For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
Robert, I don't think it's useful to label thieves, even grand larcenists, as "terrorists". And comparing this guy to pedophiles and serial killers is disproportionate, and frankly insulting to the victims of these immeasurably more serious crimes.
Having said that, I commend you for highlighting the criticality of inside jobs in the identity crime wave. The lesson has to be that audits and policy-based responses are of very limited use, because insiders can so easily evade them.
Why don't we put proper security around online identifiers? Why do we resist so energetically investing in decent
preventative online security? Imagine running a bank where the main mechanisms to protect the cash was personnel processes and audits. Duh! We all know that insiders cannot resist multi-million dollar temptations ("it's good to trust; it's better not
to"), so we put all manner of proper physical controls around cash.
We must do the same with identity data.
As you say Robert, the fun begins when the identity thief obtains a target’s name and address, SSN, birth date and account information. They get away with ID fraud because it's
insanely easy to replay identity data to create new accounts. You're right that the rules around address matching should certainly be tighter, but the stark underlying problem would still remain:
identity data should not be replayable.
Asymmetric cryptography, digital signatures and secure chip devices for protecting personal identifiers offer the best way to imbue original identity data with a pedigree. These are standardised building blocks, now almost ubiquitous in the personal computing
and e-commerce technology stacks. Digitally signed data cannot be replayed; it's useless to theives. Banks, merchants and governments should use this technology. And then, on the Internet, you really could tell if I was a dog!
Stephen Wilson, Lockstep.
What is particularly disturbing in this case is the length of time, from 1st November 2001 to 30th April, 2009, that the crimes were allegedly underway - almost 8 years – as he is described as a 27 year old now, it means he started out when he was 19 years
– so what access rights did he enjoy under what level of supervision?
04 Feb 2009
24 Mar 2020
12 Mar 2020
05 Mar 2020
27 Feb 2020