RE: storing SSNs, CCNs, password in the DB

["Wall, Kevin" <Kevin.Wall () qwest com>]

Andrew McAllister wrote...

> Some companies like banks will claim that they require SSN's
> because of money laundering laws, but I have yet to find the 
> actual law that does require it.

The argument (from banks) that I always hear is that they need
your SSN because it's your "taxpayer ID" and they need your
taxpayer ID so that they can create a 1099-DIV for you and report
your interest to the IRS (which they are supposedly required to
do by some federal banking regulation or another).

So perhaps if you can find an interest-free account (there's
not many that offer these--in fact, most banks offer interest
bearing checking accounts nowdays), then you MIGHT be able to
open an account at the bank w/out providing your SSN, but I
sincerely doubt it. Instead, you're likely to get "I'm sorry
sir, but it's just our policy to require that you give your SSN."

Of course, as others on this list have pointed out, I suppose
you could accidentally make a typo when writing down your SSN.
(Note: I'm _not_ recommending this; you probably still could be
reported as engaging in fraudulent activities and who knows
whether the bank will demand that you show your SSN card at
some future date.)

Of course, I'll concede my SSN to a bank who is paying me
interest. OTOH, I'm not going to give it to my veterinarian
who asks for it or various other places. Thanks to HIPAA
at least the HMOs are no longer using our SSNs for the account
number on the medical cards. But I digress...

-kevin
---
Kevin W. Wall           Qwest Information Technology, Inc.
Kevin.Wall () qwest com Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit