0

A report published today by Experian suggests that for many a business we are still living in the dark ages as far as making sure customers are who they say they are. Furthermore, the Electronic Authentication: Breaking the Paper Chain report at least partly blames those businesses for the growth of ID fraud, by relying upon fraud friendly paper documents when far more reliable digital alternatives are readily available.

Looking at the numbers, 71 percent of companies surveyed claimed that ID fraud presented a significant challenge to their business yet half relied heavily on paper for authentication purposes. The break down sees 36 percent of retailers fall into this bracket, 40 percent of telecommunication companies, and most concerning of all an astonishing 70 percent of those in the financial services sector.

On the flip side, 70 percent of consumers argue that it is too easy to forge utility bills and bank statements, while 68 percent find it inconvenient having to provide such paper based documents in the first place. The dissatisfaction being greatest with the younger age groups, nearly a third of those in the 18 to 24 category have either delayed or given up on applying for a new account as a direct result of difficulties in providing the required proof of ID.

Anne Green is a fraud consultant at Experian, and she says that "it's staggering to think that today's businesses are still using paper documents to confirm a person's identity. Take passports for example. They actually date back to the 15th century and were intended for travel, not verifying a person who wants to open a bank account. Companies need to break the paper chain and move with the times. It is the 21st century after all. Businesses need to start using electronic authentication; it's faster, safer and cheaper than paper processes. Unlike relying on paper identity documents, it tracks the key financial events in people's lives, together with their data history, and cross-references them electronically. This means organizations can be confident that the customer really is who they say they are. It's great news for today's consumers as well, as there's no need to send vital documents through the post, which is a major risk."

It is the part of the report that relates to reputation, and how companies perceive publicity regarding ID fraud would effect it, that shocked me the most it has to be said. While 76 percent of customers said they would be unlikely to use a company in the future if it had received such negative publicity over a sensitive data breach, 37 percent of financial services organizations declared it would have no effect on their reputation at all. I am hard pressed to decide if this is ignorance or arrogance, perhaps a mixture of both? Only the telecommunications industry, perhaps due to a generically greater understanding of new technology coupled to a strong customer research culture, proved to be really worried by the reputation risk. 80 percent of telecommunications companies said identity fraud would have a detrimental impact on their reputation.

As Anne Green comments "companies are clearly blind to the negative publicity associated with identity fraud. They are not only playing Russian Roulette with their own exposure to potential fraud but also with their customers'. Losing customers' trust can do significant and often irreparable damage to brand value. Customers have opened their eyes to the dangers of identity fraud; it is time that businesses came out of the dark ages, woke up and did the same."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

4
Contributors
5
Replies
6
Views
10 Years
Discussion Span
Last Post by TaoistTotty
0

If all kinds of electronic gadgetry hadn't become so pervasive, with passwords and other identity checks that are easily fooled (or easy to trick people into giving away) the problem would be far less severe than it is.

Quite in contrast to what that (no doubt selfserving) "study" shows, having paper documentation to prove someone's identity is far preferred than just going on some easily hijacked and hacked electronic trail.

The day I can walk into a bank and announce my identity solely by giving a number or codeword is the day that all security as to peoples' identity is gone.
Yet that's exactly what most "security" comes down to when we're talking about e-commerce and other electronic communications.

Having good biometrics scanners somewhat reduces the risk, but still leaves the transaction open to a man in the middle attack as any interested party with the right equipment can monitor and record the data flowing between parties and later retransmit it at leasure, appearing for all to see to be one of the original parties.

That's pretty hard to do when meetings are face to face and identity is established using printed documents on special paper, potentially accompanied by those same biometrics.

0

The other question in only having electronic information would be not data theft, but the ability to enter the system and change peoples life's.

You did not get married, have that child, that mortgage etc.

What would you have to prove this was wrong - paper!

0

I have been in a situation where due to human error a massive error was made that almost lead to someone ending up in court, because no one check the computer records against the paper ones.

I do not mean that just the paper records must be relied upon, but why not both? It would be interesting to see how many differences are found between the paper and electronic versions.

Sandra Bullock in The Net was great.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.