Redaction cat is out of the bag for Wells Fargo

From Risks Digest 24.82

This is just like when Starbucks used to redact all but the last 5 digits of your credit card number on receipts. So anyone with a Starbucks receipt + any other receipt could piece together the whole card number. D'oh!

From the juxtaposition wayback machine:  http://juxtaposition.axley.net/archives/2006/06/visa_prohibits.html

Date: Mon, 3 Sep 2007 14:12:06 -0700 (PDT)
From: Tom Watson 
Subject: Redacted account numbers

My bank (Wells Fargo) in its infinite wisdom has decided to change the way
it attempts to redact account numbers.  In looking over the transactions for
an infrequently used account (I only have it because my ex-wife is a signer,
and who knows when I'll need to cash a check with her name on it!) I noticed
that the method had changed from the July to August automatic transfers I
have to keep the account active.  In July, the account number is listed with
THE LAST 3 digits as 'X'.  In August, the method is now all 'X' EXCEPT FOR
THE LAST 4 digits.  I just looked and said to myself "what is wrong with
this picture?".  The risk: when you change methods of redacting, change ALL
occurrences, not just the new ones.  You may just totally unredact what you
were attempting to hide.

Fortunately in my case, I know the account number anyway, so TO ME it is no
big deal (unless I print out something), but I'm aware, which is the the
thing to be.

I sent the bank a note as well.  I don't hold out much hope for anything
constructive in return, but we will see.

  [It seems pretty stupid to make such a change that completely exposes the
  account number to anyone with records before and after sanitization.  PGN]