Secure Transmission Of Personal Data

[Antonio Conte]

Hello, everyone.

 

I run a website where we are required to get personal information such as passport numbers, social numbers, birthday/place and other personal information. I don't want these kind of data to get lost, so I've required them sent over mail instead. (Hopefully they have SSL. Gmail have)

 

I would like to build a website form instead. What precautions do I need to take for this? My host offers SSL certificates, but that may be too expensive for us. We are a small non-profit organization.

 

Any suggestions here? Is SSL a requirement or could I possibly solve this another way?

 

Thanks in advance. Never done something like this before.

[Jonathon]

Good question! I don't know, my hosts offer a shared SSL, which isn't pretty in url structure BUT it is free. Maybe your hosts might be able to offer something.

 

I feel like Curl or Mcrypt might be of some use, but I haven't looked at them since I read them in PHP5 advanced.

[rob]

I really think that if you're asking for such sensitive information, you have an obligation to offer the right level of security, SSL for form submissions.

 

I also really hope that you haven't started accepting this information via email without checking that it's secure.

 

My comments might come accross as harsh, but if you were asked for your passport number, social security number with your name and address, would you be happy to supply them if you didn't see a secure connection or some sort of notice saying that emails were secure?

 

An identity fraudster would have a field day with this information.

 

Jonathon's comment about shared SSL is probably the most sensible and cheapest approach.

[Antonio Conte]

My comments might come accross as harsh

 

It's not harsh. This is very personal data that should not get in the wrong hands. The problem is that the supporter organization we are part of requires this information for issuing out tickets for football matches. We must hold these data even if I don't like this. So far I've stored this data on my encrypted and passport protected personal computer. That is really the most secure we can do at the moment.

 

Gmail offers SSL, so we recommend our users to transmit passport numbers and social number there. We don't offer any online forms for this.

 

This is exactly why I'm asking what kind of measures I need to take to be sure my members are protected.

 

Will send an email to my host and ask what they can do for me.

[Larry]

I'm totally with Rob here. In fact, I would go so far to say this is all a terrible idea. If you're a small, non-profit that can't afford much, how much of a lawsuit can the organization afford if the data gets stolen? DO NOT have people email in their data. That's even worse than using a Web form. Plus you're putting the responsibility on the user to provide the security, which is unconsciounable. From your description, it sounds to me like having people phone in their information would be the most secure.

[Antonio Conte]

You are of course both right. I know this has been handled sloppy from the start. Giving these details over the phone seems like the best idea yet. I have now talked to the host. I need a dedicated IP-adress and a SSL certificate. It was not as expensive as first thought, so I will definitely invest in that.

 

Besides SSL, what kind of precaution should i take? What kind of encryption precautions should I take? I ask since this is a vital part of ecommerence too, and I've never dared to play with something like that before. What can I safely store in a database? What should not be stored there?

 

Thank you for being critical, people. I know I haven't worked hard enough to secure our members.

[Larry]

For starters, you don't want to store any of it, if at all possible. Really think long and hard about what information MUST be requested, what information MUST be stored, and for how long. Reducing any of these is better. I would strongly recommend getting rid of any data as soon as it's not needed. I know this may seem like an inconvenience, but if you explain it to your customers as in their own best interest, they'll go along.

 

If you do have to store data, it'd be best to store it on a computer that's not connected to the Internet.

 

Regardless of the computer used, store the data in a database in an encrypted format. You'll want to research encryption to come up with the best encryption approach for you.

 

Also watch what data might end up in non-secure places. For example, if you use a debugging tool that dumps out data to the screen or to an email address, that dump should not include sensitive information.

 

I would also say one more time, that when looking at costs, you have to look not only at the costs involved in doing this right but the possible costs (in terms of lawsuits and penalties) in doing this wrong.