>The customer number we are currently having the ssn as its identifier, we need >to make sure this has to encrypted
OK, so the real requirement is to stop using SSN as the primary customer ID, but still keep SSN around since customers won't know the unique ID your organization has assigned to them. This is something thousands of organizations have addressed recently, especially with the rise of Identity Theft in the Age of the Internet. How have most companies achieved this? See below: (1) Each unique customer is assigned a new unique identifier, usually a sequential number (ORACLE Sequence or MSSQL Identity). Or it could be a GUID. In some rare cases it could be some structured identifier composed of a year, branch office number, and a small sequence number. (2) The new unique customer ID is used as primary key in the main customer info system tables. (3) The SSN becomes a secondary identifier, possibily stored in the main customer table, but often stored in a dependent table for extra security. It may or may not be stored as an encrypted column. (4) Customer records are often indexed by other Personally Identifying Information (PII)as name, DOB, Gender, Address, Mother's Maiden Name, etc. (5) The Customer Information System supports a search capability using various combinations of PII. (6) When a customer makes contact, the CSR asks the customer to supply various bits of the PII to aid in the search. (7) A modern call center will exploit telephone caller ID to help identify the customer. For example, when I call DirecTV, they just ask: Is this John calling, since the only other name for the account is Irene and I don't sound like my wife. John ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
