with my "Encryption/Decryption Question" is to focus > on the event that the web site may hacked and access to the database > is provided to an intruder. In such case, then the SS numbers > residing there should be encrypted and that was my current quest to > resolve. > > Now, if federal law prohibits storing SS numbers in an online > database that's accessible via password authorization then that's > "end-of-story". I'll simply tell the client that federal law > prohibits such practice and that will be the end of it -- it makes no > difference to me. > > However, if the practice of storing SS number online is not > prohibited by law, then what are the appropriate "due diligence" > steps necessary to protect such data? > > Cheers, > > tedd > > -- > ------- > http://sperling.com/ > If you are storing the data in a DB, then I'd consider using different levels of access to that via different DB users, which should offer an extra layer of security in protecting the data. In the UK, I believe you are allowed to store details such as these in an online system, but the whole server itself has to pass a PCI check, which ensures that various server modules are up-to-date, etc, which should hopefully block another hole or two. Thanks, Ash http://www.ashleysheridan.co.uk
From: tedd on 12 Aug 2010 11:32 At 10:56 AM -0400 8/12/10, Bastien Koert wrote: >However, the data must be stored in an encrypted format and it must be >transmitted via SSL. We do it that way (taking both a hash for >searching for the ssn and the encrypted form) and haven't had any >issues as yet. The data will be encrypted and only accessible behind an SSL via an authorization process -- that's given. I have given some thought about searching the database for encrypted SS#'s and have been perplexed as how to do that. For searching standard fields, it's a piece of cake to use %LIKE%. For example, let's say the investigator has a piece of paper that has the number "393" on it and want's to search the database for all phone numbers that contain "393" -- he could use %LIKE% and that would produce 517-393-1111, 393-123-4567, 818-122-4393 and so on. That's neat! However, if the field is encrypted, then how do you preform a partial search on that? You can't encrypt the search string and use that because you need the entire string. So, how do you solve that problem? If you hash the number of store the hash, then you can create a hashed search string and use that. But again it doesn't work for partial %LIKE% searches. For example, I couldn't search for "393" in a SS# -- I would have to search for the complete SS#. So, how do you solve the %LIKE% problem with encryption and hashes? >The other thing to consider is that more and more states are looking >to encrypt PII data >(name, dob, ssn etc) for more security. I'm considering that as well, but that also raises more searching problems as described above. >You could consider storing just the encrypted ssn and link data in a >separate database, that would require a different logon to access when >the data is required. Interesting -- I might also hash the foreign link. But I have to think about that. Cheers, tedd -- ------- http://sperling.com/
From: tedd on 12 Aug 2010 11:55
At 11:39 AM -0400 8/12/10, Joshua Kehn wrote: >Would one option be to have a table of unencrypted SSN's with an >encrypted id for the user. So you could search the SSN's and then >connect them, however if the table was dumped you wouldn't be able >to link it directly to the person (as it would just have a SSN and >an id). > >Regards, > >-Josh No, the problem here is to keep the database from containing any raw SS#. It is absolutely necessary to encrypt the data. The question is: 1. Is it legal? 2. How to do it? Cheers, tedd -- ------- http://sperling.com/ |