Data collection requires an Impassable red line

Vulnerability reporting Platform Cloud Network posted a network security vulnerability information on its official web site, it is pointed out that Ctrip security payment log can be traversed to download, resulting in a large number of users bank card information leakage (including cardholder name ID card, bank card number, card CVV code, 6-bit card bin), and said that the vulnerability has been confirmed by Ctrip. The focus of this event is not on the data disclosure itself, but on the content of the user information collected by Ctrip. This involves Internet companies ' data boundary issues.

In the process of using a credit card for online shopping, even if the user originally set the transaction password, but enter the payment amount of this process, the site only requires the ID card number, cardholder name, credit card number, credit card cards on the back of the three-bit CVV security code, the transaction was declared successful, no need to enter a credit card password. This is actually a kind of no magnetic and no secret payment channel, is not to swipe, do not check the password, only need to provide card number and credit card three digits on the back of the Verification code (CVV, also known as "three yards") will be able to complete the payment. This kind of transaction without physical cards and passwords is called "No card Payment" or "No card without secret payment". It is mainly used for telephone payment and belongs to the off-line transaction of credit card. At present, the international trade is generally applicable to hotels, airlines, railway passenger transport, car rental and other types of merchant transactions. This is really a normal way of trading, the crux of the problem is that the information that the site can be recorded?

The user's ID number, credit card number as the transaction account information can be recorded, but Ctrip should not store the user's CVV code, but also the clear record, which is equivalent to having a user's credit card payment password. Users expect their cards are not stolen brushes can only be expected to carry Ctrip's safety and security technology and staff self-discipline, no once the lawless elements hold losses can not be avoided.

Technical safety in the game between the defensive, constantly exposed to the technical loopholes are not always safe technology, and personal self-discipline more unreliable. Large data in the Internet age need to confirm data collection boundaries. The largest value of large data in business services, business through the large data perspective of the user's deep-seated characteristics and can not be obvious internal needs. This is similar to the traditional data analysis but completely different. Traditional data analysis is more about the traceability of causality, the tendency of data to understand some kind of result of action.

Different from the study of logical inference of traditional data analysis, large data research is to summarize the statistical search, comparison, clustering and classification of huge amount of data, so it inherits some characteristics of statistical science. Statistics concern the relevance or relevance of the data, and the so-called "relevance" refers to the existence of a certain regularity between the values of two or two or more variables. The purpose of "correlation analysis" is to find out the hidden interconnection network in the dataset, and to reflect the correlation by parameters such as support degree, reliability and interest degree. Two data A and B are relevant, and only reflect that A and B have an effect on each other when they go to the value, and they cannot tell us that there must be B on a, or that there must be a B on the contrary. This method of analysis determines that the large data analysis of the global data, do not need too much precision, through the analysis of all data can be insight into the relevance of small data, so as to provide a point-oriented business strategy.

Because of the characteristics of global data analysis in large data age, it is almost a pseudo proposition to protect user's privacy. We all know in the internet age that everything we do on the web can be known to the service, and when we browse the Web, tweet, socialize, and shop online, all the moves are actually monitored by the system. Network users face Internet companies data collection, analysis to avoid, everyone as long as the existence of the network must be digitized. At the same time, internet companies to the services of the users of information analysis is the company can provide a more intimate service base, only the global Insight users in the user needs when the timely appearance. Internet companies have an incentive to collect global data from users even when they are not evil. However, for similar user credit card CVV code, user transaction password such data can not be collected in any case, no person is intentionally evil (Shenlu Administration/text).