By Jo Best, 3 March 2005 16:20
NEWS A quarter of adults have been a victim identity theft or know someone who has been affected by it, an investigation by Which? magazine has found.
The research also discovered that awareness of the crime is rising, with two-thirds of individuals now concerned about the crime, which costs the UK around £1.3bn a year according to government statistics.
Despite the growing fear of identity theft, Brits are surprising lax about taking easy steps to keep their personal details out of the hands of the fraudsters.
Which? found that 33 per cent of adults don't take any precautions to beat the ID thieves, while 18 per cent shred their documents but still use a single password for all online banking; a similar number dont shred documents but make use of several different passwords, while 31 per cent take both precautions.
According to Equifax, a victim of an identity theft will need to take up to 300 hours to clear their name following the attack.
Which? magazine's recommendations to safeguard against identity theft include shredding all documents, using a variety of passwords when banking online and checking personal credit files regularly.
While the more tech-savvy individual that can spot a phishing email a mile off may think themselves safe from the fraudsters, David Porter, head of security and risk at consultants Detica, warned people are opening themselves up to attacks by posting personal details on seemingly innocuous websites.
"A huge amount of your identity is your biography and your life. I think you shouldn't disclose any information about your life, your loves, your job, your friends to websites aimed at making you new friends or reuniting you with old ones. People should be careful about submitting CVs to recruitment sites too."
As well as encouraging individuals to be more aware of how they might become victims, banks and financial institutions could also take steps to cut off the fraudsters.
Dave Birch, head of IT consultancy Consult Hyperion, said: "If you're asking people to log on with passwords, what do you expect? [Identity theft] increases the pressure for organisations like banks to come up with better solutions... You're never going to get anywhere with passwords - you need hardware in the loop, whether that's mobile phones or chip and PIN, and you have to move from one- to two-factor authentication."
Comments
There are 7 comments. Join the discussion
1. Russell Henley
Online identity fraud is a lot simpler than some people believe - when you enter your email address + password into many websites you have no idea whether or not that password has been encrypted or whether any staff running that website can see it.
As a developer I've seen plenty of sites where passwords are stored in plain text rather than using basic MD5 encryption, or ideally MD5+SALT encryption.
If you use the same password across several sites, you are relying on the security of the weakest, not strongest, link in that chain. If someone manages to hack one site they can try and use your details on several other (e.g. ebay, paypal, banking etc. etc.).
I always use a different password for each website, although often pick something easy to remember based around the site name. And I don't have a text file on my desktop that says 'passwords.txt' either(!)
2. Watching Them, Watching Us
"the crime, which costs the UK around £1.3bn a year according to government statistics."
Really ?
What is the source of these so called "government statistics" ?
c.f.
"Identity Fraud" does NOT "cost the UK £1.3 billion a year"
http://www.spy.org.uk/spyblog/archives/2005/03/identity_fraud.html
3. Graham Blland
Everybody seems to assume that this is a problem whihc must be solved by the end user. I would argue that the banks, finance companies etc. have a very large role to play in prevention. The theives are taking advantage of how easy it is to obtain credit, manipulate bank accounts, change addresses and passwords on these accounts and the very weak authentication methods which are used. These institutions should examine any of their procedures which can either be used to assist in identity theft (change of address, order new chequebook etc) and those involved once a theft may have been comitted (open account, obtain a loan and so on).
A lot of these changes would be relatively trivial, for example if an account address change has been made in the last 2 months any new chequebook ordered must be collected from a local branch rather than being posted out and the time delay should trigger a "where are my statements" question from the account owner which should arouse suspicion. Also the person collecting it will be captured on their CCTV cameras. I know none of these would be foolproof but lets not make it so easy for the criminals.
4. anonymous
I agree with the Graham, the banks are the ones to blame. If they are issuing credit to people who they have not confirmed the identity of, then it is their fault.
If I lend money to someone I don't know is this identity theft?
No its stupidity.
The banks and organizations not checking who people are must be liable for the losses and sued for any hardship caused by their lack of controls (or stupidity perhaps). The idea that the end user is at fault is ridiculous.
5. Roger Huffadine
This is badly biased reporting
I know about between 500 and 1000 people of those one has suffered identity theft.
I am one of those 1 in 4 who know of someone who has suffered identity theft.
We can deduce that the problem is at least 1000 times smaller than the report pretends.
6. John Nicholl
I have one question. Why can I not get a chip-n-pin cardreader for my pc? Thus security is not password dependant, but, more reliant on the phisical presence of the card. Ok i understand the desire for some to be mobile in their activities, however life is about choice, and this option is realisble by todays technology. So why can I not choose it?
(I know thier are two questions, but they are the same really!)
7. Matthew
Er Roger.. with that reasoning, I would stick to the tech stuff and keep away from the stats.. I don't think we can assume that your sample of 1000 is representative of the UK as a whole.. (not that I believe the 1 in 4 stat has any credibility either)