[sockaddr]

May I ask what card/Institution? This would be an immediate no for me.

[reaperducer]

I'd trust the data with a (real, not online) bank more than most other companies like Google.

I'd be more worried about people hacking into networked security camera DVRs at stores and cafes and extracting image data from there. Multiple angles. Movement. Some are very high resolution these days. Sometimes they're mounted right on the POS, in your face. Sometimes they're actually in the top bezel of the beverage coolers.

Banks are the hardest way to get this data, not the easiest one.

[rapind]

> Banks are the hardest way to get this data, not the easiest one.

Is this statement based on data or a hunch? A quick google turns up a lot of bank data breaches.

[reaperducer]

A quick google turns up a lot of bank data breaches.

Because banks have to report data breaches. Do you think every neighborhood Gas-N-Blow is publicizing, or even knows, that it's been hacked?

[rapind]

Good point. I’m still wary of just assuming (if that’s what we’re doing here?) that old established organizations you’d expect to be secure are in fact secure. For example I would have expected credit rating agencies to be secure…

Mandatory reporting certainly helps IMO. Reporting should be mandatory for anyone handling PII.

[kevin_thibedeau]

No bank is going to run such a system in house. It will be a contracted service whose data is one breach away from giving fraudsters a firehose of data to exploit their victims.

[monksy]

You would? You would trust a random number to call you and talk to you about your bank account?

(That's what Chase's fraud department tells you to do.. no joke)

[mulmen]

"I trust you more than Google" is a pretty low bar in terms of personal data.

[monksy]

I want to know so that I can forward this to lawyers that specialize in biometric privacy law (in IL).

Fuck these biometeric data farmers.