Redaction Cat Is Out Of The Bag For Wells Fargo

From Risks Digest 24.82

This is just like when Starbucks used to redact all but the last 5 digits of your credit card number on receipts. So anyone with a Starbucks receipt + any other receipt could piece together the whole card number. D’oh!

From the juxtaposition wayback machine:  https://juxtaposition.axley.net/archives/2006/06/visa_prohibits.html

> Date: Mon, 3 Sep 2007 14:12:06 -0700 (PDT)  
> From: Tom Watson   
> Subject: Redacted account numbers  
>   
> My bank (Wells Fargo) in its infinite wisdom has decided to change the way  
> it attempts to redact account numbers.  In looking over the transactions for  
> an infrequently used account (I only have it because my ex-wife is a signer,  
> and who knows when I'll need to cash a check with her name on it!) I noticed  
> that the method had changed from the July to August automatic transfers I  
> have to keep the account active.  In July, the account number is listed with  
> THE LAST 3 digits as 'X'.  In August, the method is now all 'X' EXCEPT FOR  
> THE LAST 4 digits.  I just looked and said to myself "what is wrong with  
> this picture?".  The risk: when you change methods of redacting, change ALL  
> occurrences, not just the new ones.  You may just totally unredact what you  
> were attempting to hide.  
>   
> Fortunately in my case, I know the account number anyway, so TO ME it is no  
> big deal (unless I print out something), but I'm aware, which is the the  
> thing to be.  
>   
> I sent the bank a note as well.  I don't hold out much hope for anything  
> constructive in return, but we will see.  
>   
>   \[It seems pretty stupid to make such a change that completely exposes the  
>   account number to anyone with records before and after sanitization.  PGN\]