Slashdot Mirror

← Back to Stories (view on slashdot.org)

Combating Identity Theft

Posted by ryuzaki0 on from the who-am-i dept.

An anonymous reader writes "Net-Security is running an interesting article about some of the problems facing organizations when it comes to identity theft. From the article: 'Identity theft is the major security concern facing organizations today. Indeed, for the banking industry, it is the number one security priority for 2006. Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users. While easy to do, this approach is extremely hard and costly to scale upwards and offers no interoperability with other authentication networks.'"

12 of 204 comments (clear)

  1. It's useless... by Anonymous Coward · · Score: 5, Funny

    There's really no point to fighting identity theft. If someone wants your identity, they'll take it.

    --CowboyNeal

  2. They're not helping themselves by Kombat · · Score: 5, Informative

    A big part of the problem is that the banking industry isn't always taking advantage of their own safety checks. For example, take a look at these stories to see how merchants pretty much ignore the signatures on the back of credit cards.

    --
    Like woodworking? Build your own picture frames.
    1. Re:They're not helping themselves by Mattcelt · · Score: 5, Insightful

      To put it simply: it isn't painful enough.

      VISA actually requires that merchants, in some circumstances, NOT challenge the person using the card. (Have tou noticed that many merchants won't even ask for a signature for purchases below a set limit now?) Why? Because the cost of turning away potential sales - including fraudulent ones - is many multiples of VISA's cost of lost revenue due to fraudulent activity and theft.

      What's more is that merchants, not the credit card issuers or underwriting banks, are the ones ultimately responsible for more than 90% of chargebacks. So if the merchant sells a product to someone using a fake card, and the rightful owner of that card challenges it, the merchant takes the loss, not VISA. So for the most part there's really not a direct reason for VISA to curb fraudulent activity at all.

      So security in this case actually leads to loss of sales, and therefore loss of revenue for VISA. The customer is indemnified, VISA and the banks are insulated, and the merchant gets screwed - until they raise their prices to make up for the loss. And even then, it's the customer who bears the ultimate financial burden. IOW, VISA has every incentive to make it easier for people to use their cards, even if that means more identity theft.

  3. IMPOSTER by Anonymous Coward · · Score: 5, Funny

    **I** am Anonymous Coward, this ^^^ guy stole my nick. Don't believe a word he says!

  4. It's mostly paper - checks, etc... by AnonymousPrick · · Score: 5, Insightful
    From here: Clark Howard's Identity Theft Section

    Mar 11, 2005 -- How identity theft really occurs
    Identity theft has become huge, as we all know. But how and why does it occur? Many people think that identity theft occurs because of what we do online. But just slightly more than 10 percent happens online. Almost all of it occurs when someone steals your checkbook, your wallet or your mail. The Internet actually helps in reducing ID theft, according to the Better Business Bureau. Monitoring your checkbook and credit card status online is a huge deterrent to identity theft because people find things quickly and can report them right away. So, if you still have a checkbook and you refuse to part with it, keep it at home and know where it is at all times. This is especially important for businesses, which are expected to keep a higher standard of security when it comes to securing checks. Businesses have liability for checks written that are stolen. So, keep very good track of your checks if you own a business.

    --
    Saturday is April 1. Slashdot will be shut down. Sorry for the inconvenience.
  5. Theft? Fraud! by TechyImmigrant · · Score: 5, Insightful

    It's not theft. It's fraud.

    --
    Evil people are out to get you.
    1. Re:Theft? Fraud! by Neoncow · · Score: 5, Funny

      I prefer to think of it as identity sharing.

  6. A statement and a story by Anonymous Coward · · Score: 5, Interesting

    merchants pretty much ignore the signatures on the back of credit cards

    This is common knowledge. I haven't signed the back of my card in over 10 years. What's funny is when a cashier actually looks at the back of the card and then just procedes on even though there's no signature. Let's face it though, even if they did check, it's a worthless security measure anyway. Any crook with even a primitive grouping of nerve endings in their skull can take the few minutes to come "close enough" to the signature on the back of the credit card they just stole.

    Interesting side note about the saying that the "banking industry" no taking advantage of their own saftey checks. When I went to get a cashiers check for the down payment on some real estate (around $13K), my bank gave me MASSIVE amounts of grief because my signature on the cashiers check request did not match the signature they had on file for me, nor did it match the signature on my drivers license (all three were different). I ended up having to produce another form of picture id (which for most people is difficult, since usually it's your drivers license that has a picture, for some it could also be a student id, for many you're SOL) and signing another signature card. Turns out that while the signature card is not used generally to check the signature on checks (it's bank stated purpose), the bank does check it for transactions over $10K.

    1. Re:A statement and a story by fumblebruschi · · Score: 5, Interesting

      Bear in mind that the signature on the back of the card is not a security measure for you; it's security for the store.

      If you look at the card, you'll see a notice by the signature field that says "NOT VALID UNTIL SIGNED." This is because the card constitutes a binding contract between you and the credit card company. Until you sign it, the card is not a financial instrument.

      Let's say you don't sign the card, and you use it to but $1500 worth of stuff at a store, and then you don't pay the credit card bill. The credit card company is not legally obligated to pay the store for the goods you bought, because the unsigned card was not a binding agreement. You can be prosecuted for acting in bad faith, but the store won't get its $1500.

      That's why the store needs you to sign it--and that's why, when I was a cashier (for my sins) I would often have to ask people to sign their credit cards.

      Incredulous customer: But don't you see how ridiculous that is? I might have just stolen this card and be forging the signature on it!

      Me: That's true, but remember, I'm not doing this to protect you; I'm doing it to protect the store.

      Technically, by insisting on a signature, I was performing good-faith assurance. Sure, the guy might be signing a fake name; but a store can't be held legally responsible for detecting forged signatures, since it's not reasonable that a minimum-wage cashier be required to be trained in forgery. (Court cases have upheld this.) As long as the card has a signature on it, the credit card company has to reimburse the store for whatever gets bought. That's the only thing the store cares about.

      The lesson? Remember that the only person who has any interest in protecting you is yourself.

    2. Re:A statement and a story by 6*7 · · Score: 5, Interesting

      'If you look at the card, you'll see a notice by the signature field that says "NOT VALID UNTIL SIGNED."' ...
      'The credit card company is not legally obligated to pay the store for the goods you bought, because the unsigned card was not a binding agreement.'

      That's a nice though, but I'm wondering how an online transaction fits into this scheme?

  7. Re:Make it harder by Knackered · · Score: 5, Insightful

    They don't want to make it harder to get credit. The whole basis of their profitability is giving easy credit to people who will draw on the credit, and pay them interest. Making it too hard to get credit would make them less profitable. It's only when the cost of identity fraud exceeds the profitability from easy granting of credit that they'll change.

    --
    a.
  8. Lenders are liable for ID theft, not victims by max+born · · Score: 5, Informative

    I was a victim of ID theft 5 years ago. A credt card company (Next Card IIRC) gave someone a credit card who had only my name and SS#, wrong date of birth and wrong address. Anyway this guy went to Vegas and ran up quite a bill. It was only when the card remained unpaid that the company bothered to track down the real me.

    They wanted me to sign an affidavit. I told them I wan't signing anything, it wasn't my problem. I quoted the following from CHAP. 41, SUBCHAP VI, sections b and e of U.S. Code TITLE 15 which states:

    (b) Burden of proof
    In any action which involves a consumer's liability for an unauthorized electronic fund transfer, the burden of proof is upon the financial institution to show that the electronic fund transfer was authorized or, if the electronic fund transfer was unauthorized, then the burden of proof is upon the financial institution to establish that the conditions of liability set forth in subsection (a) of this section have been met, and, if the transfer was initiated after the effective date of section 1693c of this title, that the disclosures required to be made to the consumer under section 1693c(a)(1) and (2) of this title were in fact made in accordance with such section.

    (e) Scope of liability
    Except as provided in this section, a consumer incurs no liability from an unauthorized electronic fund transfer.

    Anyway, they took care of everything after that. Including my credit rating.