Monday, June 4, 2012

Security is not a priority

It's about web site security, specifically this web site I use to register my son for his baseball activity.  There is not much security to speak of in fact.  You don't need account logins to get in, even though I do have an account/profile since I've registered before.  All I need is to type in my last name, then all families registered with the league with that last name are "conveniently" listed, complete with the street name they're on so there's less chance of mix up.  Then I can click my entry, and see my son's first name, then proceed to register, provide my payment info, and his medical insurance info.  Indeed it's a very low friction process, as long as you're not concerned about your private information being exposed.  In the end I don't know if I should be sorry for the company that provides the service, or for myself.  Apparently some people still live in a fantasy land where everyone is noble and friendly.

We're not talking about a local, mom and pop volunteer organization.  The service provider supplies the online database service to dozens of local youth sports organizations across the country, according to the proud customer list on the site.  To their credit, PayPal is offered as a payment option, which at least gives you some choice for lowering the risk. 

Sometimes you wonder how illicit activities online based on the theft of private information has grown to a business more than 50 billion dollars annually.  Maybe it's really not a wonder - the entry cost has been made very low in too many circumstances.  

No comments:

Post a Comment