Why so much PII on Stanly CC VMWare Registration Form?

jdancer

Anyone know why the VMWare Registration From from Stanly CC requires SSN, DOB, HS graduated, employment hours? Feels like I am filling out a credit application.

That's a lot of personal identifiable information required.

cyberguypr

Same stuff I had to fill up for all other 3 colleges I've attended in some capacity.

phonic

Be careful. I don't want to cast suspicion when I'm not 100% certain, but shortly after registering for the class the credit card I used was used fraudulently online by someone in the US. I normally only use that card for routine bill pay, and this was the first new merchant I used it for in months. Could have been unrelated, but I think there is a possibility the information was compromised from that site. Which is even more scary because they require all of that extra personal information.

googol

I do not recall having to give up employment hours, but rest is pretty typical of a Community College. Heck, when I signed up, I didn't really do it through the actual Stanly and I am not sure if process has changed, but basically its through the Continuing Education office and they handle the registration for you. I did not have any issues with my CC. I hope that everything turns out ok phonic.

phonic

Thanks, but it wasn't much of a problem for me. Amex called me the day after it started to happen due to suspicious 'testing' activity on my card (e.g. small $1 online charges over and over at the same merchant). By then, they placed a couple hundred dollar orders, but Amex put a stop on all of them in time and overnighted me a brand new card. Took me all of 15 minutes to change the billing infromation on the handful of sites I use it at.

Again, not saying that their site was at fault, just a bit suspicious. And yes, correlation != causation, but I also don't believe in coincidents .

Ecio

phonic wrote: »

Thanks, but it wasn't much of a problem for me. Amex called me the day after it started to happen due to suspicious 'testing' activity on my card (e.g. small $1 online charges over and over at the same merchant). By then, they placed a couple hundred dollar orders, but Amex put a stop on all of them in time and overnighted me a brand new card. Took me all of 15 minutes to change the billing infromation on the handful of sites I use it at.

Again, not saying that their site was at fault, just a bit suspicious. And yes, correlation != causation, but I also don't believe in coincidents .

Phonic have you contacted Stanly's people about this problem? maybe they've been hacked and they don't know it, or somebody's playing dirty inside the college...

phonic

Yes, when it happened after looking over my statements to see any other history. I forget offhand who I sent it to, but I think it was one of their admin contacts for the domain. Never heard back.

STANLY_CC

phonic wrote: »

Be careful. I don't want to cast suspicion when I'm not 100% certain, but shortly after registering for the class the credit card I used was used fraudulently online by someone in the US. I normally only use that card for routine bill pay, and this was the first new merchant I used it for in months. Could have been unrelated, but I think there is a possibility the information was compromised from that site. Which is even more scary because they require all of that extra personal information.

Stanly Community College DOES NOT KEEP ANY CREDIT CARD INFORMATION ON FILE. That is why we ask you to contact us directly.

STANLY_CC

jdancer wrote: »

Anyone know why the VMWare Registration From from Stanly CC requires SSN, DOB, HS graduated, employment hours? Feels like I am filling out a credit application.

That's a lot of personal identifiable information required.

This is standard information obtained & required by all colleges. However, Stanly Community College DOES NOT KEEP ANY CREDIT CARD INFORMATION ON FILE. That is why we ask you to contact us directly.

STANLY_CC

Ecio wrote: »

Phonic have you contacted Stanly's people about this problem? maybe they've been hacked and they don't know it, or somebody's playing dirty inside the college...

Stanly Community College DOES NOT KEEP ANY CREDIT CARD INFORMATION ON FILE NOT IS IT STORED ANY SCC DATABASE. That is why we ask you to contact us directly.

phonic

STANLY_CC wrote: »

Stanly Community College DOES NOT KEEP ANY CREDIT CARD INFORMATION ON FILE. That is why we ask you to contact us directly.

I'm not sure what you mean by this.

I paid via your website. I can't recall offhand whether I gave my CC information directly to your server or a third party payment processor, but either way I paid for the class online via your method. At no point was I directed to contact anyone to arrange payment.

Again, I'm not saying that my credit card was definitely compromised on your site. What I can say is that the card I use is only utilized on two other sites that charge it once a month and have been for over a year. Both of those sites are large companies that have not reported a security breach. Within a week of me using it to pay for my class, my card information is stolen and used fraudulently. Weighing all of the evidence, I find it more likely than not that it was compromised during the payment of that class - whether due to Stanly's server(s) or a third party payment gateway. I just double checked and confirmed I received a confirmation email (with my CC's last four digits, authorization code, etc.) from scc-cashier@stanly.edy.

Either way, I'm not trying to start an argument or cause a problem, I'm simply trying to pass along some information. Not a big deal to me since it only cost me about 15 minutes to clean up, but if others are having the same problem and my information was compromised there, it could wind up costing Stanly. I like your school, especially the VMware class, so I hope that you can take my information and double check to make sure nothing is at risk.

STANLY_CC

phonic wrote: »

I'm not sure what you mean by this.

I paid via your website. I can't recall offhand whether I gave my CC information directly to your server or a third party payment processor, but either way I paid for the class online via your method. At no point was I directed to contact anyone to arrange payment.

Again, I'm not saying that my credit card was definitely compromised on your site. What I can say is that the card I use is only utilized on two other sites that charge it once a month and have been for over a year. Both of those sites are large companies that have not reported a security breach. Within a week of me using it to pay for my class, my card information is stolen and used fraudulently. Weighing all of the evidence, I find it more likely than not that it was compromised during the payment of that class - whether due to Stanly's server(s) or a third party payment gateway. I just double checked and confirmed I received a confirmation email (with my CC's last four digits, authorization code, etc.) from scc-cashier@stanly.edy.

Either way, I'm not trying to start an argument or cause a problem, I'm simply trying to pass along some information. Not a big deal to me since it only cost me about 15 minutes to clean up, but if others are having the same problem and my information was compromised there, it could wind up costing Stanly. I like your school, especially the VMware class, so I hope that you can take my information and double check to make sure nothing is at risk.

Dear Phonic:
We appreciate very much you letting us know that you have encountered an issue, and we just want to assure everyone that we do not keep any type of credit card information on file. Once a payment has been processed, the credit card information is not maintained on any of our databases nor servers. We diligently strive to protect student information, and we are grateful that you have made us aware.

We have not had any other notifications from other students; however, should anyone else have an issue we hope you will contact us right away.
Stanly CC