WSU President Elson S. Floyd back in 2007 expressed the need for an updated online student system. A few million dollars and four years later we find ourselves with zzusis. Unfortunately, this system openly displays sensitive information, which can easily be used to access a person’s bank account and steal their identity.
Aside from the odd name, I never really had much of a problem with zzusis. Sure, I am still waiting for the ability to display my schedule visually and not in an unintuitive table. After all, even UW has figured that trick out; you would think we could, too. Then of course, there is finding the elusive finance page. I am not sure why it is impossible to find, but after a good long search, it will eventually show up. I was all right with zzusis. It is not perfect, but it got the job done.
Then I talked with a fellow student who pointed a few things out to me. I will not reveal the identity of the student, as I was unable to confirm if they wanted to be publicly acknowledged. As it turns out, your zzusis account does more than just hold information about your schooling. Hiding within its depths is the kind of personal information your own mother does not even know.
In your profile information, printed in plain site, is your Social Security number. For you international students, a little further down will be your Visa number. Right above will be your drivers license number if the school has that information. All the information to take your identity is conveniently placed, in plain sight, on a single page.
But wait, there's more! If you are a school employee with direct deposit or have ever paid the school with an e-check, your accounts are vulnerable. A few clicks away from your Social Security number are your bank’s routing number, account number, banking institution and full name registered to your account. All the information needed to steal more than just your identity. Your private information protected only by a single password, which most people have saved in their browser.
It is also important to note the site does not log you out after a certain length of time. Even after closing the tab, you are still logged in. So this morning when you logged in, closed the tab, but kept Facebook open, several hours later you will still be logged in. And anyone could come along, snag your laptop and with it your life.
These are not hard security holes to patch, not in the slightest. I already know my Social Security number; I do not need a reminder. There is absolutely no reason for it to be displayed. If for some reason the school demands it be shown, at least cut it down to the last four digits. Try to at least pretend you care about my security.
In regards to the banking information, censoring everything but the last four digits of the account number would also solve the issue. Those digits would be sufficient for anyone to identify which of their accounts was being used. All the other banking information I already know or can find on my own.
To be fair, zzusis is an improvement from MyWSU. The name is not very good, but it fulfills the function. I just wish it only had the power to screw me over for the first few days of the semester and not the rest of my life. According to their online calendar, there will be an open forum regarding zzusis September 8 in Lighty 405 from noon to 1 p.m. I encourage everyone to go and voice any ideas or complaints. A few simple fixes would be enough to make every student safer from identity theft.