WebApp Sec mailing list archives
RE: storing SSNs, CCNs, password in the DB
From: "Wall, Kevin" <Kevin.Wall () qwest com>
Date: Tue, 1 Mar 2005 11:18:34 -0600
Andrew McAllister wrote...
Some companies like banks will claim that they require SSN's because of money laundering laws, but I have yet to find the actual law that does require it.
The argument (from banks) that I always hear is that they need your SSN because it's your "taxpayer ID" and they need your taxpayer ID so that they can create a 1099-DIV for you and report your interest to the IRS (which they are supposedly required to do by some federal banking regulation or another). So perhaps if you can find an interest-free account (there's not many that offer these--in fact, most banks offer interest bearing checking accounts nowdays), then you MIGHT be able to open an account at the bank w/out providing your SSN, but I sincerely doubt it. Instead, you're likely to get "I'm sorry sir, but it's just our policy to require that you give your SSN." Of course, as others on this list have pointed out, I suppose you could accidentally make a typo when writing down your SSN. (Note: I'm _not_ recommending this; you probably still could be reported as engaging in fraudulent activities and who knows whether the bank will demand that you show your SSN card at some future date.) Of course, I'll concede my SSN to a bank who is paying me interest. OTOH, I'm not going to give it to my veterinarian who asks for it or various other places. Thanks to HIPAA at least the HMOs are no longer using our SSNs for the account number on the medical cards. But I digress... -kevin --- Kevin W. Wall Qwest Information Technology, Inc. Kevin.Wall () qwest com Phone: 614.215.4788 "The reason you have people breaking into your software all over the place is because your software sucks..." -- Former whitehouse cybersecurity advisor, Richard Clarke, at eWeek Security Summit
Current thread:
- RE: storing SSNs, CCNs, password in the DB Jeff Robertson (Mar 01)
- <Possible follow-ups>
- RE: storing SSNs, CCNs, password in the DB McAllister, Andrew (Mar 01)
- RE: storing SSNs, CCNs, password in the DB Wall, Kevin (Mar 01)