The post in question was regarding Alister’s unintentional uncovering of a list of credit card numbers through Google. While I’m not terribly concerned about someone uncovering my credit card number (let’s face it, it’s hard to buy stuff on a card with no available credit), I did think about the advice he gave about searching Google for your own credit card number.
I think his suggestions are reasonable, if a little misguided. As several people have since commented (and I swear I thought of this before they left the comments!) punching your entire credit card number into Google might not be the wisest move. Apart from being transmitted in plain text, the search can be stored in your search history, and thus is stored in Google’s enormous database. Also, advising that the number is useless without a CVV2/CVC2 number is incorrect. You can still make a card-absent transaction without these numbers in many cases, but (as I understand it) it just means that if the card-holder disputes the transaction, there is a much better chance of the dispute going the card-holder’s way.
In addition, in my experience with dealing with client credit card information (I’ve had some interesting jobs), most credit cards have a two or three year expiry date. It brings the potential range of expiry dates down to 24-36 months at the outside. It’s just information I wouldn’t want to risk.
However, Alister’s advice is good, with some modifications. If you want to Google your credit card number, drop off the first four, and last four digits, enclosing the middle eight digits in quotation marks. The first four digits give away the card type (eg, 4564 is a Visa card). Removal of the last four digits renders the card number useless, even if some nefarious individual was able to guess your card type.
Thus, if your Visa card number was 4564 1234 5678 9012, you would search for “12345678” and also “1234 5678” (including the space). This logic would also hold for Alister’s advice about searching for your password – if it’s something unusual, but I don’t think I’ll be doing any password searches all the same.