Federal prosecutors have charged 11 people with stealing more than 41 million credit and debit card numbers, cracking what officials said on Tuesday appeared to be the largest hacking and identity theft ring ever exposed.[From 11 Charged in Theft of 41 Million Card Numbers – NYTimes.com]
Judging by the ever escalating figures for credit card fraud, however, plenty of others are still getting away with it. Are the figures telling us something very specific about authentication: that online PINs and passwords are not only not a particularly good authentication mechanism but may actually make matters worse? The prosecutors allege that the criminals stole card details and PINs as they were passing (apparently unencrypted) over wireless networks and then used the fake card to details to manufacture cards and then used the PINs with the cards to withdraw cash from ATMs. No PINs, no cash out of the ATM.
As far as anyone can tell, identity theft (as opposed to credit card fraud) is actually going down. The dynamics of this, I suppose, are that in a new environment people are initially very vulnerable to scams of many kinds, but over time they begin to wise up. In fact, they seemed to have wised up fairly quickly…
The number of identity fraud victims has decreased for the fifth year in a row, according to the 2008 Identity Fraud Survey Report conducted by Javelin.[From Javelin Strategy and Research » Hacking case shows companies’, consumers’ vulnerability]
Both bank and their customers are making steady progress (which is not to say that there’s isn’t room for considerable improvement). The fraudsters are getting smarter and targeting their attacks, but presumably it’s getting steadily more difficult to persuade the average U.K. interweb junkie that you are the widow of former Nigerian strongman Sani Abacha, simply because of increased awareness and not because of any technology solution.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto