Wednesday, February 01, 2006

Fixing Fraud

Sun's Robin Wilton ("Is 'user-centricity' the answer to identity fraud?") makes an interesting point about Identity theft/fraud which I haven't seen mentioned before. He notes that, in a Wall Street Journal piece, it's asserted that "Businesses absorbed 93% of the financial damage".

He goes on to cite the conventional wisdom that "...a huge proportion of identity theft arises when the user's details are in the custody of someone else," which is often coupled with the suggestion that one way to cut down on fraud is to "make the user the data custodian, or give the user the (only) means to control access to their personal data."

But Robin notes: "The question the WSJ article prompts me to ask, though, is this: can you envisage a case where the user has that degree of control, and yet businesses still shoulder 90% of the cost of identity theft? I can't."

Now where the fraud can be laid at the feet of the business, it's right (I feel) that the business cover the costs. But when a close relative steals your ATM card and PIN, it's hard to justify sticking the loss on the bank. When users gives up their identity data to a phishing scheme, it's likewise hard to blame the institution for the user's gullibility. But as soon as you make the user responsible for the security of the data as well as the sole source of authorization for release of the data then there's very little the business will have to take responsibility for. All of the lwill be lbe back on the user's shoulders. Wilton thinks this might increase awareness on the part of users, but I think it will increase awareness on the part of politicians, who'll manipulate the feelings of users to gain political advantage. There'll be a lot of hot air, some smoke and mirrors but little done to prevent identity fraud.

Thanks Dave - I don't know whether to be flattered or scared... your last few sentences are particularly chilling given that our beloved politicians happened to choose today to release ID fraud figures in support of their assertion that a national ID card is the solution to all our ills...

Here's a link to the post (I hope).
It seems to me that if the financial responsibility was pushed back to the consumer, we'd stop putting ourselves at risk by discontinuing our on-line business. I think businesses that shoulder the risk probably still make their money back in the cost savings associated with on-line business (or in increased rates to the consumer). If not, they'd most certainly stop doing it, right? The public isn't ready to take on that risk. We're demanding less risk for the next generation security infrastructure.
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]