Paul Hill – MIT
At one school a student was duplicating cards including mag stripes, which allowed purchasing. Under state laws that was considered a credit card breach, so had to notify effected parties.
Other issues that have arisen: Vendors accepting cards – point of sales terminals display remaining balance on cards, showing to clerk, the purchaser, and all the other people in line.
At one school a student project revealed security flaws in the transit pass card system while the school was working with the transit system to use campus ID cards as transit passes – the transit system then declined to continue working with the school.
Bill, from Georgetown – at Georgetown security controls and access systems are now under control of IT department, consolidated from multiple departments around campus.
From survey – everyone is centralizing card systems. Some have multiple places issuing cards, e.g. the library.
At MIT they’re loading all the pictures from ID Cards into the data warehouse, but there are lots of rules around who can access them. At UCSD all faculty can have access to (all) student pictures, and get them on class lists. Most places allow faculty access to photos of students in their classes. At Princeton students provide their own photo, and they can opt-out of publishing the photo. At Stanford there’s almost no opt-out. Klara notes that at Duke as they make the pictures more available they’re starting to see more requests for vanity photos.