Security

if the questions aren't asked, then there is not security.

you have to question the security level of any system that is connected to another.
doesn't matter how well the question is answered, just by asking and checking you find holes and fix them.

The number of security holes that are discovered on a daily basis require that questions be asked. Anyone who has the job title of security officer has to ask questions and getting answers to these on a regular basis.

Anyone can ask questions... it often takes a very smart person to answer the questions of the silliest questioner.

But also, the smartest people often ask the toughest questions.

The more you understand security, the tougher you can quiz the practitioners.

All large services such as this one now rely totalling on "hands off" interaction with their clients. As an example have you TRIED to call your bank lately? For security purposes for companies such as those that sell id information and other secure information; it should be mandatory to talk with a live person first before issuing clearance. That is where asking the right questions would be done. If you have ever connected with one of these information houses you will be directed to fill out their on line form. That's it.. your connected.

Perhaps we trust too much that what is stated is fact.

The only answer is "thumbprint verification" or "retina scan" verification..... Unless someone hacks the authorized individuals digit off, well then.... that's a movie of the week, isn't it?

I was wondering where you got the statistics about 750 incidents? Can you supply the source for this information? Just in case you're curious, no, I don't work for or with any of the companies involved.

Asking the right questions will only get you so far. I've asked the right questions at companies in which I have worked. We even have answered many of those questions with a more-than-likely correct answer. However, unless they are implemented and tested, it's fairly worthless in terms of protection. These solutions have to be weighted and econmonic, among other factors, play a part in its priority.

It's not about whether questions or the answers or the implementation is the most important. What is important is that a sincere and continuous effort is being make to make the system and data secure while reducing customer inconvenience in a cost-effective manner.

Using Choicepoint to make your point is pushing the limit of responsible action. Choicepoint was not hacked. False companies were created. These companies had the correct information. Following Choicepoint's method of verifying companies were validated by Pingerton's security audit. In other words, Choicepoint is just as responsible for company verification as Verisign is about their Digital Signatures.

Choicepoint allowed access to this data as they do to all qualifying clients. The difference is that the company that was given this data used it in an act of fraud. When this was discovered, the criminals were deal with and the problem could have been swept under the rug like too many security issues.

However, the state of California requires a letter to be sent to each of the people in question. This is why it hit the news, thousands of people were getting this letter and it caused a good bit of chaos. I doubt asking the right question would have prevented this issue.