<P>Security is a top priority for most organizations these days, and certainly Microsoft proclaims that it's job number one in Redmond. Which is why one reader found it very strange that Microsoft would insist on using his credit card number as ID for an <A href="http://www.microsoftelearning.com/">E-Learning</A> account.</P> <P>"I had an interesting experience recently in trying to sign up a client to a Micros Security is a top priority for most organizations these days, and certainly Microsoft proclaims that it’s job number one in Redmond. Which is why one reader found it very strange that Microsoft would insist on using his credit card number as ID for an E-Learning account.“I had an interesting experience recently in trying to sign up a client to a Microsoft E-Learning account,” the reader wrote. “I used my credit card to pay the $9.99 course fee, planning to let a user at the client do the course. After I signed up, there was no way to remove my credit card from the account. I didn’t want the user to be free to charge additional courses, but once the credit card was attached it seemed to be there and free to use.”The reader contacted Microsoft to see how to let the client’s user take the course without having access to his credit card. “After hours spent talking to various support lines, I was disturbed at what they said,” the reader wrote. “There is no way to remove a credit card from the E-Learning account, short of deleting the account — which prevents you from using the course that you paid for. Why is that? It seems that somehow the user identity is intimately tied not only to his e-mail address, but also to the credit card itself. At least, so they said. I’m not sure if this is some anti-fraud thing, DRM scheme, or what. There is no legitimate need to keep the credit card number as there might be, for example, with an online VOIP service where the monthly charge may vary. The course charge is fixed at the beginning of the transaction.” The reader did notice something that might explain why Microsoft has set the E-Learning payment system up this way. “A related and somewhat annoying issue is that Microsoft apparently will not sell this to corporate accounts using a common credit card,” the reader wrote. “They limit a single credit card to two users. E-Learning is included as part of the Software Assurance licensing program, but if you don’t have SA then there is no way that they could suggest for a corporation to buy E-Learning directly. My client is currently buying SA licenses, so this problem will go away for us. But what is going on here — is this another way of forcing Software Assurance on people who don’t want it?”Whatever Microsoft’s reasons, the reader thinks Redmond still has some lessons to learn when it comes to security. “I find it disturbing that a major vendor would use credit card numbers for anything except billing,” the reader concludes. “After all, one of the points of something like Paypal is to keep your credit cards away from vendors.”Have you seen a vendor playing a little too fast and loose with customer information? Tell us about it by posting your comments on my website or by writing me at Foster@gripe2ed.com. Read and post comments about this story here. Technology Industry