Visit www.barracudasecurity.com

Legend

Location Of Theft in AQUA BLUE
URL Of Linked Article In STEEL BLUE or GREEN
Full Content Of Article In BLACK
Theft Description In Body Of Article in RED

Tuesday, February 13, 2007

VIRGINIA BLOGGER MAKES GOOD POINT ABOUT BIOMETRICS AND SECURITY X Curmudgeon: Preventing Identity Theft With Biometrics: Tuesday, February 13, 2007

Preventing Identity Theft With Biometrics


It's estimated that millions of Americans now suffer the crime of identity theft every year. There's a fairly good way to stem the epidemic. Unfortunately, it requires banks and other credit issuers to take responsibility for a problem THEY have created.

Think of it this way. You're a good citizen, minding your own business. Then you apply for a loan, or try to rent an apartment, and you're turned down because you have a bad credit record. It turns out someone stole your identity, got a bunch of credit cards, racked up debt and, of course, never paid. Now, whose fault is that? It is the fault of whoever issued the thief credit in the first place, because they were negligent in verifying the identity of the thief.

The identity theft problem has gotten so out of hand because banks and other issuers of credit (mainly retailers) have made it too easy to grant instant credit with the most minimal of effort by both the credit applicant and the credit issuer. Most credit issuers require only a social security number, a matching name and a birthdate in order to issue credit, often on the spot.

[Worse yet, the Washington Post reports today that banks are now seeking to extend credit to illegal aliens without social security numbers. The rest of us will end up paying for this fiasco.]

Any moron with half a brain can find names and birthdates on the web. All they need to go with that data is a social security number, and those are relatively easy to come by because they are stored in thousands of databases and exchanged all the time. One of the greatest sources of such information istheft by insiders, who can make easy money with little likelihood of being caught.

The government never intended social security numbers to be used as some kind of secure device for identifying someone, and social security numbers clearly fail miserably for that purpose. So why do banks use them so widely? Because its cheap and the banks can fob their losses off on the rest of us.

Here's what we need to do to greatly reduce identity theft: (1)make banks and other issuers of credit liable for costs incurred by consumers in connection with identity theft; (2) prohibit banks from issuing credit based soley on a social security number/DOB/name; (3) require issuers of credit to collect biometric information unique to individuals.

At its simplest, it works like this. Someone goes into a department store and applies for instant credit. The store clerk takes a digital photo of the person applying for credit, and collects a fingerprint on an electronic portable fingerprint pad (these exist and are economical). (Or it could be an iris scan, or something else.) That alone would discourage most imposters from applying since it would give police a ready trail to follow.

For more remote applications, there are still ways to collect similar information. For example, phone applicants could be required to consent to a voice print that could be matched with a database. Applicants by mail could be required to make a follow-up appearance in person at a local bank for a digital photo and fingerprint/iris scan/whatever. Since almost everyone lives near a bank branch, this wouldn't be too inconvenient.

Credit issuers would have to initiate a period for existing cardholders to submit their identifying information so that they could have databases against which to compare imposters, but that shouldn't be all that inconvenient either. (And anyone refusing to sign up within a reasonable period could be denied protection if their identity isstolen in the future.)

Biometrics are not foolproof. Since any biometric ultimately has to reside in computers in digital form, they can be stolen. That's one reason it is important to require a credit applicant to show up somewhere in person to be photographed and submit their biometric identifier. If there is a problem, they can more easily be tracked down. And, of course, thieves don't want their photos taken, their fingers printed or their irises scanned.

Frankly, this isn't all that difficult a problem to fix--all it takes is a little bit of will.

Labels: ,

No comments: