SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Feb 2008
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Taking SSN & Drivers License # + Pictures Using an online form?

    A client wants me to build a rental form for his expensive equipment. Some of the fields he wants is space for social security number, social security card picture upload, drivers license number and drivers license picture upload. I know if you take a credit card # online, you get hammered if you are not pci compliant, but are there any liability issues when taking this kind of information? Any help greatly appreciated.

  2. #2
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,343
    Mentioned
    192 Post(s)
    Tagged
    4 Thread(s)
    Speaking strictly as a consumer, and more 'technically savvy' than the average user, I would NEVER provide that information on a web form.
    I suspect your client will have a difficult time getting people to use such a system - after paying you (I hope) to construct it.

    Your due diligence may be to advise the client to poll their users and prospective users on how they would receive such a service.
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Git is for EVERYONE
    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains

  3. #3
    SitePoint Zealot
    Join Date
    Feb 2008
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    solid advice, thanks. From a legal standpoint, is there anything wrong with this at all?

  4. #4
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,289
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    First off, I agree with ParkinT - any site that wanted that would be an immediate "Oh, H-E-double hockeysticks NO!"


    Quote Originally Posted by jschmidt View Post
    solid advice, thanks. From a legal standpoint, is there anything wrong with this at all?
    Absolutely. Carrying that information and keeping it on a web accessible server is not only pushing the boundaries of PCI compliance, the company is just daring identity thieves to attack your site at will - everything being asked for is fodder for identity thieves.

    I'm also not sure that copies of social security cards are even legal if not being used for proof of eligibility to work.....that would be something that should be checked with a lawyer (as should the rest of these ideas).
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style
    Learn how to be ready for The Forums' Move to Discourse

  5. #5
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,255
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)
    There is no legitimate reason for him to ask for SS#s, credit card info sure, maybe a telephone number, but not SS#s

    For that matter, why a drivers license? I can see if it was an in-person check, but online?

    Sounds way too dodgy to me.

  6. #6
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,653
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    If he is doing background checks there are legit reasons to ask for SSNs and DLNs. I think storing images of drivers licenses can be a no-no depending on locale too.

    That said, I would try to avoid handling that stuff at all. You are just asking for identity theft. A good way to scare the client out of this would be to do due dillignence on the level of hosting you'd need to support this -- including dedicated servers and 24x7 monitoring by skilled, live, humans. It won't be cheap and might scare them off of this.

    How I would handle it web-wise is I'd accept people's applications subject to "in-store approval." How many do they reject now-a-days?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •