Mr. Baker, I find it ironic that the very institutions who are guilty of losing so much information are marketing identity theft insurance on the accounts they offer to customers.
I couldn't agree with you more on the serousness of the situation. Paul Hanrahan -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of John P Baker Sent: Tuesday, June 07, 2005 10:22 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Banks In response to my posting from this morning, several individuals have raised concerns in respect to encryption. These concerns clearly have some validity. At the same time, consider the costs to the individuals whose private financial records may have been compromised. If the tapes have been stolen, then 3.9 million individuals face the possibility that their identities will be used to open credit accounts, etc. It will take years and untold amounts of money to correct the problems. Will Citigroup pick up all of the direct and indirect costs incurred by those individuals victimized? Not too bloody likely! Any company that maintains non-public records of private financial transaction has a responsibility to ensure that those records are protected from access by unauthorized persons, whether such access occurs via the company's data processing systems or by access to copies of those records located upon some offline media. In particular, the movement of copies of such records from one secure facility to another must involve additional levels of security above those required for access to that data within a single secure facility. Since physical security measures are clearly not as dependable in the course of such movement, other processes must be implemented. Encryption is the obvious answer. As far as compatibility, XML structured data which has been encrypted using public key cryptography would be an obvious approach. For example, the Open Financial Exchange specification provides just such a mechanism. In any case, over the last few months there have been repeated cases where copies of financial records have been "lost". These losses threaten our financial infrastructure. STEPS MUST BE TAKEN TO ADDRESS THE PROBLEM. The imposition of such steps may inconvenience some financial institutions. So what? How will you feel if someone steals your identity and it takes you the next 10 years to clear your name? As a Software Engineer, I have had people ask "Why can't you put a stop to this?" I have to answer that the technology is there, but management lacks the will to address the problem. When your neighbor becomes a victim of identify theft, what excuse will you offer? John P Baker Software Engineer ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html