Identity theft as a service
8 September 2015
By Marcel Wendt, CTO and founder | Dick Dekkers, General Manager , Digidentity
Every day millions of people go online to buy books, check their insurance or handle their taxes. The internet has made our lives more convenient, but also creates threats.
It is estimated that in the UK approximately £3.5 billion is lost every year due to online fraud. Identity fraud provides criminals with £10 million of cash flow every day. More than 40 per cent of all fraud cases in the UK concerned identity fraud.
There are various kinds of breaches.
The simplest one is where a user gives his or her personal details to a fraudster because he or she believes the fraudster is someone familiar – for example, when they receive a phishing email posing as a bank asking them to update their details.
The second kind is the large-scale theft of data where hackers get access to large databases of personal information. They even can buy additional data and tools on the dark web, a hidden part of the internet where fraudsters communicate with each other, to enrich the profiles.
Last but not least, there is fraud related to people just taking on an identity – for example, to obtain government benefits. This type of fraud is mainly committed by organised criminals, is mostly cross-border and accounts for nearly half of all identity theft cases.
Who should protect us from these threats? Government, businesses and the public all have a responsibility to prevent identity theft happening to you. Government should educate people about good online behaviour and create awareness of the dangers of the web.
Businesses should provide services that are convenient, but also secure. We do not need to and should not compromise. The individual should think about how to act in the digital world. What do you share through social media? People share personal data with the whole world. What if someone uses that data and the fraudster becomes you online? Again, some people gather this data and offer this as a service for the real fraudsters.
One of the most-heard statements is that security and convenience do not go hand in hand. With modern day technology it has become much easier to prove someone’s identity, to validate the information shared and to give assurance about a person’s identity. The level of assurance you need before interacting is what is important. How certain do you want to be about the person on the other end of the line? Is that person who they claim to be? The higher the impact of the transaction, the higher the level of assurance should be. As stated before, we do not have to compromise.
There will always be people who are up to no good. It is just a matter of keeping one step ahead of them. We can achieve this if we all work together and are aware of what we do and what the threats are. Educate people about privacy and security and develop and maintain-high quality solutions that can be accessed by anyone. We are all in it together.
- We are all responsible for secure online interaction, with a focus on privacy, the user and security
- Prevention is more important than detection
- You do not need to compromise between security and convenience