Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)

From: Crispin Cowan (crispin@private)
Date: Thu Sep 26 2002 - 23:25:50 PDT

Next message: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"

Previous message: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
In reply to: Baker (aka John B. Corey Jr): "RE: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
Next in thread: Greg Jorgensen: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Baker (aka John B. Corey Jr) wrote:

>Having spent some time working for both retail and investment banks, I do
>not believe that banks have any vested interest resisting useful changes.
>There certainly would have to be changes but if the cost was less than the
>present costs of fraud issues (not all directly connected to identify
>theft), the banks will get on board. Bank customers value trust and security
>so banks are used to finding ways to offer solutions that customers value.
>
It sure would be great if banks would get the hell out of the way of 
solving this problem.

>There are certainly legal issues between state and federal regulations. Some
>of these issues are larger than the US as people  travel with their identity
>and credit instruments. Hence some of these solutions need to work even when
>someone is traveling outside the US or someone from outside comes to the US.
>
Hmmm ... I'm not sure how much of an international issue this is. The 
problem is domestic financial institutions willing to accept crappy 
authentication for serious operations. I don't really care what an 
identity thief does with my ID in France or India, as I'm under no legal 
obligation to pay those debts. Similarly, foreigners who come to America 
are practically immune to standard identity theft, because they don't 
even have SSC's.

>One retail bank in the UK has 4 pieces of info for each customer. To access
>your account you have to supply all four. Ignoring the idea if this is
>perfect, it shows that changes happen in an effort to reduce the risk
>profile.
>
That's good to hear, but it depends on how public those pieces of 
information are. If it is 4 public or easy to get pieces, and what those 
pieces are is also public (easy: thief opens their own account at that 
bank) then it is still all to easy to impersonate a customer.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

application/pgp-signature attachment: stored

Next message: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
Previous message: Crispin Cowan: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
In reply to: Baker (aka John B. Corey Jr): "RE: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
Next in thread: Greg Jorgensen: "Re: Identity Theft (was: CRIME Computers vulnerable at Oregon department)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 23:56:38 PDT