The customers of Best Western are the latest to have their identities stolen. As the article goes on to say, the crime gangs are going to have a field day with such live and valuable information that included credit card numbers and home addresses. There’s a clear lesson here in authorization: nobody needs to have access to the aggregate data that Best Western had. It might be necessary to modify one or two reservations at once. Perhaps it might even be necessary to know how much of a block is sold. But the whole kitten caboodle? Nobody needs that information. Here are some protections Best Western could have taken:
- Apply specific encryption of the credit card information and compartmentalize the use of any decryption key. Hotels have need to retain credit card information in order to guarantee bookings. Encrypting credit card data is nowhere near a perfect solution because there is relatively little clear text information and some of that can be guessed, like the first four digits.
- Encrypt all backups and protect the decryption keys so that multilevel authorization is required to access them. Many backups are stolen. If they are stolen no encryption is perfect and so notification is necessary, but with encryption those whose information is stolen can take action, like have a house sitter or change credit card numbers.
- Employ intrusion detection within the database. When a specific user acts outside a profile, flag it and see what is going on.
In perhaps a more perfect world a separate identity provider could retain identifying characteristics of an individual such as address and credit card number. Commerce likes some of this information because they can market to you, and absent legislation they have very little motivation to protect the information.