Re-posted from archive of infinite ideas machine 2004: [LINKS UNCHECKED]
Just when the banks would have you think that Chip’n’PIN was going to save your bacon…
Market analyst Datamonitor warns “that as it became more difficult for fraudsters to commit card fraud, they [are] likely to turn their attention to identity theft.”
BUT as card-not-present fraud is one of the most common forms of fraud in the UK, how do they expect new cards of any type to tackle this? Remember, Chip’n’PIN is not primarily about fraud at all – it’s about liability shift: from the banks to the retailers, and thence to you…
The banks have done a lot of successful and quite sensible stuff to combat fraud, including the use of AI pattern-detection to identify unusual transactions. Following up on these automated alerts with a phonecall to the account holder (I’ve had a couple myself) makes for pretty good two-way ‘authentication’ of the transactions: “We think you’ve just bought something expensive in France”, “I have, I’m on holiday there”, “OK, have a good time” vs. “We see you’ve bought something expensive in Turkey”, “Turkey?! I’ve never even been there”, “Aha – we’ll stop the transaction, then, and issue you a new card”.
In many ways, the Home Office will actually be playing into the hands of the identity thieves by bringing in ID cards ‘hot on the heels’ of chip’n’PIN – providing the professional criminals with an ideal opportunity to accumulate multiple identities before their *real* owners even come to register!
Why is it that neither the banks NOR government in this country are looking seriously at Digital Certificate-based identity schemes? Is it because DCs don’t pretend to be anything other than what they are – i.e. an identity token – and the powers that be are (a) too dumb to realise that this is all that any ID technology can *really* offer (i.e. a more or less secure/costly token), or (b) motivated by agendas other than those that they promote – e.g. reducing fraud liability to increase shareholder value rather than preventing fraud (and thereby saving us, the customer, money) for the banks, and being able to digitally surveil the entire population and being seen to be doing something about some intractable social problems rather than actually preventing anything for the government?
You decide.