|
By Robert Siciliano, IDTheftSecurity.com
We can fix this thing, but we won't because we don't want to be inconvenienced. I'm introduced to amazing technologies every week that will stop this. All they need is government support and system-wide adoption. Meanwhile, Chuck Schumer and Ed Markey and the rest of the grand-standing politicians scream about privacy and security issues when they see an opportunity for publicity, but their follow through is less than satisfactory.
We use easily counterfeited identification, Social Security numbers that are written on the sides of buses, and we rely on the anonymity of the phone, fax, internet and snail mail as a means of application.
In other countries they solve problems. They have priorities and don't deal with the rhetoric. They put security first, convenience second.
Cedric Pariente from B32Trust tells us that in Paris, France you need to open an account first before a loan is granted by a bank. In order to do so, you need to provide them with a printed copy of your ID card and proof that you still live where you claim to live (last electricity bill usually.) Then they can check your credit history and decide to grant you with a loan or not. Most of the time, they just check that your debt is not over 30 percent of your income. You have to be a bank client. Doesn't seem they allow phone, fax, internet or snail mail transaction when granting credit.
In the U.K., Keith Appleyard echoed something similar to France's system: you have to present yourself in person with a Government-issued Photo ID such as Passport or Drivers License, plus a proof of address less than 3 months old, such as a bank statement or utility bill. Keith further explained the whole UK population had vetting their Identity Credentials and one of the last people to be vetted was the Queen of England, but she is not exempt. So she meets with her Bankers, but she doesn't have a Passport or Birth Certificate or Drivers License. So she asks them to take a Sterling Currency note out of their wallet, points to her picture engraved on the note, and says "yes, that's me." So they officially recorded the Serial Number on the Currency note as being her Identity Document. I think that process may need looking into.
In Australia, Stephen Wilson from the Lockstep Group discussed identification of customers opening bank accounts has been regulated since the 1980's. They have a roster of "evidence of identity" documents (passports, Australian driver licenses, government issued cards of various sorts, other bank accounts, utility bills, birth certificates, naturalization certificates …) each of which is equated to a set number of "points" reflecting broadly the quality of the document as proof of id. You need to present 100 points total to open an account. Usually passport + driver license suffices.
Gavin Matthews of SECCOM GLOBAL in Australia adds the system can only be compromised with forged items, which are not that easy to obtain. Like our money these days we have holographic licenses, chipped passports etc. However it does happen regularly and organized crime is the main culprit (Asian gangs, motorcycle clubs etc) and replication of stolen items probably makes up 70-80% of beating this system. There have been cases here of people working for drivers licensing authorities in various states being indicted for fraud etc and being linked back to organized crime.
In Finland, Kalle Keihanen from the Nordea Bank Finland Plc added the modern IDs are pretty tough to forge and forgeries easy to spot by professionals like bank tellers. If there is a suspected fake document the police are summoned and their database includes pictures and such of the real person.
When opening a bank account, the social security number on the ID is first mathematically verified (it has a simple algorithm built in), and then submitted electronically to a national registry, which then returns the name, address and credit info tied to that SSN. Utility bills or such are therefore not needed.
The low identity theft figures in Finland are mostly due to the SSN, where the system does real-time checks on the status of the identity, combined to a difficult-to-forge array of ID papers (passport, driver's license, national id). Also, nearly 100% of Finns always carry a picture ID, since the law requires "every person of age 15 and up to be able to reliably prove their identity to the authorities." Thus, there is a "chain of picture identity papers" starting from childhood in the national registry and any new ID application is verified against previous ones and the photos in the database, making applying for an ID with a stolen identity extremely difficult. You can only apply for an ID to replace one that is broken or expiring. Stolen or lost IDs are always submitted for criminal investigation before a replacing ID is issued.
While none of these systems are perfect, they are a step in the right direction and far better than the US's honor based system. At least we have corporations that are providing what the government won't. But that still doesn't fix the problem.
This article was published by Infosec Island.
Robert Siciliano is an expert on personal security and identity theft and the CEO of IDTheftSecurity.com.
Only registered users can write comments.
Please login or register. |
