Comments on: On-Line Poachers Hack Idaho F&G

By: TechnoUtopia

TechnoUtopia — Sat, 27 Aug 2016 15:47:17 +0000

Someday we will realize how stupid it was to place all private information in places where thieves, foreign governments, and the United States National Security Agency could easily steal all of it.

By: Clancy

Clancy — Thu, 25 Aug 2016 18:43:03 +0000

I remember when SS#’s were used instead of a driver’s license number. It looks like the F&G is following a state statute, that may be indirectly related to F&G. 73-122 Requires a SS# for any kind of license. https://legislature.idaho.gov/idstat/Title73/T73CH1SECT73-122.htm

By: jared

jared — Thu, 25 Aug 2016 15:17:17 +0000

@eric

holding the credit card info is required for processing a refund. This is to both avoid merchant services fees for refunded transactions and prevent various types of fraud. For a very very small uptick in merchant services fees, vendors can increase the security of storing credit card numbers through what is called tokenization which is stronger security than encryption. Vendors should also have the storage of credit card numbers be done by the major merchant services firm or processor, since those servers are often more secure and professionally managed for this type of sensitive info.

What worries me, if it is still a Fish and Game practice, is the requiring of a social security number for a license. Years ago my father visited from another State, Fish and Game would not sell him an out-of-state 3-day fishing permit without all his personal info including his social security number. With this info any hacker could easily create identity theft. Why to go fishing you must present a social security number is absurd and stinks of lazy system design to use a SS# for a unique customer identifier in the database.

By: erico49

erico49 — Thu, 25 Aug 2016 13:44:36 +0000

I have never understood why businesses (like the state’s vendor) store debit and credit card information. Once they have the money (and that’s immediate with a debit card) why not just delete the info? If it’s for convenience–so I won’t have to type it in again on a re-order–I would gladly give that up for more security.