24 October 2017

44975

Retired Member

3,172Posts 11,365,035Views 3,409Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

Instant Cure For Identity Theft

20 October 2009  |  4220 views  |  7

I gave up talking about identity theft. That horse has bolted and the barn door has been wide open too long.

As I predicted some time ago, ID theft , and personal data theft enabling ID fraud is so rampant that sellers of such data are overlapping and the market is almost saturated.

It's time to fix it.

We've had some mention of gadgets and frustratingly ignorant and foolish consumers but we haven't really had any suggestions which could work right now, for most of us without huge capital expenditure and using what we have already - our mobile phones.

Spare me the iphone or whatever app, that won't cut it, we need the 'everyone' solution.

Real time is required.

Customer participation is required.

No call centers - no bank staff, a third party system which doesn't ever actually hold any information about the individual, nor does it engage in any other business except confirming identity.

A system which cannot be hacked into, and even if a hacker could get in they'd find an empty database - there is no personal data there to find.

Your information becomes your own, you decide who gets to see it and who they share it with and unless you participate, no-one can do anything in your name.

All you need is a mobile, and someone who knows you. It could be the government, your bank, your employer or someone we trust.

Credit reference agencies, banks, doctors, dentists, government employees would all have to get your permission to interact with your information. Unless you participate it is pointless for them because they can't know that they are really dealing with you - unless they participate in the system. They would have to prove who they are before they could access the information you permit them to see.

The attractiveness of this solution is immense. Economy of scale, agreed identical methods and standards, a level playing field with consumers empowered to help protect their good names.

You wouldn't have to buy anything, learn anything new, do anything you can't understand or don't already know how to do. It doesn't need anything new 'rolled out' or installed or proved or tested or paid for.

It could be used to allow permission, confirm identity, confirm a payment and a host of other things too, and do it everywhere, at your front door, on the net, in the street and at No 10 Downing St.

The most important thing it could do is end identity fraud and it wouldn't matter a hoot that all your personal data is already stolen and in the hands of thieves, it would do them no good at all.

Something everyone can use, understand how it works and be empowered to take back their identities.

Anyone else have any ideas?

If not then give me a call. It's time to end this idiocy.

Tags

Comments: (16)

Cedric Pariente
Cedric Pariente - EFFI Consultants - Paris | 20 October, 2009, 10:37

Interesting.

However, the list of people we are supposed to trust is quite surprising.

If I had to list people we can absolutely not trust right now I would list exactly

"Credit reference agencies, banks, doctors, dentists, government employees"

How would it work in such a case?
What if I do not trust anyone? (which is a reasonable approach when talking about ID Theft according to a lot of people who are blogging here)

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ainsley Ward
Ainsley Ward - ACWA Consulting - Diegem | 20 October, 2009, 14:47

And of course the third party company should be run by Dean Proctor, master of the secret identity solution...

Once again you're off spouting all of this theoretical nonsense that has absolutely no grounding in the real world. Mobile phones are not a good basis for any all-encompassing scheme because NOT EVERYONE HAS ONE. Indeed saturation is high in many markets, but in a global population of 6 billion, only around half have an active mobile - even if you make the poor assumption that each person only owns one mobile (I myself have 2). And many folk, particularly the young, will change their phone at least every 12 months. So there is fatal flaw number 1.

Fatal flaw number 2 comes in your assumption that all the 'trusted' people that you've listed actually give a crap about identity theft. A bank doesn't care who you are if they get their money back. A doctor will treat you and get paid regardless. A dentist even more so. The Government only cares if you are taking money out of the system - and only then if you're better at it than an MP. In the real world banks have not addressed ecommerce fraud in the UK because it would currently cost them more than they're losing. Basic rules of a free market economy.

In fact, the only person that really cares about your identity is you. And so you have a choice to either prepare plan B and work out how to mop up when (not if) things go wrong, or turn into one of those anal folk that shred their mail and have seperate PCs for each application.

In the free market economy, Customers will declare their position through their actions. Banks like Capital One that are building their reputation on security and authentication will capture those that are worried about these things. Others will focus on ease of use and capture the folk with plan B. It's as simple as that.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 20 October, 2009, 14:48

Cedric,

I would propose that people were given the opportunity, perhaps with the assistance of legislation where required, to decide who could access their information and in what context.

For instance - should credit reference agencies be able to supply your credit rating to a lender without your participation?

It has proven to be unwise. I would propose that you should be part of the process, a process which would fail with just scavenged documents and a printer in the hands of a fraudster.

If you choose not to apply for credit you should be able to choose to have your credit file locked. That is a no-brainer. I propose it should only be unlocked by you.

The only effective solution will be to enable you to, by default, disable things like loan applications, opening new accounts and other opportunities for fraud - by require you to actively participate, using your mobile to authenticate that it is you applying.

In the case of health care, you may choose not allow a doctor to have access to your medical records, however that would probably be counterproductive.

If, however your health insurer were footing some or all of your medical bill they may be keen to be sure it is you getting the work done at their expense (and it is in your best interests) and you must be enabled to reassure your co-payers that it is you they are paying for.

I would imagine a visit to your doctor might include a couple of actions on your mobile to confirm your attendance and permit the doctor to access your medical records. The receptionist need not even know your name if you preferred that level of privacy. The system will still work for you.

Your confirmation at the conclusion of treatment might also confirm to perhaps VA or the government healthcare system that you are in fact receiving treatment from the doctor who is billing them. The process would be fast and simple, removing the need for documents, cards and paperwork and could also confirm payment of your contribution to the cost.

You cannot be forced to participate so long as you have the means to pay your own way.

At times we all have no choice but to 'trust' someone somewhere. Repairman, policeman, government employee, dentist - only you won't have to trust just their word, plastic or paper as to who they are.

Does it not seem logical? Forget about how it is done, preconceptions of cost or difficulty - what if it was just plain easy and simple?

I believe we would all benefit from the power to control our identity and at least confirm the identity or authority of those we interact with and in so doing - dis-empower the information thieves.

Do you have a mobile?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 21 October, 2009, 14:09

To me, there is a fine line between insightful comment, using your own products as examples because that's what you know best, and out-and-out astro-turfing. Ainsley Ward clearly feels this post falls on the wrong side of the line, and I'd tend to agree. Does FinExtra need a bit less of the 'world hunger is soluble by a product I just happen to sell' type of posting?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Joe Pitcher
Joe Pitcher - Irrelevant - Wirral | 21 October, 2009, 14:20

Chris, I'd have to agree with you (and Ainsley). Unfortunately Finextra blogs are turning into adverts for products which purport to save all the ills of the world. Try and get any further information though and all you get is stone walls. I fully support anyone promoting a solution that they claim resolves all issues where others fail but only if they can back these claims up.

I could easily post I have a cure for cancer, can run faster than Usain Bolt and a better job than Rafa Benitez.....please just don't ask me to prove any of this.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 21 October, 2009, 15:13

This is exactly what I've been recommending for over six years, through a variety of published research reports and public presentations. I've even said as much in presentations to US government officials and in keynotes to financial industry executives, but I mostly get blank stares. Anyone who's followed the research of my company, Javelin Strategy & Research, knows that we've said ID fraud (we avoid the term "identity theft") is a unique crime because it involves two categories of victims (identity-holders and financial providers) who don't generally cooperate with one another on a proactive basis. The privacy and victim advocates are sometimes the biggest impediment to protecting individuals (do I really dare say this?) because their well intended efforts at protecting individuals result in a furthering of the victim mentality. The technology exists to enable individuals, and while mobile phones are ideal, tellers in bank branches can suffice as well for the have-nots. 

 

We'll only defeat identity criminals when we get identity-holders and various institutions to get as organized as the criminals already are. We now have survey results from 246,000 identity-holders, bankers, vendors, merchants and others from which we draw this conclusion. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Paul Penrose
Paul Penrose - Finextra - London | 21 October, 2009, 15:21

The Finextra Community has strict guidelines on the use of blogs posts to promote third party products and services - ie, it's not allowed and we're quick to clamp down on malfeasants. We also have an abuse reporting mechansim where members can report infringements of the rules.

Now Dean may not actually have a commercially available product to punt - which is why some of these posts slip through.

However, the Community has spoken and it seems to be mightily fed up. As the Community bobby I reluctantly accept that we have to take action.

Dean, you're contribution to the general Community debate is still welcome - but when it comes to your mystery product, I think it's time to put up, or shut up.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Nick Green
Nick Green - ISD Consultants - Northampton | 21 October, 2009, 21:01

Here, Here!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
John Dring
John Dring - Intel Network Services - Swindon | 21 October, 2009, 21:49

I for one enjoy the doom mongering and conspiracy theories of Dean (even concur with quite a few), but would agree that its a bit tedious hearing snippets of some ethereal system which frankly just revolves around a 'trusted third party' approach.

there's always an attack vector, and in the case of trusted third parties one is the integrity of the people and systems in it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 22 October, 2009, 11:58

So I take that as a No.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 22 October, 2009, 12:58

Dean,

You should take the comments on the chin.  You have been identified as what you are.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 26 October, 2009, 14:48

I agree with Deans approach in that a real time solution is required and we should encourage customer participation.

We just need to look at the way we use data to confirm identity.

Identity can be confirmed by verifying different pieces of personal information against seperate databases and checks.

It is imperative that this data is held in different places and it is only used to check the data you have and doesn't return any information for the individual.

So for example you would be able to check that a passport number was a correct number for a person with the enterered information however if you did not have the passport number you would not be able to return that information.

It is basically non-disclosure multi-source identity checking. The sources and checks would be dynamic and only the method of access and risk scoring methodology remaining the same.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 27 October, 2009, 00:39

Anyone like some egg?

http://www.finextra.com/community/Fullblog.aspx?id=3442

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 27 October, 2009, 03:19

http://news.bbc.co.uk/2/hi/uk_news/england/cambridgeshire/8325477.stm

The right link. Online banking anyone? Perhaps not with eggs.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Joe Pitcher
Joe Pitcher - Irrelevant - Wirral | 27 October, 2009, 09:37

I think the key sentence in this article is:

"the strongest practical solution available and was just part of the multi-layered security employed"

Its not a perfect solution - far from it but at least its real! Theoretical systems that are yet to exist in the real world cannot be attacked by Cambridge University students so therefore cannot have their flaws identified.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 29 October, 2009, 01:27

"the strongest practical solution available and was just part of the multi-layered security employed"

Not perfect is an understatement.

Not secure is the reality.

I am constantly amused at how quickly the snake oil evaporates.

I look forward to UK and all banks being forced to carry the risks in internet transactions.

I would suggest that executive bonuses could be tied to the level of internet fraud, in reverse of course. Perhaps directors personally liable? Sort the men from the boys.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3119 posts3,409 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Dharmesh Mistry
Nicola Cowburn
Michael Wright
Charmaine Oak
Francis Chlarie
Raymond Lee
Deepthi Rajan
Melvin Haskins
João Bohner
Bob Lyddon