National Postcodes to be introduced

ukoda

Impetus wrote: »

This is not a database learning site. Suggest you do some googling - and perhaps have a look at this

http://resources.arcgis.com/en/help/main/10.1/index.html#//005s0000002n000000

A join is a common denominator that allows one to combine tables of data, acquired or stolen from different sources.

I know exactly how databases work. What I asked you is how eircode (that's what this thread is about) will add additional security risk ? The key word here is additional.

What is the additional risk? And then can you explain the link to fraud? You've claimed it. You back it up.

Don't try fob my off with a link. If you don't know what you're talking about just admit it.

Impetus

ukoda wrote: »

I know exactly how databases work What I asked you is how eircode (that's what this thread is about) will add additional security risk ? The key word here is additional.

What is the additional risk? And then can you explain the link to fraud? You've claimed it. You back it up.

Don't try fob my off with a link. If you don't know what you're talking about just admit it.

I was not "fobbing you off" with a link. Hacking is becoming an un-insurable risk, according to Lloyds of London (see Financial Times Friday). Data security is appalling in the majority of establishments, especially in Ireland. Common deminators are high risk data elements.

In the US, and elsewhere, there is a big black market in social security numbers, because they are widely used as part of the "security verification" for online and offline transactions. Similar numbers pointing to citizens and residents are illegal in Germany, for example.

I have no problem with standardised building ID numberws that are used to perform address matching and identification, an address cleaning etc - where these numbers are not widely published, and where if you want the dataset, you will be vetted in terms of need to know etc.

I do have a problem with published, widely used, building numbers that are on every address. In the same way I would have a problem if I had to put my ID card number in the country I live in as part of my mailing address. The PPSN has been widely abused and extended in terms of use in Ireland since it was invented for social protection and tax purposes back in the day. The same thing will happen with the postcode. PPSNs are not normally used or traded. Postcodes are. The security risks are far greater.

You don't put your Visa or MC number on your mailing address. Why then put a code that is exclusive to your home or office? The Eircode is not a postcode. It is an enhancement to ways and means of conducting fraud.

Programs like Flash act as keystroke data gathering machines for fraudsters, who pay for Google Adwords and other stuff to entice people to their malware laden website. There have been probably three or four versions of flash updates in the past month. The current version is 16.0.0.305, as I write this.

Which version is on your PC? http://www.adobe.com/software/flash/about/

Anyone who accepts building specific postcodes is naive in the extreme. And anyone who is involved with installing such systems will have a lot to answer for.

ukoda

Impetus wrote: »

I was not "fobbing you off" with a link. Hacking is becoming an un-insurable risk, according to Lloyds of London (see Financial Times Friday). Data security is appalling in the majority of establishments, especially in Ireland. Common deminators are high risk data elements.

In the US, and elsewhere, there is a big black market in social security numbers, because they are widely used as part of the "security verification" for online and offline transactions. Similar numbers pointing to citizens and residents are illegal in Germany, for example.

I have no problem with standardised building ID numberws that are used to perform address matching and identification, an address cleaning etc - where these numbers are not widely published, and where if you want the dataset, you will be vetted in terms of need to know etc.

I do have a problem with published, widely used, building numbers that are on every address. In the same way I would have a problem if I had to put my ID card number in the country I live in as part of my mailing address. The PPSN has been widely abused and extended in terms of use in Ireland since it was invented for social protection and tax purposes back in the day. The same thing will happen with the postcode. PPSNs are not normally used or traded. Postcodes are. The security risks are far greater.

You don't put your Visa or MC number on your mailing address. Why then put a code that is exclusive to your home or office? The Eircode is not a postcode. It is an enhancement to ways and means of conducting fraud.

Programs like Flash act as keystroke data gathering machines for fraudsters, who pay for Google Adwords and other stuff to entice people to their malware laden website. There have been probably three or four versions of flash updates in the past month. The current version is 16.0.0.305, as I write this.

Which version is on your PC? http://www.adobe.com/software/flash/about/

Anyone who accepts building specific postcodes is naive in the extreme. And anyone who is involved with installing such systems will have a lot to answer for.

That's a lot of words but no still explanation of the actual additional risk. Look I know what you're getting at...

I have data from stolen source A and then I steal source B and I want to see if there are any matchs. So what I do is make sure all the fields in both databases are named the same and I write a simple code that looks in both, examines the fields and identifies matches. Now I can merge the data and maybe get a full dataset for many customers. Having an eircode in this database is another field I can search on. But reality is I could match this dataset without it. And if I'm a fraudsters it would be prudent to match on every field not just one.

So to go back to my point? Where's the additional risk from having an eircode at the end of my address?

Again. Malware will take your info regardless of an eircode existing or not. Again. They can do the joining you mention with or without an ericode.

Why would I put my credit cards number at the end of my address? It's not my address its my payment info. It's function is not my address. Eircode IS my address, that's its function so in the scenario of giving my address to someone, having an eircode at the end makes F all difference.

And btw I use a Mac.

What you are basically saying is all addresses should be private and hidden and no one should know anyone else's. This is crazy. Eircode is just your address. People need to relax a bit and stop over engineering scenarios and basically scare mongering.


EDIT: you might want to have a look at how eircode will PREVENT fraud. Like the guys taking out multiple loans / credit cards / mortgages using slightly different versions of their address or the Irish version. It's gonna be pretty hard to do that with one eircode pointing to all variations in the ECAD. but you probably want to ignore that part right?

AlanS181824

So any word on when we'll actually get these codes?

Impetus

ukoda wrote: »

That's a lot of words but no still explanation of the actual additional risk. Look I know what you're getting at...

I have data from stolen source A and then I steal source B and I want to see of there are any matchs. So what I do is make sure all the fields in both databases are named the same and I write a simple code that looks in both examines the fields and identifies matches. Now I can merge the data and maybe get a full dataset for many customers. Having an eircode in this database is another field I can search on. But reality is I could match this dataset without it. And if I'm a fraudsters it would be prudent to match on every field not just one.

So to go back to my point? Where's the additional risk from having an eircode at the end of my address?

Again. Malware will take your info regardless of an eircode existing or not. Again. They can do the joining you mention with or without an ericode.

Why would I put my credit cards number at the end of my address? It's not my address its my payment info. It's function is not my address. Eircode IS my address, that's its function so in the scenario of giving my address to someone, having an eircode at the end makes F all difference.

And btw I use a Mac.

What you are basically saying is all addresses should be private and hidden and no one should know anyone else's. This is crazy. Eircode is just your address. People need to relax a bit and stop over engineering scensrios and basically scare mongering.

What does "Eircode" do to add value to your address?

It does not make your house or place of business easier to find.
It does not make it easier to deliver stuff, thanks to its randomization.

I am not saying that all addresses should be hidden.

I have no problem with every road/street having a name, and every house/building having a number, and no problem with certainty as to the town, or a code that identifies your postal district.

And the postcode should not be at the end of the address - it should appear on the same line as the town name, at the start, in accordance with mail addressing standards used in most of the planet.

And I don't trust the Irish government on data security - I suspect that they restrict publication of data breaches, or more likely are oblivious to them. Neither do I trust companies or other agencies, or the majority of banks and simiar entities.

And I don't propose to outline in detail one or more of the many techniques that might be used to commit fraud or other "forms of annoyance" in public in this or any other venue. From the tone and number of your postings, you appear to me to have some vested interest in the process of Eircodeization.

ukoda

AlanS181824 wrote: »

So any word on when we'll actually get these codes?

June is the latest date we got

plodder

ukoda wrote: »

Have you ever bought anything online that only asked for half or part of your billing address with your card details??! Man this just doesn't happen, they will want and should want your full billing address including your postcode even if the item purchased is for electronic delivery or no delivery.

The problem you're trying to solve doesn't exist. They will not use eircodes online to verify card holder details. They will either want your full address. No address. Or they will use verified by visa or mastercard 3D secure.

What your basically saying is: I trust this online company enough to give them my credit card details (card number, expiry date, name on card, CVV No.) but I don't trust them enough so I only want to give them half my eircode because I'm concerned with privacy. There's no emoji for this situation.

Yes, that's true. Full addresses are required for onlne credit card billing purposes. So, in that sense it's solving a problem that doesn't currently exist. I think you are still wilfully ignoring the main concern about risk though.

Other countries postcodes are anonymous. So, there isn't a data protection concern and there is a risk that Irish postcodes will get lumped in with postcodes from other countries. So, people who do analysis on postcodes to answer questions like how many people from area A bought product X and product Y. That's where the database join comes in. All of this is perfectly legal without requiring any consent from customers. The trouble is that the answers will apply to households in this country as opposed to anonymous areas. Even if you were to claim that nobody does this today. You can't possibly say that nobody will ever do it in the future. You might also claim that you can do it already today with addresses. But, it's much harder with addresses which is why postcodes are such good as database keys

ukoda

Impetus wrote: »

What does "Eircode" do to add value to your address?

It does not make your house or place of business easier to find.
It does not make it easier to deliver stuff, thanks to its randomization.

I am not saying that all addresses should be hidden.

I have no problem with every road/street having a name, and every house/building having a number, and no problem with certainty as to the town, or a code that identifies your postal district.

And the postcode should not be at the end of the address - it should appear on the same line as the town name, at the start, in accordance with mail addressing standards used in most of the planet.

And I don't trust the Irish government on data security - I suspect that they restrict publication of data breaches, or more likely are oblivious to them. Neither do I trust companies or other agencies, or the majority of banks and simiar entities.

And I don't propose to outline in detail one or more of the many techniques that might be used to commit fraud or other "forms of annoyance" in public in this or any other venue. From the tone and number of your postings, you appear to me to have some vested interest in the process of Eircodeization.

I've an interest as an end user. I want postcodes in Ireland. I have no other vested interest. I just don't agree with you. You haven't backed up your claim and now refuse to do so.

Just because I don't bash the code doesn't mean I am involved in the code. I'm not. I have an interest in infrastructure projects and I post in many other threads associated with that topic and other topics. I do admit to posting a lot more in this thread than anywhere else. But then again this thread is far more active than any other thread. So don't let me posting a lot here lead you to believe I only post here (have a proper look at my posting history if it really bothers you)

Ive a different opinion to you. That's and far as it goes.

ukoda

plodder wrote: »

Yes, that's true. Full addresses are required for onlne credit card billing purposes. So, in that sense it's solving a problem that doesn't currently exist. I think you are still wilfully ignoring the main concern about risk though.

Other countries postcodes are non unique. So, there isn't a data protection concern and there is a risk that Irish postcodes will get lumped in with postcodes from other countries. So, people who do analysis on postcodes to answer questions like how many people from area A bought product X and product Y. That's where the database join comes in. All of this is perfectly legal without requiring any consent from customers. The trouble is that the answers will apply to households in this country as opposed to anonymous areas. Even if you were to claim that nobody does this today. You can't possibly say that nobody will ever do it in the future. You might also claim that you can do it already today with addresses. But, it's much harder with addresses which is why postcodes are such good as database keys

but other countries addresses are unique. Having a unique address either in the format of other countries (street, house number, postcode) or having it in the Irish version (just postcode) makes no odds really.

If im a foreign company and I have eircodes lumped into database of other countries to try and cluster customers. It's not going to work. Eircode will only cluster to a very broad level. Oh hey wait.... Doesn't that protect us even more from marketing by not being able to do this?!
It just won't and can't work in the way you are describing it.

plodder

ukoda wrote: »

but other countries addresses are unique. Having a unique address either in the format of other countries (street, house number, postcode) or having it in the Irish version (just postcode) makes no odds really.

They might be unique but they are impractical as database keys.

If im a foreign company and I have eircodes lumped into database of other countries to try and cluster customers. It's not going to work. Eircode will only cluster to a very broad level. Oh hey wait.... Doesn't that protect us even more from marketing by not being able to do this?!
It just won't and can't work in the way you are describing it.

No. Think about individual postcodes. In the US a five digit ZIP represents thousands of households. In the UK a postcode represents a dozen(?). In Ireland it represents one household. So, any join across multiple databases by postcode, returns information about one household for Ireland.

ukoda

plodder wrote: »

They might be unique but they are impractical as database keys.

No. Think about individual postcodes. In the US a five digit ZIP represents thousands of households. In the UK a postcode represents a dozen(?). In Ireland it represents one household. So, any join across multiple databases by postcode, returns information about one household for Ireland.

No one does a marketing campaign for one household. What you think is an advantage to marketers is actually the opposite.

my3cents

plodder wrote: »

They might be unique but they are impractical as database keys.

...

Oh dear, well at least you've proved you don't have a bulls notion about database keys. A database key is assigned to a record so each address would be assigned a key in most database designs even if there was no Eircode.

ukoda

Impetus wrote: »

What does "Eircode" do to add value to your address?

It does not make your house or place of business easier to find.
It does not make it easier to deliver stuff, thanks to its randomization.
.

Google maps will be using eircodes. This was confitmed and it's highly likely sat navs will also.

This adds value by making it easier to find.

Nightline have confirmed eircodes will enhance their delivery process and that they will use them.

This adds value by making it easier to deliver goods.

plodder

ukoda wrote: »

No one does a marketing campaign for one household. What you think is an advantage to marketers is actually the opposite.

I never said it was an advantage for marketers. It is simply that the information exists and isn't protected as potentially sensitive personal information.

my3cents wrote:

Oh dear, well at least you've proved you don't have a bulls notion about database keys. A database key is assigned to a record so each address would be assigned a key in most database designs even if there was no Eircode.

A fixed length, short, unique alphanumeric text string is the ideal primary database key.

A variable length (from three lines of text to potentially 6 or 7 lines of text), non unique, with multiple spelling variations, is not a good database key and can't be a primary key

That was pretty basic stuff 30 years ago when I started out in IT.

yuloni

This post has been deleted.

ukoda

yuloni wrote: »

No, we haven't




Wrong again

Back when the Capita PR machine thought they had it all sorted, we heard one mumbling from their chief, Liam Duggan, that basically "yeah, Google... great bunch of lads". We've heard nothing since except that the rollout date is being moved again and again

While most of us here are limited to the PR guff being spewed out by Capita, thankfully Google and the mapping providers will be quick to call their bluffs. None of these providers will pay for a database unless they can be shown it is in moderate use and is useful to the public... and who better to know what the public are using on a daily basis than Google

You don't need anyone from capita to tell you google maps will use eircode. Google will gobble up any data they can get their hands on. There isn't a hope in hell they won't jump at the eircode database.

Google paid for the geo directory, the ECAD is a far better investment for them. They won't hesitate. For a few hundred euro they can assign a searchable unique code to every address in the country, it's like a wet dream for Google. But sure you know better im sure.

yuloni

This post has been deleted.

ukoda

yuloni wrote: »

Google only applied GeoDirectory and OSI data to it's maps in 2012 and they haven't purchased an update since. If they were so keen to "gobble up data"... why did they instead opt to use their own rubbish map and address data for as long as they did. And 3 years since the last update, that will work well with eircodes

And no ukoda, I don't know better than you as I have never worked with Capita... unlike yourself eh

Getting a bit tired of this "you must work there" stuff. For the last time. I don't. I have no association to them at all. I've made my feelings about capita clear on this thread. I don't like them as a company, I think they have an awful legacy but that's doesn't cloud my opinion of eircode.

In terms of Google maps. Are you really so naive as to think it's not of interest to Google? It's geo coded locations in a short code that will be Ireland's national postcode (weather you like it or not) they paid hundreds of thousands to drive the island for street view. More money to strap a camera to a lad to walk around the airports for inside viewing, do you think they will hesitate at a few hundred for eircode. As I said. It's much more valuable than the geo directory. Let's wait and see so.

yuloni

This post has been deleted.

ukoda

yuloni wrote: »

I had it on good advice that you have worked with Capita in the past. But here, I'll let it lie

Google collected more than nice images of gardens with their streetview cars. They measured and mapped GSM signals and also logged and mapped broadcasting WiFi SSID's which now make up the main component of their mobile location service. On top and from a mapping perspective, they captured house and street numbers and names which they are now deciphering through RE-CAPTCHA, they built 3D models with LIDAR radar and they also collected their own GPS tracks (and imagery) of their routes if they so wished to create map themselves. All in all, a much better spend than on a poxy database key I think

I told you on this thread I worked on a project that capita were involved in years ago. I also told you it was a horrible experience and I don't like them as a company. I have never gone anywhere near them since. I do not know anyone in capita nor have I any connection or inside info on eircode. I never have and never will work for them.

You are missing the point on Google maps, they did all that because they invested in Ireland. And that proves they will invest in layering in its national postcode to help their customers find all that hard work they have already done.

yuloni

This post has been deleted.

ukoda

yuloni wrote: »

Wait, you what?

I can't find it

Actually you're right. I told someone via PM, a new account that was set up purely to attack me on this topic. It was a user name that was a anagram of my user name. So now you either created this account to contact me or you know the person who did. Well isn't this interesting turn of events.

yuloni

This post has been deleted.

my3cents

yuloni wrote: »

This post has been deleted.

So you think its OK to create accounts just to send abusive emails to people?

At one stage that's what happened on this thread when anyone slagged off the now non runners Loc8.

yuloni

This post has been deleted.

ukoda

yuloni wrote: »

It's an interesting turn of events around you, yes. You never mentioned working with Capita before until now

That new reg you speak of did contact me and presumably others here after they had blown your cover!
Fair play to him/her I say, can't be just capita trolls running the thread

You read what I said right? I've no connection to capita or the eircode project. What cover are you talking about? 4 years ago I was involved in a project and capita were also working on a separate part of that same project in the UK. What cover are you on about?? I know no one in capita and to directly quote myself from that PM "I'm no fan of capita, tbh I think they are an awful shower of f**kers"

What do you think you've uncovered here? I suppose if Anyone walked past the capita office you'd call them a troll too? Because that's more of a connection than I have.

You've exposed yourself as taking part in creating a fake account to fire abuse at me. I don't believe your story of "they contacted me"

yuloni

This post has been deleted.

my3cents

yuloni wrote: »

This post has been deleted.

I did at the time and thought they were from you.

ukoda

yuloni wrote: »

This post has been deleted.

You're over reaching here. Making something out of nothing. Let's try keep this thread to the subject at hand and not meaningless side scraps that add no value.

I've reported you as you have information from a new reg account set up purely to harass me about this thread.

yuloni

This post has been deleted.