Slashdot Mirror

← Back to Stories (view on slashdot.org)

Combating Identity Theft

Posted by ryuzaki0 on from the who-am-i dept.

An anonymous reader writes "Net-Security is running an interesting article about some of the problems facing organizations when it comes to identity theft. From the article: 'Identity theft is the major security concern facing organizations today. Indeed, for the banking industry, it is the number one security priority for 2006. Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users. While easy to do, this approach is extremely hard and costly to scale upwards and offers no interoperability with other authentication networks.'"

4 of 204 comments (clear)

  1. Alternative systems? by RingDev · · Score: 4, Interesting

    As noted, hardening identity security is extremely costly and difficult. Another option may be to reduce the importance of an identity, make them easier to get rid of and recreate. For example, if someone grabs your credit ID and maxes you out, you'll have to battle for years to get your credit rating restored. If a system could be developed to trivialise the impact of Identity Theft, then the importance of security would decrease from its current point. Yes, it's treating the symptoms, but in this case it could be the cheapest and easiest way to having a safe experience for customers.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  2. A statement and a story by Anonymous Coward · · Score: 5, Interesting

    merchants pretty much ignore the signatures on the back of credit cards

    This is common knowledge. I haven't signed the back of my card in over 10 years. What's funny is when a cashier actually looks at the back of the card and then just procedes on even though there's no signature. Let's face it though, even if they did check, it's a worthless security measure anyway. Any crook with even a primitive grouping of nerve endings in their skull can take the few minutes to come "close enough" to the signature on the back of the credit card they just stole.

    Interesting side note about the saying that the "banking industry" no taking advantage of their own saftey checks. When I went to get a cashiers check for the down payment on some real estate (around $13K), my bank gave me MASSIVE amounts of grief because my signature on the cashiers check request did not match the signature they had on file for me, nor did it match the signature on my drivers license (all three were different). I ended up having to produce another form of picture id (which for most people is difficult, since usually it's your drivers license that has a picture, for some it could also be a student id, for many you're SOL) and signing another signature card. Turns out that while the signature card is not used generally to check the signature on checks (it's bank stated purpose), the bank does check it for transactions over $10K.

    1. Re:A statement and a story by fumblebruschi · · Score: 5, Interesting

      Bear in mind that the signature on the back of the card is not a security measure for you; it's security for the store.

      If you look at the card, you'll see a notice by the signature field that says "NOT VALID UNTIL SIGNED." This is because the card constitutes a binding contract between you and the credit card company. Until you sign it, the card is not a financial instrument.

      Let's say you don't sign the card, and you use it to but $1500 worth of stuff at a store, and then you don't pay the credit card bill. The credit card company is not legally obligated to pay the store for the goods you bought, because the unsigned card was not a binding agreement. You can be prosecuted for acting in bad faith, but the store won't get its $1500.

      That's why the store needs you to sign it--and that's why, when I was a cashier (for my sins) I would often have to ask people to sign their credit cards.

      Incredulous customer: But don't you see how ridiculous that is? I might have just stolen this card and be forging the signature on it!

      Me: That's true, but remember, I'm not doing this to protect you; I'm doing it to protect the store.

      Technically, by insisting on a signature, I was performing good-faith assurance. Sure, the guy might be signing a fake name; but a store can't be held legally responsible for detecting forged signatures, since it's not reasonable that a minimum-wage cashier be required to be trained in forgery. (Court cases have upheld this.) As long as the card has a signature on it, the credit card company has to reimburse the store for whatever gets bought. That's the only thing the store cares about.

      The lesson? Remember that the only person who has any interest in protecting you is yourself.

    2. Re:A statement and a story by 6*7 · · Score: 5, Interesting

      'If you look at the card, you'll see a notice by the signature field that says "NOT VALID UNTIL SIGNED."' ...
      'The credit card company is not legally obligated to pay the store for the goods you bought, because the unsigned card was not a binding agreement.'

      That's a nice though, but I'm wondering how an online transaction fits into this scheme?