TELECOM Digest OnLine - Sorted: Re: Is Your Identity Safe?


Re: Is Your Identity Safe?


Scott Dorsey (kludge@panix.com)
3 Mar 2005 10:22:30 -0500

Dan Lanciani <ddl@danlan.com> wrote:

> I've seen variations of this posted in many groups and lists, and of
> course we have heard of similar (though perhaps smaller) incidents in
> the past. Yet nobody ever seems to ask the obvious question: why does
> ChoicePoint deliver sufficient information for identity theft even to
> "legitimate" businesses?

Because there is money in it, and there isn't anybody preventing it.

> More abstractly, why is the information required by an entity to
> verify the identity of a consumer also sufficient for someone to
> obtain credit or cash in the name of that consumer? There are many
> ways to set things up such that this is not the case. They range
> from the highly technical (e.g., public key crypto) to the
> procedural (credit inquiry locks).

Because it is a necessary condition to obtain credit to verify your
identity. If you have good credit and someone can impersonate you in
some way, they can take advantage of it.

The only way to prevent this is to make it more difficult to
impersonate someone. This could be a technological improvement, such
as accurate biometrics like fingerprints, or it could be a social
improvement, such as the privacy laws enacted in Europe which are
sadly not in force here in the US.

> IMHO, the current system is designed purely for the convenience of the
> financial institutions. The consumer is expected to disclose whatever
> personal information the bank requests and, if the bank likes what it
> hears, the consumer may get his money, credit, etc. The system is not
> only haphazard and insecure but unidirectional: there is barely any
> notion of the bank's authenticating itself to the consumer. It is
> because many consumers are conditioned to respond unquestioningly to
> anything that appears to be acting on the bank's behalf that the many
> phishing scams (online and otherwise) are practical.

Of course, because the banks are the ones with the money.

> Recently in my area we had a rash of ATM fraud. The scam involved
> replacing the door entry card reader at enclosed ATMs with one which
> recorded the customer's information, and installing minicams to watch
> the PIN entry.

This does nothing to prevent fraud. All it does it make it easier to
identify the perpetrator after the fraud has been committed. That is
not a bad thing, but it's not a solution.

--scott

"C'est un Nagra. C'est suisse, et tres, tres precis."

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Ken Abrams: "Re: Hookflash and Ground Start Analog CO Trunks From PABX"
Go to Previous message: David Quinton: "Re: BTK Serial Killer Caught from Church Computer Disk"
May be in reply to: Dan Lanciani: "Is Your Identity Safe?"
Next in thread: Dan Lanciani: "Re: Is Your Identity Safe?"
TELECOM Digest: Home Page