What to do with checks

[Fairlight]

Only Richard Kreiss would say something like:
> One of my clients is processing a large number of checks.
> 
> At present his bookkeeper is making copies of all of the checks to go with a
> deposit and then filing the copy one with the deposit and one in the
> person's file.
> 
> Is anyone scanning images into a filepro blob?
> 
> Any thoughts on this matter would be appreciated.

I wouldn't scan them into a blob.  Especially when you start mentioning
"large number" in the same context.

If I were going to do it at all, which is a point of potential debate
regarding security of information (routing numbers, account numbers, etc.),
I would scan them in, encrypt them, and store the path to the encrypted
file in a single regular field in fP.  If it needs to be accessed in future
(and really, how often is that likely?  Sounds like this is pretty much
archival use) then have a script or batch file that lets you unencrypt the
file with the proper passphrase and then launch a viewer against it.  Once
done with the viewing process, wipe the unencrypted image file.

The encryption should actually be done against at least -two-
recipients--the person doing the encrypting, and a separate key that
only the CFO or CEO knows the passphrase for.  If someone ever gets
fired, quits, whatever, the one key can be rescinded and they still have
access to the information at the top levels of the company--they can
even be re-encrypted against different keys once decrypted.  I'd aim for
narrowing the non-CFO/CEO key to as few people as possible having access.
Technically it could be multi-tiered, where there's a personal key that
indicates who created it (and which is the signing key), a second key for
the department's use if it's a department, and then a third key for the
absolute high-level management.  Check into GPG in command-line batch mode.
It's possible with 5.6 that you could put the passphrase in an encrypted
field in fP nowadays and automate the decryption of that and supply it
transparently to GPG on STDIN.  Ideally you'd do this with USER in fP, but
if this is Windows-based, you could emulate that by writing a batch file
that contains the command pipeline and then execute that batch file, then
wipe it.  There's a brief window of opportunity there for someone to snag
it while the command file exists, mind you.

I would argue that while this seems to some people like a lot of effort
to store and be able to get at them, 1) they're probably not going to
need to access it in a reading context more than once in a blue moon (I'd
guess...could be wrong), and 2) it -should- require effort and specific
knowledge to get at something with that kind of sensitive information.

Actually, I'd also possibly check into software that could automate
the blurring/masking of routing and account numbers if that was at all
feasible and that part of the information isn't needed.  No, I don't know
of anything offhand--not for images, anyway.  But I've done it in video,
so the odds are high that it's possible for images.  It may even be doable
with GIMP and script-fu, although I don't know enough about programming
that to be able to pull it off without some serious research.

Keeping that stuff laying around is a liability, in my opinion.  I
personally would advise against it unless it's absolutely necessary.  If it
truly is necessary, then those are my recommendations on how I'd handle it.

mark->
-- 
No matter what your problems, modern medicine can help!
http://members.iglou.com/fairlite/fixital/