The cost of Identity Theft has grown to over a $1.6Bn per annum, just in Australia alone. Worldwide that figure is probably around $20Bn. A staggering amount of money, which generally comes from credit card fraud. Who pays for the fraud, a mix of the customer and the organisation if the customer can prove it wasn’t them spending the money. Ultimately this will result in higher costs and prices for everybody.
How do we protect ourselves against identity theft? There are many ways to do this but here’s just a few:
- secure your mailbox with a lock
- remove your name and address details from official correspondence
- don’t use “free wi-fi” found in shopping centres and airports without utilising a VPN to mask your online transactions
- regularly check your bank account statements to see if there are irregular transactions
- never respond to spam emails or those that look “funny” asking you to confirm your details
- look here for more ways to protect yourself
In doing these things you do protect your identity information – BUT – what if you are one of the unlucky ones that’s been compromised? Has your bank, telephone company provided your account with enough protection to make sure when they are talking to someone it’s actually the real account holder?
It’s a very difficult balance for institutions to do this effectively, as on one hand they don’t want to make it too onerous for real customers, but on the other they need enough to satisfy themselves that all is ok.
When establishing an account you are required to provide various forms of documentation, including photo id from an official source; like a passport or a drivers license. Mostly identity theft occurs after the account is established and the organisation is contacted for help and support. The process is simple, identify yourself, things like secret questions, passwords, date of birth, account limit or the like. If your identity has been compromised then perhaps the thief as gathered enough of this information to be credible.
The next step is to use a technique called “social engineering” where the thief takes advantage of a nice call centre representative just trying to help you the client to bypass the checks and then can transfer the account away from you, the owner, and turn it over for their fraudulent purposes.
Are there ways to strengthen the systems to reduce the incidence of thieves getting away with our money and our lives?
The simple answer is YES.
A change to the business behaviour logic in dealing with customers and secondly via technology.
Technology advances in the areas of biometrics now make it viable to embed mechanisms in both online and smartphone apps. One way could be to request facial biometric matching of the person on the line with the account holder details captured during account creation. Yes I know this a bit “big brother-ish” but isn’t it worth it for the security. Another technique might be voice validation, some banks are already starting to use this to verify customers.
Whatever the mechanism is it a price you are willing to pay?
I would be interested to hear about your positive and negatived experiences in identity theft or rather identity protection.