Identity Theft: It's The Transaction, Not The Authentication That's The Issue
from the breaking-down-the-problem dept
Bruce Schneier is continuing on earlier points he’s made about problems with authentication methods, by breaking down identity theft and noting that it’s really two different issues: impersonation and fraudulent transactions. Almost all of the ideas on how to deal with identity theft focus on stopping the first part, the impersonation, instead of the second part, the transaction. Schneier claims this is backwards — and notes that it’s almost the exact opposite of the way the credit card industry works. Of course, the response would be that if you can properly authenticate the person, then it does make it more difficult to even get to the fraudulent transaction. On top of that, despite Schneier’s claims that the credit card industry is in good shape, plenty of identity theft does involve fraudulent credit card transactions. Either way, the points do make some sense, and it’s important to clearly break down the real problems involved, instead of just letting a bunch of politicians come up with some law that they claim solves the problem — when it’s clear they barely understand the problem at all.