(Or please send us.) XYZZY, Inc."
Countless "phishing sites" are existing on the Internet. For example, appearance of the victims who are ripped off their "Credit card number" or "PIN code" is unending. Sooner or later, phishing sites that try to gather "Individual Numbers" will come out.
"Suppose if a phishing site that spoofing my company have emerged..."
For those companies utilizing many external freelance must rely on "online application". However, the situation will be a serious trouble if a spoofing phishing site emerged. Basically, there are no measures to prevent the ripping off other than to ask for confirmation of "data transmission destination" and "addressee".
- URL for the destination of verification file is "https://example.com"!
- Address for mailing copies of identification documents is "Anyplace street, nakagyo-ward, Kyoto city"!
In the example which I have presented in the latest article,
It was available to apply for freelance in remote location, lawyers or accountants. Moreover, it was excellent workflow that is capable of reducing the number of "person responsible for collecting the Individual Number" to very limited. As a result, it was possible to reduce the "risk of information leakage by human" to almost zero.
However, in that sample, it was required to attach "Individual Numbers" and "Image files of certificates".
- A). Image of "Driver's License"
- B). Image of "Notification card"
B: Can be substituted with "Individual Number card (back side)" or certificate on which Individual Number is indicated such as "New Residential certificate", etc.
That is, in terms of the fishing site side, it can be said that it is a "structure of easy to Rip-off." Risk assessment by qualified personnel of information security may vary, but at least it cannot be said that "the risk is zero". In the first place, I wonder if there is a way without exchanging sensitive information online?
The following Workflow is an Individual Number Application flow from a remote location that is characterized in;
- Not submitting neither "A; Image of Driver's License" nor "B; Image of Notification card" (!)
- Not submitting even "12-digit individual Number" (?!)
"Division of the information" is the keyword. Explaining this business process roughly, it consists of the following two Steps.
- Transmission of first 8-digits
- Verbal report of last 4-digit
Caution: Regarding to "it is clear that it is the same person", there is a risk of occurrence of "difference of opinion" between the government institutions, etc.! For more information, please confirm the enforcement regulations Act Article 3 (5) and the enforcement regulations Act Article 9 (4). (Or go to the Government office to confirm, preparing for red tape runaround.)
[Individual Number Application flow-5]
Regarding to the systems and services that saying "Supports the Individual Number", there are many cases which require the procedure of "take a picture of your Driver's License with your Smartphone and attach it (mail it)". It is also the same as a sample of Application Process which has been posted on this blog "National Identification Number in Workflow (4)".
However, it will be unpleasant when you practically experience Uploading or mailing "an image file of your Driver's License".
In particular, at least there will be a need to perform a sufficient demonstration of the in-house if you have outsiders uploading the "image file of the Driver's License" for Online Application. If assumed applicant might be expected to likely complain of "indescribable anxiety", it may be necessary to review the specifications and prior explanation contents of the application system drastically. (It depends on the IT literacy of the assumed applicant, relationship between the applicant and the company, etc.)
What is excellent in this Workflow is;
- No need to "enter 12-digits Individual Number"
- No need to "attach image file for identification"
- No need to "attach image file for collation on the Number"
Even if malicious employees appeared, the "Specific Personal Information" cannot be collected easily. And also for the anti-phishing, it is possible to make descriptions that are easy to understand. (With this alone, the possibility to be deviated from the "target" will be grown.)
For concrete workflow, although there is a need to have a closer look at the process Diagram, it follows a complex procedure of;
- 0). An applicant registers "First 8-digits" online (Designates the Number collator)
- 1). An Accounting personnel choose a Number collator on the system
- 2). The Number collator enters the "Last 4-digits"
Individual Number is submitted in division of information that are "via Web Form" and "via Existing employee". It forms like a fusion of the advantages of the two Business Processes that I have introduced in the past.
- Identification by the Managers: National Identification Number in Workflow (3)
- Centralized acceptance by the Head office Accounting: National Identification Number in Workflow (4)
Surely, the complexity is the point that should be cared for running this Workflow. When an error occurs at "Check Digit validation" (automated Step), basically they have no choice but to redo the whole process because the cause identification is difficult.
However, in this example, it has been complicated intentionally
- for collecting "Accurate and legitimate Individual Number"
- for eliminate "the risk of leakage of Specific Personal Information"
It will probably not be said that the complexity is unacceptable if its philosophy is shared within the company.
When it becomes Applications from the employees and Part-timers flow smoothly at the beginning, then it will be capable for the Applications from external freelancers, lawyers and accountant, lecturers on request. Furthermore,on the days when this Workflow is recognized on the daily basis, many of the employees would be able to explain "the purpose of dividing the application" and "the importance of Specific Personal information".
<Check Digit validation at Automated Step>
//// == Retrieving == var first8 = data.get("5"); // First 8-digit (8 numeric characters) var last4 = data.get("9"); // Last 4-digit (4 numeric characters) //// == Calculating == //// == Updating == var mynumber = first8 + last4; if( last4 != null && mynumber.length == 12 ){ var mysum = 0; for( i=0; i<5; i++){ mysum += parseInt( mynumber.charAt(i) ) * (11 - i - 5); } for( i=5; i<11; i++){ mysum += parseInt( mynumber.charAt(i) ) * (11 - i + 1); } var checkdigitnum = 11 - mysum % 11; if( checkdigitnum > 9 ){ checkdigitnum = 0; } var typedcd = parseInt( mynumber.charAt(11) ); if( typedcd == checkdigitnum ){ retVal.put("24", "OK" ); } else { retVal.put("24", "ERROR: Invalid 12-digits number" ); } } else { retVal.put("24", "ERROR: Last 4-digits is NOT entered" ); } retVal.put("31", mynumber);
[Individual Number Application flow-5:'Nomination of who inputs Last 4-digits' screen]
[Data Items list]
[Free Download]
- Business Template: Individual Number Application flow-5
- National Identification Number in Workflow (1) (2015-06-15)
- National Identification Number in Workflow (2) (2015-06-22)
- National Identification Number in Workflow (3) (2015-06-29)
- National Identification Number in Workflow (4) (2015-07-06)
- M220 AUTO START: Auto Starting Triggered by Published Web Form Entry
- M213 OPERATING SCREEN: Guidance Shown on Operating Screen (HTML/JavaScript)
- M210 ALLOCATION: Designation of Downstream Operator in Upstream Step
[Japanese Entry (εζθ¨δΊ)]