HOME     SITEMAP     RSS     TWITTER     EMAIL    
Search:   

FollowSteph Follow Steph as he posts Blog Blazer Friday
 

Preventable Identity Theft

Identity Theft

Identity Theft is a very prevalent issue in today’s world. It happens too often to be ignored. I’m sure you know at least one person who has been the victim of Identity Theft. And the sad thing is that in most cases it’s very preventable. Even sadder is that most people don’t realize that they might be the cause. Not as in being the victim’s themselves but as in innocently putting other people in harms way. Well intentioned people are doing things they believe are safe but are instead very dangerous.

Let me give you an example. I founded and run a software company called LandlordMax which sells real estate rental management software to property management companies, individual real estate investors, and so on. As part of this, the software allows you to store information on your tenants so that you can figure out what’s going on with your properties. For example, you can keep track of your tenant’s leases, payments, their address, invoices, receipts, employers, contacts in case they skip out on you, notes, basically a lot of information.

What’s scary is that we continually get requests for the software to store additional pieces of information that shouldn’t be stored on any desktop computer. Even on computers secured by computer security experts. For example did you know that Visa and MasterCard explicitly tell you NOT to store the full credit card numbers in your databases, that you can potentially be held liable for doing so. All you’re allowed to store is at most the last 4 digits. The next time you buy something at your local store with your credit card, look at your receipt. All you’ll see is the last 4 digits of your credit card, nothing more. This is not random, it’s a security measure to prevent credit card theft.

Knowing this, you’d be surprised by what confidential information we’ve been asked to store within the software on our users computers. We’ve been asked to store tenant’s credit card numbers, driver’s licenses, scanned images of driver’s licenses, passports, Social Security Numbers, and  so on. Confidential information that should never be stored on any desktop computer.

The scary part is that a desktop computer is not that secure. Not only that, but these are sometimes desktop computers used in homes or businesses of people with little or no security expertise. With no IT (or security) professionals setting up these computers.

But even if only the most advanced computer users stored this type of information, it’s still not enough. These are computers used for everyday usage, not hardened and locked down computers. All it takes is for someone to surf online to one bad website with a browser that has a zero day exploit and it’s game over! In many cases it’s the action of the user that compromise the system, not the system itself. This is also why secured computers are never used for daily activities such as surfing the net. They are locked down so tight that they’re pretty much dedicated to one and only one function (such as a database server).

And even with these systems it’s still a very bad idea. But what’s scarier is that many of the people making these requests are already storing this type of information in plain old Microsoft Word and Excel documents on their laptops. Computer files that are completely unprotected. I also know some people are scanning things confidential documents and saving them as images on their computers, again completely unprotected. These are computers connected to the internet!

This problem isn’t just limited to computers either. How many physical filling cabinets do you think contain all kinds of identity information they shouldn’t? Have you ever rented an apartment or house where the landlord wanted to keep a copy of your drivers license and/or your credit card number?

It’s not that these people want to do harm, it’s that they don’t know any better. Whenever we’re asked about storing these types of information we always tell them we don’t, and then we proceed to very strongly advice against it explaining the issues and how they could potentially be help liable for damages. In most cases that’s the end of it, but unfortunately it’s not always.

What about the poor tenants themselves? How comfortable would you be knowing that your landlord (or the company managing the property you’re renting) has all your information on a desktop computer? Scary isn’t it?

And this is why we will NEVER offer the ability to store this type of information within our software. It’s just bad news on all levels. No good can come of it. This information should never ever be stored on a desktop computer (or in a filling cabinet). Never ever!

And this is why I wrote this post today. From now on we’re going to point people who make such feature requests to this post, and hopefully some of you will too. Let’s try to prevent this from happening. Please do go ahead and comment and share your stories, hopefully we can help people better understand the implications of storing this type of information on their computers. It’s not that they mean any harm, it’s that they don’t really understand the potential dangers. Let’s teach them and hopefully we can reduce identity theft together!



 
Like this article?

Comments:

  •     Anthony
    · May 8th, 2009  · 4:17 am  · Permalink

    What will your customers do instead? Probably storing the data they can’t save in your software in Excel instead. At least it will be their responsability but the problem is still there.

  •     Steph
    · May 8th, 2009  · 2:20 pm  · Permalink

    Hi Anthony,

    You’re right, some might store it in Excel/Word. But at the very least we won’t be part of the problem. And hopefully with this post we can educate as many as possible!

  •     Scott Kane
    · May 9th, 2009  · 9:53 am  · Permalink

    Excellent and timely post, Steph. I don’t blame people for not knowing how dangerous this is – but I do blame them when they know and do it anyway. Hopefully your customers will now not only know that this is bad policy, but also *why*.

    Kudos for addressing in such a conscise and reasoned manner.

Write a reply:





 
FollowSteph RSS
FOLLOWSTEPH'S
RSS FEED!


SOFTWARE AND BOOKS BY STEPHANE GRENIER:

LandlordMax Property Management Software

LandlordMax is the EASIEST
Property Management
Software available!
Try it for free!

Real Estate Pigeon

Real Estate Pigeon
The place to ask and answer
all your real estate questions

Blog Blazers: 40 Top Bloggers Share Their Secrets to Creating a High-Profile, High-Traffic, and High-Profit Blog!

Blog Blazers is a book that
features secrets from the
Top 40 Bloggers on the web

How to Generate Traffic to Your Website ebook

How to Generate Traffic to
Your Website
is an ebook for
to you achieve success


 

FollowSteph
More resources from Stephane Grenier:
PUBLICATIONS
For people who work on the web
Blog Blazers
How to Generate Traffic to Your Website
 
SOFTWARE
The EASIEST Property Management Software available!
LandlordMax


Copyright @2003-2013
LandlordMax Property Management Software

Disclaimer: This is a personal blog about my thoughts, experiences and ideas. The contents of this blog are for informational purposes only. No content should be construed as financial, business, personal, or any other type of advice. Commenters, advertisers and linked sites are entirely responsible for their own content and do not represent the views of myself. All decisions involve risks and results are not guaranteed. Always do your own research, due diligence, and consult your own professional advisors before making any decision. This blog (including myself) assumes no liability with regard to results based on use of information from this blog. If this blog contains any errors, misrepresentations, or omissions, please contact me or leave a comment to have the content corrected.