Back in my day we calculated war efforts in megapanzers.

Whatever the cost, it just got over a billion people excited about space again.

Wow, this old idiocy? Even during the first moon landing when I was only 5 I heard Walter Cronkite explain about the stiff wires holding the flag out.

Dude, you are dumber than a 5 year old.

My Nexus 5 doesn't have to be recharged every 12 hours as I've heard these "smart" watches do, so +1 for the Nexus 5.

Yep, I try to do a few basic programs in nearly every language I hear about, just to see what works well in which situation.

Exactly.

I started writing a replacement for our company's 20+ year-old file-based data system 7 years ago. I didn't tell anyone about it until a few years later when I had a prototype ready and started producing better and faster reports for management than the old system. But they still wouldn't okay me to go ahead and start designing a full replacement for our old system. Then the old system coughed up some blood for a couple weeks and nearly caused us a to lose a couple million in sales.

After everyone stopped running aroud with their hair on fire they asked me what it would take to get my new system up and running as a replacement. I did it and now I am the one who controls all company data. At least a half-dozen people now work supporting the system and writing new code for it, but no one else has 7 years experience thinking about and designing this system, so a lot of the details escape them. HA! Try to get rid of me now.

Proactive programming will get you far.

Let me know your results for toll road cameras. For...uh...science, yeah.

Yeah, I'm not a big believer in dowsing, but...I have seen it in action. In fact, back in 1993 I was shown how to do it by an old guy who was a friend of my grandfathers. And I did it. Of course, all I was able to do was find water pipes under people's yards, I don't know if it works any deeper. But dang I can find water pipes like a motherfucker now.

Ah, knowledge can only be passed to YOUR children. The hell with other people's children, right?

Monty Python did it.

"FIVE Four Three Two ONE!"

No, the SSN is on the tax return or form, still highly insecure. The data associated with the SSN in the IRS DB is linked to the hashed SSN.
So unless someone actually has the tax form (trivial for a few forms, difficult for massive amounts of forms) they cannot associate you with your SSN or your tax data. A corrupt IRS employee (and there are many) can easily enter one SSN into their application and get all your tax & income data. But they can't download EVERYONE's data easily.

We're talking about remedies to large data breaches here, not single experiences. Yes, your data is at risk while your tax form is in the mail or in the hands of an IRS employee, but as soon as it goes into the DB the associative data should be hashed. You don't eliminate breaches this way, you make them easier to deal with.

BUT you can change the salt, or the hashing algorithm, in case of a breach. You don't have to replace all the CCs, just send out a new salt to the machines. Now the data lost in the breach is useless.

It's not foolproof, but it is easy to fix a breach. If your CC database gets hacked, you re-hash with a different salt and then send the new salt to the pre-processors, so the hash they send you is now completely different. That way you have effectively changed everyones CC # a lot quicker and easier than sending everyone a new card. If fact, regular re-hashing should be a standard in the CC industry. You keep the same card and card number but the number in the DB will change regularly.

I've actually used a system like this for processing financial data (not CC data) to keep the data associating account numbers with passwords as difficult as possible to breach. Both the account number and password are hashed. We would change the salts at the broker end every 3 to 5 weeks and keep a record of the past two salts in case some broker equipment didn't get the last update. So if our DB got hacked we didn't have to make everyone change their password or account number.

As far as I know they are still using that system.

Surprisingly enough, I used to work at the IRS and still have many friends who do.

We could hash all SSN/EIN data at the IRS and just deal with hashes, but the entrenched management there still does everything the old way. Why can't the EDI transaction just hash the SSN and have the IRS compare the hashes at the IRS end? Because the highly political management is too stupid to understand this.

There are many reasons I have left cushy gov't jobs, the lack of technological understanding by the higher ups is just one of them. The Peter Principle is in full force if you work in government.

Ideally, the payment processor is the only one who has the hash, the merchant passes the hash they made from customer data on to the processor.
The payment processor doesn't even need to have the CC#. They just need the hash.