I don't think its a concern of showing the license, its the concern of all the data being copied and retained somewhere in a database that brings the concern.
Honestly, I'm surprised that these companies are requiring this type of PII to be provided and that they are storing the data potentially, but then when there is nothing but a slap on the wrist for a breach these days, I guess there is no disincentive.
THIS. I have no trouble showing a cashier my ID, allowing him or her to type in xx/xx/xxxx and be on my way. In fact, I strongly encourage it when they attempt to scan. I dont mind a human reading my ID because I know its not practical for them to record any more data than is REQUIRED for the transaction.
Its the fact that by reading the barcode, they collect ALL the data on the front of the card and more... its just how barcodes work. I'm sure they are going to say they dont store it, but how to prove it? They dont allow all the cashiers in the cash office, do they? No! But why not? Sure they are near all that cash without good reason, but they should just have to trust that they wont touch any of that cash they have access to. For best practices you dont expose more data than you NEED and you dont provide access to more stuff than is REQUIRED for your task. So even making the data available to the system just to grab one field is bad.
And even if they DO only capture the DOB field. What happens when hackers (like the Target breach) go in and tweak the system to redirect all that scanned data elsewhere to do bad things with?
Make a new barcode with only the name and birthday and stick it over the existing one. Or just have it return obscenities, i doubt it is verified anyway. If it scans, the register monkeys won't have a clue.
That is so evil it is brilliant. My luck I'd get pulled over and forget to remove the fake barcode and end up in cuffs after the officer scanned it to retrieve my info and actually read the forged data. LOL
But I might just have to try it once just to see what happens.
Last edited: