Here in the UK things such as ID-theft and bank fraud are “big news.” It feels like almost every day there is a news item about the government or large organisations losing personal data or a scare about how many people are out there stealing our online banking details. While I have a professional interest in people worrying about information security (and will provide a wonderful consultancy service for a discount if you quote WhyDontYou Blog<\/em>) I have to say there is more than a small dose of hype and overkill in this.<\/p>\n

That said, there is a risk and it is only sensible that people are aware of the potential risks and given the correct advice to mitigate against them.<\/p>\n

In the UK at least, the Banks are largely responsible for making good any fraudulent use of an account unless they can prove it was the account owners fault. This is a good thing and while the banks will suffer a bit because of some stupid people, the majority of “innocent” victims are protected.<\/p>\n

Obviously the banks dont like this. They could take measures to improve their banking security or they could take measures that give a superficial improvement but, on the whole, only shift the burden onto the account holder. Not too long ago, in the UK, if you wanted to buy something with a card you had to sign to prove who you were. The shop owner compared this with the signature on the card and verified your ID – if they were in doubt, they could seek additional documentation. Despite what people think, signatures are hard to forge. This method also forced the shop keeper to physically check the card and read the details.<\/p>\n

Despite this, there was still some residual fraudulent activity so the banks changed the process to “Chip and PIN” where you now enter your card into a reader and type in a 4 digit PIN. Wonderful. This is a reasonably secure system but it has a few pitfalls. The most basic is often the shop staff have no contact with the card during the transaction. This means they don’t carry out the basic authentication check of seeing if the person before them is the owner of the card. My wife regularly uses my credit card to shop, because nowhere we go checks that the person in front of them is Mr **** ****** despite it saying that on the front of the card in big letters. This is less important because the 4 digit PIN becomes the safeguard, but basically, it makes it easier to pass of a cloned \/ fraudently created card – 4 numbers are reasonably easy to find out or, if the card is “created” then they are irrelevant. As far as security goes, this is (largely) marking time. But it does the important task of moving the burden away from the bank.<\/p>\n

Share this:<\/h3>
<\/span>Click to share on Twitter (Opens in new window)<\/span><\/a><\/li>
<\/span>Click to share on Facebook (Opens in new window)<\/span><\/a><\/li>
More<\/span><\/a><\/li>
<\/li><\/ul>
<\/span>Click to share on Tumblr (Opens in new window)<\/span><\/a><\/li>
<\/span>Click to share on LinkedIn (Opens in new window)<\/span><\/a><\/li>
<\/li>
<\/span>Click to share on Reddit (Opens in new window)<\/span><\/a><\/li>
<\/li><\/ul><\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"
Here in the UK things such as ID-theft and bank fraud are “big news.” It feels like almost every day there is a news item about the government or large organisations losing personal data or a scare about how many … Continue reading →<\/span><\/a><\/p>\n
Share this:<\/h3>
<\/span>Click to share on Twitter (Opens in new window)<\/span><\/a><\/li>
<\/span>Click to share on Facebook (Opens in new window)<\/span><\/a><\/li>
More<\/span><\/a><\/li>
<\/li><\/ul>
<\/span>Click to share on Tumblr (Opens in new window)<\/span><\/a><\/li>
<\/span>Click to share on LinkedIn (Opens in new window)<\/span><\/a><\/li>
<\/li>
<\/span>Click to share on Reddit (Opens in new window)<\/span><\/a><\/li>
<\/li><\/ul><\/div><\/div><\/div><\/div><\/div>","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[10],"tags":[877,295,25,1982,1361,99,1292,345,4009],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_shortlink":"https:\/\/wp.me\/pnUcF-sA","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/posts\/1772"}],"collection":[{"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/comments?post=1772"}],"version-history":[{"count":1,"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/posts\/1772\/revisions"}],"predecessor-version":[{"id":1773,"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/posts\/1772\/revisions\/1773"}],"wp:attachment":[{"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/media?parent=1772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/categories?post=1772"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.whydontyou.org.uk\/blog\/wp-json\/wp\/v2\/tags?post=1772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}