Prevent Users from Sharing PII & Account Information

Marshall Bauernfeind

Preventing users from sharing account information is a security concern as well as a way to prevent paid accounts from being shared. When hosting a virtual environment targeted to kids, you are also required to take reasonable measures to prevent users from sharing PII (Personal Identifiable Information) in accordance with COPPA (Children’s Online Privacy Protection Act). The types of personal information include, but are not limited to, phone number, email address, and home address which cannot be shared in chat rooms, forum posts, and the like. Implementing all of the following prevention techniques will dramatically reduce your risk from users sharing account credentials and PII.

Prevent Users from Sharing PII & Account Information

Educate Your Users

Will your users read your terms of service and privacy policy from start to finish? What if they are children? Probably not. Periodically remind users the importance of keeping private information private. First, display a notification each time users log in reminding them to never share their name, address, etc. Also, create quick and fun activities for your users to engage in informing them what not to share in the form of videos, short games, or other activities.

Prevent Users from Typing Their Own Information

Passwords typically cannot be filtered since each user’s password is One-way Encrypted in your system (at least it should be!). However, you can prevent users from sharing their login names by rejecting messages that contain the login name of the user that generated the message. Without it, the password is not very useful. Note that a user’s login name cannot be the same as their public display name for this technique to work. Any personally identifiable information you store about a user (name, email, address, etc) can also be filtered on a user-by-user basis using this technique.

Open Chat: Filter Commonly Used Phrases

To identify and eliminate a majority of chat messages or forum posts that contain PII or account information, add commonly used phrases to your blacklist such as:

  • My phone number is
  • My address is
  • What is your phone number
  • Send me your account info

There are a number of variations for each phrase to consider as well, such as the pound sign (#) in place of the word “number”. Keep the phrases as short as possible, but not too vague as to generate false-positives. For example, blocking the word “number” will generate too many false-positives if filtered alone. Instead, add “my phone number” to your filter blacklist.

Open Chat: Detect Email Addresses and Phone Numbers

Two of the most commonly shared pieces of personally identifiable information are email addresses and phone numbers. Simply preventing “.com”, the “@” sign, and numbers from being typed are a good start. Better yet, use a filtering solution that can detect clever attempts of getting around the filter when users spell out numbers or type “at” in place of the “@” sign (among other techniques).

Implement Restricted Chat

Restricted chat is commonly referred to as White List Filtering. Users are only allowed to type words and phrases that are on a pre-approved list. Kids have been known to be able to circumvent white list filters to share information such as their phone number, so moderation efforts still need to be in place. Read the very informative post by Izzy Neis for more details on restricted chat challenges: Is there such thing as 100% Safe Chat for kids?

Keep an Eye on Repeat Offenders

This is a common moderation practice for preventing any inappropriate behavior and worth mentioning here. If a user tries to share their personal information once, keep an eye on their content to be sure they do not try again.

Will these techniques be 100% effective when used together to prevent users from sharing account credentials and personal information? Most likely not, but making the effort will drastically reduce your risk and provide users a level of comfort and security while participating in your online environment. Visit the description of Inversoft’s CleanSpeak Filter and Moderation Tools to learn how integrating CleanSpeak will make the effort easy!

You should follow me on Twitter

Further Reading:

Children’s Online Privacy Protection Act (COPPA) FAQ

5 Online Safety Tips to Teach Your Child

 

Comments are closed.