Muadib wrote:
Srilm wrote:
Muadib wrote:
The obvious question is, why are our CC numbers being saved on a SL computer in the first place?
I understand doing a pre-authorization for a specific amount to cover a reservation for xx days stay at the SL, but beyond that, NO CC should EVER be stored indefinitely...
It's all what you're comfortable with. I hate cash business, although it's necessary sometimes. Cash is anonymous which makes it convenient but also easy to steal without repercussions. I let EVERYBODY I do business with store my cc numbers. It's just a number. they're stored on amazon, ebay, paypal, and a hundred other businesses. i can never be hurt. if every crook in the world gets my cc number, i just cancel the card. problem solved. sportsmens and every other merchant stores the numbers for convenience. you call up or get on the internet -- boom -- they got your number right there. if the number is compromised, cancel the card, simple as that. a cc number is not your identity, it's not your cash, it's nothing but a number. get another one if you need to.
SR
I agree that using cash is a pain, but you never run the risk of having your CC compromised when paying in cash... You say you have never been hurt by having CC numbers stolen, I have... In the long run the CC company refunded the disputed amounts, but in one occurrence I was in a foreign country when my CC was compromised... The CC company froze my accounts due to suspicious transactions... I did not realize it until I tried to use the card and was informed it had been denied and was put on hold, which unto itself caused angst and embarrassment... Try unfreezing your accounts or getting new accounts and getting replacement card(s) while in a foreign country... The aggravation alone caused me to no longer use CC except for high-ticket items such as hotels and air fares with known entities...
As far as a company keeping your CC number on file, it is more of a risk than a benefit as the current situation highlights... There is absolutely no reason for any company to store CC numbers beyond the date of the transaction... Except in the case where it provides a convenience to the customer on return visits, such as eBay, PayPal, etc... In the case of the SL, I see no benefits from them storing my CC number... In fact, I was unaware that they were doing it in the first place and am a bit perturbed about it...
Hopefully the new measures that Bill has put in place at the SL will mitigate the risk...
New plan decided this morning to take care of this and a few other issues with our system.
First Bit Locker, which is built directly into the Windows 7 platform to be a more powerful solution. The implementation I recommend solves the problem of the bad guys getting the password because we can revoke their access even after equipment is stolen and removed from the building. The one potential downside is that it is impossible to login to the computer if the Internet is down, but anyone who steals your computer also has to deal with the same problem, absolutely no access unless they hook it up to the Internet, and by then we will have revoked the password they demanded from your employee.
http://windows.microsoft.com/en-US/wind ... n-Overviewhttp://www.youtube.com/watch?v=zj7EcpIfAgIWe also have more control over the PC with Bit Locker and Active Directory. For example the receptionist gets one password and you have another. If they connect a USB stick or removable drive the system will not allow them to copy any data from the computer, and we have a log of the attempt. Only when you login personally with your password are these controls removed.
The solution is also both software and hardware because of a special embedded microchip, based on the Trusted Computing Model that is included in your PC. The hardware element prevents physical tampering with the computer while it is regular use that might be used in attempt to undermine the software controls.
The encryption also only deals with half of your problem, which is protecting the data. With a cloud backup solution the computers will securely send a backup of their contents to the Internet at a predetermined time every evening. If these computers are lost or destroyed, then I can come by in the morning with a new computer and have all your data restored on the new computer in a couple of hours.
http://www.timelinecloud.com/The above link has a good video on the backup solution you can see if you click Watch Demo.
In the past the Active Directory and Bit Locker has only been available for large corporate clients, but my business partner and I are in the process of setting up a technology platform to service a group of small and medium sized businesses in Costa Rica.
Our feeling is that the technology has finally arrived, and given the amount of theft and data insecurity in Costa Rica that it is time to bring business owners a solution they can use to protect their data from both internal (employees) and external (hackers and thieves) theft.
Thanks,
Bill
Login
Register
FAQ
Search
Calendar
