With the recent Target hacking scare, identity theft has almost become a panic. My goal here is to explain identity theft to myself and my readers so we can avoid it, but also to reveal a surprise side-effect of stopping identity theft. One news commentator pointed out that Europe uses Smart Cards which are more secure against identity theft, and I wondered why we don’t use them in the U.S.? This got me to thinking about the nature of identity theft. To simplify, here are the basics:
Person
Proof of Identity
Financial institution
Transaction system
Business
Thief
Fake Identity
Because we now have electronic transfer of spending instead of money, the goal of a thief is to initiate a financial transaction with a stolen information about your identity. When you deposit money in a bank or get a line of credit from a credit company, those institutions create an identity profile of you. To spend money requires proving your identity at a transaction location.
Our old fashioned credit cards are rather simple. The POS (point of sale) validates the card to see if it’s active. The cashier must accept proof of identity from the person using the card. If you are standing at the Target checkout counter, they will ask for an ID, or if you are buying from Amazon, they will ask for a password. Both are easy to fake. There’s a reason why many credit card thieves first go to gas stations – they don’t require any proof of identity.
Even though the Target hackers stole over a hundred million card numbers and pins, they still have to find businesses that will process transactions without a proof of identity, or create fake credit cards and fake identities. Because they also stole names, addresses, and personal information, PINs, this is a scary possibility.
Proof of Identity
Every person has dozens of identities. Your school or work has a system to identity you. Your bank, credit card companies, insurance companies, health insurer, stock broker, library, utility company, phone company, etc., all have ways to identify you. Even if you stood right in front of each of them, they wouldn’t know you personally. They know you by your proof of identity. Normally this is name, address, phone number, social security number, credit card number, library card number, customer number, etc. Often this is in the form of ID card. All of this information is easily stolen, and easily used by thieves. In the old days, a fake driver’s license and stolen checks or credit cards was all it took to spend someone else’s money. Now it’s just a name, debit card number and pin.
How To Stop Identity Theft
The current methods of protecting identity theft are far from perfect, but they are:
Keep your personal information as secret as possible
Use strong passwords and encourage the use of secondary pass phrases
Use credit cards from companies that have strong security monitoring
Monitor credit rating services
Hire a monitoring service
These efforts fall into two phases. First, keep your information away from identity thieves, and second, stop thieves as quickly as possible when they do steal your identity. What we really want is to stop thieves altogether.
The best way to stop identity theft is absolute proof of identity. This means creating a validation system to prove you are you in any financial transaction, whether in person or online. I don’t believe Smart Cards are the solution. Smart Cards are just credit cards with a computer chip – they make it harder for thieves but not impossible. What we really want is biometric authentication. This is technology that connects authentication to our biological selves – thumb print, voice pattern, retinal scan, face pattern, DNA, and so on. Of course this means revamping our entire financial transactional system. How does Amazon take your thumbprint?
There is new technology that might allow this transformation quicker than we thought – the smart phone. But first some digression.
Let’s say a thumb print and voice pattern becomes the standard of identification. How are they taken, and how are they validated? There are a number of ways. Smart Cards could store your voice and thumb print on a chip, and a POS terminal could take your prints and validate them against the card. That would make things much more secure, but theoretically thieves could print fake Smart Cards with their prints recorded in them with your financial identity. What we want is your credit card company to store a copy of your voice and thumb print, and the have the POS terminal authenticate your prints when you make a transaction. Then we won’t need credit cards at all. Identity will be bodily proof.
The trouble is our current infrastructure isn’t set up for this, so what would be the fastest way to transform our society into one secure from identity thieves? Like I said, smart phones might be the answer.
There are many unique qualities about a smart phone. The phone number, the IP address, the SIM card, the hardware address for the Wi-Fi card, etc. All that’s needed is a way to tie your physical body to the smart phone. Ultimately, in some science fictional future, I believe we’ll have a identity chip implanted in our bodies at birth and all our network connections will recognize us that way. But until that future arrives, I believe smart phones are the answer.
Some smart phones can already do thumb prints, and voice prints can be done in software. Newer phones could be designed to make biometric validation even easier. Think of a smart phone as a genius level Smart Card. To make a financial transaction you’d need your phone and your body. That’s very hard for thieves to steal. Not impossible. A thief holding a gun to your head could make you buy things, give you money at ATMs. But stress detectors might be added to smart phones to tell if a user is under duress. We’re getting very close to foolproof.
Good Side Effects
If such a smart phone authentication system was developed it could have many positive side effects. We’d have one of the best electronic voting systems possible. It would allow for easy political referendums, or extensive public opinion polls. This would change the nature of record keeping for school system, health insurance, all the way down to library cards. Used in schools it would allow for instant testing and grading. The spin-offs are endless.
Of course it would reduce identity theft.
Bad Side Effects
Identity theft is an easy way for thieves to steal from people without meeting them. If we take this away, thieves will have to go back to being more personal about taking our stuff. Switching to a smart phone authentication might increase robberies, muggings and burglaries.
However, the real scary thing about smart phone identity authentication is it creates a global identity card that’s extremely easy to track. Americans have always been against a national ID card, and this system would be that to the nth degree. Since we know the NSA is already tracking our phones, it’s not hard to imagine a whole host of governmental agencies, as well as businesses tracking our every move, communication and transaction.
It would make living off the grid almost impossible. Anyone without a smart phone would have a very difficult time establishing any kind of identity with businesses, hospitals, insurers, libraries, credit agencies, etc. If every policeman had a smart phone that could talk to your smart phone think of the Big Brother angle of that.
Other Solutions
Life on Earth is always evolving, and so does technology. If we wanted, we could invent anonymous electronic spending. Money is slowly disappearing, and with it privacy. You can buy pre-paid credit cards and anonymous dumb phones to maintain your privacy, but that might not last for long. If money disappears how do you buy pre-paid cards? With direct deposit paychecks its now impossible to live without a bank account, and that requires a networkable identity, and thus a way to authenticate that identity.
People might not know it, but we’re on a path to no privacy. For some people that might not matter, for others it matters a great deal.
JWH – 2/11/14
