RE: Identity Theft (was: CRIME Computers vulnerable at Oregon department)

• Previous message: Crispin Cowan: "Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• In reply to: Crispin Cowan: "Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Next in thread: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Next in thread: Greg Jorgensen: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Next in thread: Crispin Cowan: "Re: CRIME Computers vulnerable at Oregon department"
• Reply: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Focusing on a small part of the discussions...see below

Baker

-----Original Message-----

> ID theft works because a very large number of organizations (banks,
> credit bureaus, etc.) treat Social Security numbers as authenticators
> instead of identifiers.

> An obvious solution to ID theft is to implement national strong
> authenticators. But that is rife with problems: civil liberties issues,
> the fact that it is technically infeasible to do it right, etc.

> What WILL work to prevent ID is legislation that prohibits banks &
> credit bureaus from using pathetically weak authenticators. Dr. Crispy's
> proposed law to largely eliminate ID theft:

>    * No financial institution or government agency may use a social
>      security number, any attribute that is a matter of public record,
>      or any attribute that is easily obtainable about another person
>      (such as DOB, address, or mother's maiden name) as an
>      authenticator. Authenticators must be *secret*, known only to the
>      person and to the issuing organization at the time of issue.

> Sadly, I don't think the State has the jurisdiction to implement such a
> law; it'll probably have to be Federal. It will also likely be a long
> time coming, because while it will save the hapless victims of ID theft
> vast fortunes, it will cost the financial institutions big $, and their
> lobbiests will prevent any such thing from happening.

> Crispin

Having spent some time working for both retail and investment banks, I do
not believe that banks have any vested interest resisting useful changes.
There certainly would have to be changes but if the cost was less than the
present costs of fraud issues (not all directly connected to identify
theft), the banks will get on board. Bank customers value trust and security
so banks are used to finding ways to offer solutions that customers value.

There are certainly legal issues between state and federal regulations. Some
of these issues are larger than the US as people  travel with their identity
and credit instruments. Hence some of these solutions need to work even when
someone is traveling outside the US or someone from outside comes to the US.

One retail bank in the UK has 4 pieces of info for each customer. To access
your account you have to supply all four. Ignoring the idea if this is
perfect, it shows that changes happen in an effort to reduce the risk
profile.

Baker

• Next message: Greg Jorgensen: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Previous message: Crispin Cowan: "Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• In reply to: Crispin Cowan: "Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Next in thread: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Next in thread: Greg Jorgensen: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Next in thread: Crispin Cowan: "Re: CRIME Computers vulnerable at Oregon department"
• Reply: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 20:26:44 PDT