ChoicePoint Data Stolen By Imposters

swight1701 writes "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties." No obvious notice appears to be on their website."

Re:if i *accidentally* ...

[dgatwood]

More than that, the question is bogus. No computer containing credit card information should have anything less than an air gap between it and the internet. On most web sites, it is entirely practical for the credit card transaction to occur and for the data to be disposed of immediately. If the card transaction fails to occur immediately, the info should be printed in a way that the transaction can be restarted ONLY with human intervention.

If continuing account activity is required, the card number should be printed as a bar code (encrypted with a public key, if desired), along with the account number. A person should carry that piece of paper to the billing computer, which should NOT be on the public internet, nor anywhere near it.

There is no excuse for credit card information to reside at any time on any system that is connected to the net, regardless of how 'trusted' that system is. Trusted just means that somebody else gets sued. You still have the embarrassing responsibility of telling your customers that you leaked their credit card numbers and that they are being used the son of a former Nigerian minister, or whatever.... No, the right way is to not expose yourself to the potential for such a problem in the first place.