Consumers and businesses both have a role to play in preventing ID theft, argues Neil Fisher, vice-president of Global Security Solutions, Unisys.
Peaks in ID theft tend to mirror peaks in consumer spend. So with Christmas in sight, fraudsters are capitalising on every opportunity to enrich themselves by preying on consumers and businesses alike as security is ignored in the rush to buy and sell presents.
According to a recent survey* by shopping comparison site Kelkoo and the Centre for Retail Research, online spend in the UK is forecast to reach £8.9 billion over the holiday period (a 24% increase on last year’s figures). Fraudsters bank on the fact that their targets may be too distracted by the Christmas festivities to notice any unexplained outgoings, at least until it’s too late. And because it’s very difficult to police this sort of under-the-radar crime, the culprits remain unidentified and at large to strike again.
Given that we’re now living in a digital world where information is currency, the Internet is the playground of choice for a new generation of switched on criminals. As we increase our broadband speeds, the potential to do harm, as well as good, will only intensify. The Internet has essentially provided a medium where defrauding unwitting members of the public is much easier while remaining anonymous.
According to the Home Office, fraud costs the UK economy billions of pounds every year and almost everyone has either been or knows someone who has been targeted for ID theft. Given the pervasiveness of the threat, we’re no longer naïve to the dangers of the online world. On the contrary, we’ve actually become very sensitive to the risk of falling victim to ID theft and the financial and emotional repercussions that can ensue. We’re just not confident about how to prevent it.
According to the Unisys Security Index, essentially a barometer of consumer security worries, over 80 per cent of the UK population are nervous about the misuse of their bank card details and 83 per cent worry about unauthorised access to their personal information. In fact young people, who have grown up with the Web, also known in this context as Digital Natives or Generation Y, are particularly anxious. However, there is a world of difference between identifying danger and taking the necessary safety precautions.
Our greatest mistake – and this is the case for consumers and businesses alike – is our unceasing belief that the system will protect us. It won’t. Increasingly sophisticated cyber-criminals operate in the shadows, subverting the very technology we use and trust for their own gain. They rely on our lack of preparedness and caution and our natural trust in technology to prevent these scams occurring. Greater training, education and awareness of the Public is sorely needed, a feature of the US National Cyber Security Strategy. Even the UK Cyber Security Strategy emphasises this pressing need for training but the evidence in the aftermath of the HMRC lost discs and the subsequent data handling review, which called for a radical change in the Civil Service culture, is that few in Government are pursuing the education and training of their staff, let alone the Public.
Unisys has put together ten ways to ‘beat the cheats’ at Christmas, to demonstrate that you can protect yourself and your assets from fraudsters if you take responsibility for your own security. The scams include fake online shopping sites, social networking ruses and account checking cons.
While the tips focus on what individuals can do to protect themselves this Christmas, in the longer term businesses must take the lead, through the wholesale improvement of authentication. It is certainly in their interests to do so, since the creation of a trusted environment in which their customers can confidently transact can only serve to make them an attractive place to do business.
The current security authentication standard of combining “what you know”, (e.g. PINs and passwords) with “what you have” (e.g. debit or credit card) is no longer an adequate defence against ID theft. This will soon be enhanced with the widespread use of biometrics – “something you are” – be that for online transactions or for real world, over the counter, transactions. These biometrics will become more accurate, quicker to use, seamless and transparent to the Public. Already “biometrics on the move”, such as iris recognition from 2-3 metres away, while the subject is still walking, is being used for physical access control.
However, the change won’t happen overnight – the use of biometrics requires investment in new kinds of technologies and sometimes processes – but consumer acceptance of this form of authentication has been steadily rising over the past few years. According to the most recent (October 2009) Unisys Security Index, 56 per cent of Britons would be willing to provide biometric data to retailers and financial institutions to verify their identity. And almost all (95%) would prefer to verify their identity with a fingerprint scan (95%) and eye scan (90%), over a PIN number or password, compared to three quarters of respondents in both categories a year ago.
The appetite for change is clearly there and businesses that lead the way in offering biometrics stand to gain significant competitive advantage, as consumers gravitate towards the safety they provide. Not only would a biometric prove who you are within a more secure and trusted environment, it would force the criminal to be irrevocably linked to only one identity, making him/her easy to trace and the job of fraudulently mimicking others nigh on impossible.
We’ve made significant progress in the last few years in highlighting the dangers of this hyper-connected world, within which we freely exchange information with one another, no matter how sensitive or explosive that information might be in the wrong hands. The term ID theft has now entered our everyday lexicon. The next challenge is to assess how our actions put us at risk of ID theft and then crucially, to act in accordance with that threat. Let’s not give criminals a Happy Holiday at our expense.