Friday Feb 23

Posts Tagged ‘roofer’

PCI, PII, a Roofer and a SSN
Last Updated on Monday, 21 July 2008 11:43
Written by JJ
Monday, June 9th, 2008

Yet another J! True Security Story for you…

This weekend I met with a roofer at my rental property to take measurements, see what needed to be done and get an estimate. When we met at noon, it was over 100 degrees there in central North Carolina and we spent just short of 3 hours going over everything.

The roofer, let’s call him Ross, was from one of the larger commercial home improvement stores. This particular store was offering a consumer credit program with 12 months interest-free financing. There was also a full window replacement project to follow right behind the roof. While I was prepared to pay cash for the roof and/or windows, the no-interest option offered an advantage, so I read the terms and conditions and gave the go-ahead.

Before I realized what was going on, my friendly roofer Ross was filling out a consumer credit card application for me. I remembered thinking this was odd, as we leaned against his truck, still outside in the heat. I think I mumbled something to the effect of “oh, it’s strange they make you guys do this part too..”. He had asked for all the usuals- my current and previous addresses, annual income and – of course- my Social Security Number. And, after standing in 100+ degree heat for 3 hours, I gave it all to him without batting an eye. As soon as he had it all, he called into to the mothership and was processing my credit app over the phone as I stood by to answer any new questions.

This day happened to be Ross’s wife’s birthday and they had some afternoon plans once our appointment was over. I was his last appointment of the day before he headed home to the missus for her birthday celebrations. I thanked him for his time, wished him a happy weekend and went on about my day.

What was wrong with this picture? I didn’t quite figure it out until a tall glass of tea cooled me down and returned my brain to normal operating temperature. What in the name of security did I just do? All my information (including my new credit card number) was written down on that credit form and tucked into his little notepad with the other miscellaneous papers, product glossies and forms he was carrying around… in his personal truck… on a weekend… D’OH.

I’m sure it will be fine (that’s what we all tell ourselves, right?). But in the off chance something happens… well, let’s not even go there.

# # #

Tags: , , , ,   |  Posted under J! True Stories  |  Comments  2 Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- SearchSecurity
- TechTarget

Get Social



Enter your email address:

Delivered by FeedBurner