The thing is, knowing someone’s bank account details (ie, the account number, the sort code and the person’s address) really should not be useful to a fraudster because there should be some form of 2FA in place. It seems bizarre that I have 2FA to log in to my bank over the Internet but anyone can randomly fill out a direct debit form — as they did in Clarkson’s case — and the bank will accept it. I’m sure there are aspects of bank identity management that I don’t understand and that there are good reasons for running the system in this way, and I’m also sure that as the banks introduce their new SEPA-compliant pan-European direct debit systems there will be new safeguards in place to stop fraudsters in, say, Eastern Europe from setting up direct debits into U.K. bank accounts.
Fortunately, this sort of fraud will soon be a thing of the past because the Prime Minister, Mr. Gordon Brown, said in another newspaper interview yesterday that
Maybe when you go to a supermarket as happens in some parts of the States and Europe you are going to be safer, instead of carrying a credit card which can easily be stolen, in using your biometrics to shop.
I’m not entirely sure what part of Europe he is referring to, but I do know what part of the States he is referring to: Piggly Wiggly. Although he may have benefited from some more up-to-date advice now that PayByTouch has decided to move away from fingerprint payments at POS. But anyway, the Prime Minister goes on to say that
Maybe in relation to banking to use biometrics one way or another or fingerprint biometrics, whatever, whichever basis you might find that you are safer in your banking transaction than if you carried with you a card and a number.
I couldn’t agree more. In other words, if you want to set up a direct debit, then you should have to go to a bank branch and set it up in a secure, attended, location where your fingerprints can be easily verified and I’m sure that most voters will agree.
Hold on a minute. How will biometrics help to stop people pretending to be you and filling out a direct debit form on the Internet? As has been noted here more than once, biometrics may cause more problems than they solve when it comes to online access to banking. Biometrics are helpful in trusted environments: connecting a a fingerprint reader to a PC would deliver a false sense of security and, according to the EU Data Protecton Supervisor, governments might well compromise their citizen’s privacy by rushing to biometric solutions.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]