Latest opinions that Stephen Wilson has shared on Finextra

Join the Community

23,625

Expert opinions

40,456

Total members

368

New members (last 30 days)

207

New opinions (last 30 days)

29,163

Total comments

Join Sign in

Stephen Wilson

Managing Director

Lockstep Consulting

Member since

24 Apr 2008

Location

Sydney

View Stephen Wilson's full profile

Stephen's opinions

PCIed out yet?

Wow! Are we all PCIed out? The Network Solutions breach was announced on Friday 24th, and four or five days later we still haven't heard any accusations about whether they were or were not PCI compliant! Perhaps that sinking feeling is transforming into a realisation that there's not much that PCI compliance can do to thwart these sophisticated at...

27 July 2009

You can't complain about interoperability, except ...

I hope Kantara will be different but I have yet to see an identity interoperabiity initiative that properly articulates the real probelm it's trying to solve. A wise person once said something along the lines that the question is sometimes more important than the answer. So, what precisely is meant by "interoperability" of identities? ...

20 June 2009

We need clearer thinking about privacy and security

There's still not enough clear thinking about the nature of personal information being traded and lost online. Not all information is the same! In examining the terrible trend in personal information losses, Tower Group remarks that "While greater access to customer data is key for businesses to improve customer relationship management and b...

17 June 2009

An ounce of prevention is better than a pound of audit

While dissatisfaction with the PCI standards has been simmering for some time, the debate is now boiling over. And not before time. In March, the US House of Reps’ Homeland Security Committee held a hearing as to whether PCI security standards have been effective in reducing cybercrime. The chair, in his opening remarks, suggested empirically tha...

01 May 2009 /regulation

Hybrid cards perhaps less than the sum of their parts

The real issue in the new crop of hybrid cards that combine Chip & PIN with One Time Password generators is whether they represent a long term strategic advance, or are more about shorter term convenience. Convenience is important, but we need to have a long term plan. Do the hybrids do anything more than do away with a key fob, by integrati...

05 December 2008

How to stop identity theft

The root problem in most identity theft as we know it today is the ease with which ID data can be taken over and replayed. Businesses ask for -- and obtain -- ever increasing amounts of precious ID data in an increasingly futile effort to authenticate their online customers. IDs get stolen and traded on a vigorous black market, enabling fraud wh...

28 October 2008

But is it an attack on Chip and PIN per se?

I can see how lifting account details from a terminal device can help an attacker take over a bank account via conventional channels, but I am not sure that this is an attack on the Chip and PIN system is it? I assume that the attackers are not able to clone any smartcards using the stolen data (because of the fundamental security measures in the ...

13 October 2008 /security

Where is the All Party Parl. Group ID Fraud Report?

While there is some reporatge of the latest report by the All Party Parliamentary Group on ID Fraud, I cannot find the APPG's report, or even its press release anywhere. The APPG's website (www.fhcreative.co.uk/idfraud) appears to be a year out of date. Does anyone know where to find the report? Cheers, Stephen Wilson, Lockstep.

08 October 2008

National ID card and biometrics in banking

One purpose for the planned UK National ID Card is that it is to be used to help banks confirm identity when individuals open new accounts or undertake certain higher risk transactions. The plan is for banks to have fingerprint scanners and to compare new fingerprints with templates held on or with the ID cards of customers (see for example Tran...

05 July 2008

We could make ourselves less vulnerable to breaches

People often bemoan being treated "like numbers" in the modern world. If we think more deeply about ID theft, the real problem is that when we deal with people numerically, we need to take more care about the pedigree of those numbers. Card-Not-Present fraud and all manner of identity takeover is enabled by the fact that most "i

27 May 2008 /security