19 July 2018
Stephen Wilson

Stephen Wilson in Lockstep

Stephen Wilson - Lockstep Group

34Posts 137,691Views 174Comments
A post relating to this item from Finextra:

Gullible Brits make life easy for ID thieves

19 October 2009  |  4663 views  |  0
Despite a massive drive to educate the public about identity theft, Brits are still far too willing to hand over personal information to complete strangers, says Sophos man Graham Cluley.

Maybe security designers need to live with human nature

20 October 2009  |  2626 views  |  0

OK, so people generally reveal too much about themselves.  They tend to be more trusting than security advisers would like them to be.  So, where to next?

Some will view this video with alarm and will conclude that the huge investment in public awareness hasn't been enough.  Perhaps they will advocate even more training and education.

But others might conclude that maybe we've been pushing hard enough against basic human nature.  Maybe getting people to change their instincts and fundamental behaviours is a fool's errand? 

It really wouldn't matter that people gave up their name, DOB and e-mail address if these little ID molecules were useless to criminals.  I know it's not a fashionable view, but let's face it: what we have in security really is a technology problem!  It's absolutely nuts that my name and DOB can be used by someone who is not me in order to gain access to my digital property. 

And please, let's not forget that the majority of stolen IDs are now lifted en masse from backend databases.  So the behaviours of individuals online is less and less relevant to the broader fight against ID crime.

It's actually quite straightforward technologically to render ID data non-replayable.  All we have to do is digitally sign our transactions and communications.  All the requisite asymmetric cryptographic building blocks are built into the standard PC and e-commerce technology stacks. The smartcards, SIMs, smart phones and so on needed to carry individuals' keys are getting ubiquitous.

The Internet is full of paradoxes.  It's not at all like the real world.  We welcome and prize its unreality, yet at the same time, we seem to expect Internet users to embody even greater levels of caution and incredulity than they do in the physical world.  The moral of the vox pop seems to be little more than "Don't talk to strangers".  Sorry, but I think we need a more sophisticated way forward to secure the digital world.  If most people are innately trusting, then we must stop relying on training them, against their human natures, as the primary weapon against cyber crime.

Stephen Wilson, Lockstep.


Comments: (0)

Comment on this story (membership required)

Latest posts from Stephen

Now is not the time to go soft

03 August 2012  |  4175 views  |  2 comments | recomends Recommends 0 TagsSecurityPayments

How much worse can CNP fraud get?

17 July 2012  |  3304 views  |  1 comments | recomends Recommends 0 TagsSecurityPayments

Credit card numbers are like nitroglycerine

13 January 2012  |  4802 views  |  0 comments | recomends Recommends 0 TagsSecurityPayments

Banks really know their customers

13 December 2011  |  3384 views  |  1 comments | recomends Recommends 1

Taking full advantage of Chip

02 June 2011  |  4593 views  |  6 comments | recomends Recommends 0

Stephen's profile

job title Managing Director
location Sydney
member since 2008
Summary profile See full profile »
I specialise in digital identity, privacy, smart technologies and fraud prevention. I run the Lockstep Group, which researches and develops innovative solutions to Card Not Present fraud and identity...

Stephen's expertise

Member since 2008
34 posts174 comments

Who's commenting on Stephen's posts