|
|
|
||||||||
Data Man: You Are the Sum of Your Numbers
by Peter J. Ognibene
(This article was published in the Style Plus section, page D5, of the Washington Post on November 3, 1997.)
If we met, you would not mistake me for a 16-digit number. If "you" were a corporation, as distinct from a corporeal being, you just might. I know I am not my data, but certain "legal persons" do not.
One of them was MCI, the long-distance carrier. As far as its 1-800-COLLECT long-distance service was concerned, I am my data. That fact was brought home to me when I opened my MasterCard bill and found nearly $300 charged to my account for calls on 1-800-COLLECT.
I have never used 1-800-COLLECT. Someone obtained or guessed—it’s not that hard to do—a credit-card number that happened to be mine and started charging long-distance calls, as many as 10 a day. Good software should recognize suspicious patterns, such as an unprecedented and intense barrage of collect calls charged to a credit card. Apparently, MCI’s software tested only the credit-card number and, finding it valid, started cranking out bills to my account.
Credit-card security should never hinge on the account number. For one thing, it’s hardly a secret—you have to reveal that number each time you use your card. All it takes is an occasional slime ball among the many virtuous waiters, clerks and mechanics who handle your card to appropriate your number for illicit use.
If 16-digit account numbers were randomly generated, a crook would soon give up trying to pick from among the ten quintillion possibilities. But credit-card numbers are not random. The first four digits identify the brand, such as MasterCard or Visa; those organizations then set the rules for the remaining 12.
For
MasterCard, the second four designate the bank. And the final eight? From
what I could gather—and the corporate types I spoke with got edgy when
I broached the subject of credit-card fraud—one or (most likely) two
digits may be used by the bank to designate a specific type of card. Though
some banks limit the selection to plain, gold and platinum, most offer more
varieties than toothpaste, from affinity cards with university or organizational
logos to co-branded cards linked to airline frequent-flyer points or
long-distance credits. That leaves just six—in some instances, perhaps,
seven—digits to identify individual cardholders. Guessing a valid account
number in these circumstances is a matter of trial and error.
None of this would matter if every business determined who was using the card before accepting a charge. Many don’t because it costs time and money to verify each transaction. In other words, a crook with someone else’s credit-card number can steal only from companies that treat customers and account numbers as interchangeable.
MCI apparently learned this lesson the hard way and recently stopped accepting credit-card charges for its 1-800-COLLECT service. MCI spokeswoman Jennifer Adams said the service is now "working on more sophisticated fraud prevention" but has yet to announce when, or if, it will accept credit cards.
It is precisely because I am not my data that a crook was able to expropriate my account number even though the card was in my wallet. And therein lies a broader problem: Once your data leaves your hands, it takes on a life of its own. If you’re lucky, it will be used only as you intended. If not, it may cost you time and money to clear your good name from the misdeeds of your wayward data.
My father was fond of an expression common to his generation: "You are what you eat." My candidate for a New Age update: You are what the computer eats. Buying something? All it takes is a valid credit-card number. The card and you yourself are superfluous.
Ill or injured? A doctor you’ve never met will render a second opinion on your condition based on charts and x-rays, digitized and transmitted over the Internet or long-distance circuits.
Applying for a driver's license in your new state? Better hope that no one with a similar name or slightly transposed birthday or social security number had a license revoked or has an arrest warrant outstanding anywhere in the U.S. If so, the burden of resolving matters will fall on you, not the state and its computer.
So far as the
merchant, doctor and Department of Motor Vehicles are concerned, you are
your data. Welcome, then, to the Age of Electronic Surrogacy. Not terribly
catchy, perhaps, but it does capture (for me at least) the increasing tendency
of business and government to regard us as mere bits and bytes coursing through
the electronic mainstream. Our data routinely passes through dozens of automated
systems, and we have no control over what someone else does with it. The
information that was accurate the year before may lose its currency.
A banking clerk’s hasty keystrokes may leave us with too much debt or too few payments. (The credit review process when I took out a home mortgage was an eye-opener. It showed me with accounts I never knew I had.)
A relatively new technology, smart cards, has the potential to give individuals direct control of their data and its use. If smart cards wind up mere extensions of the automated systems now gobbling and disgorging our data, they will have little beneficial impact. If they become, instead, secure electronic devices under our control, then we will have electronic surrogates to present our data at times and places of our choosing.
Consider these possibilities:
- A financial services card could handle not only debit and credit purchases but generate an electronic signature so we could sign a lease or close on a mortgage—in person or from a distant city.
- A health services card could carry proof of insurance as well as a patient profile, detailing recent diagnoses, treatment, test results, allergies and other indicators of value to medical practitioners or paramedics.
- A government services card with our driver's license and other information might allow us to send our data from a home computer or shopping mall kiosk to renew a license and register, purchase or sell a vehicle, instead of taking time off work to stand in line at the DMV: It’s not us they want; it’s our data.
Think of smart cards not as ID cards but as tiny personal computers that can carry and securely transfer money or credentials. When you decide to spend your money or present your data, a secret key and encryption algorithm in the card’s microprocessor execute your part in the transaction, including your electronic signature.
Because information from the smart card becomes inextricably bound (through encryption) to the transaction, no one could sever your data from the transaction itself. No one could lift your account number from a smart card and use it to run up charges the way they can—and sometimes do—with today’s credit cards.
The private sector has been rather timid about exploring the potential of this technology. Curiously, state and federal agencies have demonstrated a greater understanding of smart cards and a willingness to experiment:
- Michigan tested smart cards to develop a customer-centered approach to state-supported education, training and job placement services.
- Wyoming proved the cards could handle the complex health prescriptions and supermarket transactions of the special nutrition program for women, infants and children (WIC).
- Ohio is using smart cards to provide food stamps in electronic form.
- The Department of Defense is piloting smart cards to carry health records and speed overseas troop deployment.
If the promise of this technology is fulfilled, smart cards will let us use our data without losing control of it, a clear improvement over the current ID and account numbers floating in cyberspace, vulnerable to theft and misuse. It would also put an end to businesses mistaking you for your data.
Preparing for the Next Big Thing
by Peter J. Ognibene
(This article was published as the "My Turn" column in the January/February 1998 issue of Contract Professional.)
Every visionary was once a fool. "The entire army? With elephants? Across the Alps in a snowstorm? It cannot be done, Hannibal."
"Why dost thou keep scribbling those daft little plays? Hie, sir, to the queen’s court and seek there a position. That, Will Shakespeare, will secure thy posterity."
"Still tinkering with those toy computers? Learn to program the IBM 360, and you’ll never be out of work, Billy Gates."
Hannibal, Will and Bill were no doubt thought fools by friends and family early in their careers. As consultants and contractors, many of us have heard—some still do—similar skepticism from (presumably) well-meaning folk. I imagine, too, that many of us leaped off the corporate treadmill because we have ideas, needs and even visions which, though difficult to articulate, help us define who we are. Whether it’s a killer application, a niche software product or (in my case) the Great American Novel, we are variously looking, waiting and preparing for the Next Big Thing.
What to do in the meantime? "Ay, there’s the rub," as Will put it. By definition, the Next Big Thing is not in the here-and-now but in the there-and-coming (or in the worst-case scenario, the hereafter). How do you keep it all together without giving up that which nourishes your soul but not your body?
Stampeded into the Workforce
It was the tiny feet of impending fatherhood that stampeded me from the life of a freelance writer into the quotidian workforce some 12 years ago. A self-assessment of my education, skills and experience led me to a job as a technical writer with a small high-tech firm. Once inside, I found the company needed help managing projects and writing proposals. Victories over larger competitors lead to an office with a view of the offices across the alley and business cards that proclaimed me "vice president."
During my nine
years on the inside, I acquired a technological niche—smart cards—that
some believe could become the Next Big Thing. (The contrary view is that
smart cards are the technology of the future—and always will be.) When
I returned to self-employment in 1995, this time calling myself an independent
consultant, the opportunities I could turn my way, not surprisingly, tended
to parallel my corporate experience. Though the market for smart card expertise
remains rather narrow, these activities generate more than half of my revenue.
The rest comes from clients who require what I call "high-value documents,"
such as business plans, technical proposals and, in one case, a 300-page
telecommunications guidebook.
Advice to Would-Be Consultants
Begin with a self-assessment of your skills and their value in the marketplace. Then, reach out for opportunities through personal contacts, networking and the Internet. (Given how easy it is to establish a web site, it’s hard to imagine a reason not to.)
As those efforts generate feedback, make adjustments. Some of you may have to change or augment your range of services; others may need an infusion of academic knowledge or on-the-job experience. Many will need to tweak your rates to increase or dampen demand. The latter is critical to preserve time for what you think important. We can make more money; we can make less. What we can’t do is increase the hours in a day.
Taking care of business is the first step; but nurturing the psyche, soul or whatever we choose to call it is, ultimately, the reason many of us seek an independent path. Modern technology is creating opportunities we are only just beginning to grasp. Some can be turned into billable hours and product sales; others can provide value that defies financial calculations.
As an independent consultant, I have enjoyed some wonderful business opportunities, but even more important, I have gained control over my time. That has allowed me to help coach my son’s soccer and baseball teams, go to school assemblies and chaperone field trips. And, of course, I continue to write the Great American Novel.
Return to Main Page
Return to top of Articles Page
Contact me at: pjsmart@aol.com