By silicon.com, 4 December 2003 12:00
The twin issues of ID protection and ID theft have crept up on us this year with the subtlety of a double-kneecapping.
By the middle of the summer, we heard Gartner saying ID theft in the US was up 79 per cent year-on-year and - get this - around 7 million Americans had been affected. And, as we all know, where the US leads, the rest of the developed world inevitably follows. We're talking about fixing a lot of credit records.
So it was that by the autumn one of the biggest stories, even in mainstream press, became 'phishing' - typically involving badly crafted spam emails from criminals impersonating well-known banks, sent with the intent of harvesting personal details such as account numbers, DoB, ATM PINs and so on.
Barclays, Citibank, LloydsTSB and Natwest were just some of around 20 multinational institutions to be impersonated in this cookie-cutter crime near the beginning of October. By last month, we even had a UK conviction against an organised gang.
It is little surprise experts now put the cost of ID theft in the UK at over £1.5bn a year, as well as the incalculable hassle of putting straight records and mending damaged reputations.
Of course, some maintain such thievery should be harder. Running checks on buyers at checkouts or over the phone or net even would be easier, they say, if we have biometric ID cards.
The Home Secretary certainly thinks so, though no doubt he's thinking less of authenticating ecommerce transactions and more of public services and trying to work out who the 'bad guys' are in society.
So by the end of a year in which the general public have learnt about phishing and ID theft, they are now looking and feeling their way around subjects such as iris and fingerprint biometric ID checks. As taxpayers, it's estimated at a £3bn project, assuming it were to happen and come in on target.
The message at the heart of silicon.com's latest special report, called 'Protecting your ID', is that all of us as individuals have a duty to safeguard what makes us, well, us. Every password you have, every product you buy or government service you're entitled to comes with responsibilities.
It's a cliché now but the greatest weaknesses are rarely technological but human. We must learn to behave more securely, in many ways.
Technology can help - as PKI and authentication beyond the humble password will show us - but on the other hand, politicians and bosses must realise it is not an answer in itself.
A population or workforce educated in shredding sensitive mail as much as being coy with info on the phone or not treating email as secure must be much more valuable than a billion pound IT system. It's time to be vigilant.
Comments
There is 1 comment. Join the discussion
1. anonymous
One alternative is simply to trash your own credit. True, you'd have to pay cash for everything. (This would be a bad thing ... HOW?) It's interesting to contemplate what would happen if many, many credit profiles were worthless. The credit bureaus' data largely would be worthless. IDs would make unattractive targets for thieves. And how would lenders figure out who is credit worthy? The poor dears!