[Dave Birch] Identity theft is a pretty sensitive issue, especially when the identity of children is the issue. So when a hospital laptop containing information on about 11,000 young children is stolen you expect a bit of a fuss. Similarly, when a bank customer adviser was jailed for four years for helping identity thieves steal £2.3 million from accounts, the newspapers were bound to report it. In this latter case, apparently, the BBC’s former world affairs correspondent Rageh Omar had a narrow escape when a telephone caller posing as him, and armed with confidential information, tried to access his Barclays account. The caller was thwarted by a suspicious branch manager (not, you might note, by a neural network or strong authentication. When your personal data is stolen and passed to thieves by government employees who are supposed to be working for you, you’re bound to be upset. Of course, if you put your own personal information up on MySpace, Bebo and Facebook then you’ve only got yourself to blame.

Technorati Tags: , , ,

I’ve just been making some notes about the difference between “newspaper threats” and actual threats to a payment system because of some risk analysis work, and it reminded me that our perspectives on fraud are naturally framed by those kinds of stories, which I just randomly pulled up from the last couple of months. But there are major differences between consumer perception and actual reality. Test your knowledge with this true/false quiz that I found a while back on the DGC Blog. As a taster…

The first question and answer are: the popular belief is…….
(1) Most fraud occurs due to data breaches or Internet usage? T/F
(a) False. Traditional crimes are most common. Data breaches account for 3% of known-cause fraud, Internet 16% (from 12% in ’06).

Let’s not get carried away with a focus on identity theft as the crime of the new era. People still rob banks with shotguns (amazingly: I guess they don’t realise how much more they could steal simply getting a job at the bank).

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

3 comments

  1. I agree that most payment fraud still comes from other channels.
    But, I would say that phishing and related is the first major and pervasive threat to value that comes from the digital world. It’s the one that we invented, it’s the one that belongs to us at each phase of the operation.
    If we have any responsibility in the game, it should be to clean up our own area first.

  2. In looking at the emergence of threats, and the emergence of responses to those threats, I also saw this disjointedness between the perception and the reality.
    To deal with this, I suggest a “validated threat” test. There are many threats, but how many are validated? Which is to say, for each threat, do we have enough information to plausibly include it in our security responses? I propose a three part test:
    * clear
    * present
    * dangerous
    https://financialcryptography.com/mt/archives/000751.html

  3. “But, I would say that phishing and related is the first major and pervasive threat to value that comes from the digital world. It’s the one that we invented, it’s the one that belongs to us at each phase of the operation.”
    Incisive point, well made.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: