[Dave Birch] What is it with Britain? Digital or otherwise our degraded realm is an international identity scandal. Europe’s no.1 exporters of payment card fraud, we are apparently now the world’s worst for identity theft overall.
INTERNET users in Britain are more likely to fall victim to identity theft than their peers elsewhere in Europe and North America. In a recent survey of 6,000 online shoppers in six countries by PayPal and Ipsos Research, 14% of respondents in Britain said that they have had their identities stolen online, compared with only 3% in Germany.
[From Where your identity is more likely to be stolen | Online fraud | The Economist]
There may be a correlation here between “identity theft” and “card-not-present fraud” (Germans rarely use credit cards, least of all on the interweb), but we’ll return to that in a future discussion. Now, these statistics don’t, I think, mean the Brits are more criminally inclined. After all, fraud is an international business.
The criminals stored much of their data on computer servers in Latvia and Ukraine, and purchased blank debit and credit cards from confederates in China, which they imprinted with some of the stolen numbers for use in cash machines, investigators say.
[From Global Trail of an Online Crime Ring – NYTimes.com]
It’s more likely that Britain is a soft touch: high card penetration and use, lots of internet shopping and other factors that lead to identity theft on an industrial scale. But where does this tidal wave of fraud actually originate? I read in The Telegraph that the top 10 identity theft hotspots in the UK are all in south east England. There’s an area of white collar fraud between London, Reading and that well-known criminal outpost, Guildford. Odd. In the top 10, only St. Albans falls outside of this theft triangle. Yet the government is going to test ID cards in Manchester… Well, as well all know, ID cards won’t have the slightest impact on identity theft for at least the next decade.
ID cards have been touted as the solution to a number of real problems – terrorism, crime and so on – though none of their supporters can ever explain how having an ID card stops a mugger or suicide bomber. But they began as the answer to a classic fake problem, still routinely cited by ministers, the need to “secure our identities” against “identity theft”.
[From The ID card is on its last legs – just let it die with dignity | News]
Now, I wouldn’t call identity theft a “fake problem”. On the contrary, it’s a very real problem. But what is generally meant by identity theft, certainly in the Guildford triangle, is largely to do with payment card fraud (which is rampant in the UK) and account takeover. These are specific problems, not general identity problems. Until retailers demand that you present an ID card when you buy anything, or somehow allow them to read your identity card over the interweb, nothing much will change. Fortunately, someone is thinking this through: the UK ID card scheme may well use chip and PIN technology so that it can be accepted at retail POS. Lots of newspapers reported this, so I’ll choose to point to the report in that august journal of record from my home town, Swindon (or, “Swindon, city of the future”, as have generally called since 4th July 1995):
ID cards could be fitted with chip and pin technology to help combat identity fraud. The head of the Government agency tasked with producing the cards said there were no “technical obstacles” to adding chips to the cards and handing out pin numbers.
[From ID cards ‘could use chip and pin’ (From Swindon Advertiser)]
I rather imagined that the cards already had chips on them, but putting that to one side, the idea of making ID cards work in chip and PIN terminals isn’t totally infeasible, although I’m not completely clear as why you would want to do this. I suppose the thinking is that the shops already have the terminals. But if you are asked to put your ID card into a terminal and punch in your PIN, wouldn’t you then get annoyed at having to take it back out again, then put your chip and PIN card in and then punch in another PIN? Why not just link your bank account to your ID card?