Is It ID Theft Or Was The Bank Robbed?

from the which-one-seems-more-accurate dept

Via Clay Shirky, comes a very good point from Kevin Marks concerning claims of "identity theft," where he notes that identity theft is not actually an identity being stolen but is usually a bank/credit card company being robbed and passing off the blame for their own poor security on the victim. He point to a brilliant comedy routine by Mitchell and Webb that makes this all pretty clear:
"They took all the money? That sounds more like a bank robbery."
"No, no. If only. 'Cause we could take the hit. No, no. It was actually your identity that was stolen, primarily. It's a massive pisser for you."
"But, it's actually money that's been taken..."
"From you?"
"Kind of."
"I don't know what you want from me other than my commiserations."
"You see it was your identity. They said they were you!"
"And you believed them?"
"Yes, they stole your identity."
"Well, I don't know. I seem to still have my identity, whereas you seem to have lost several thousands of pounds. In light of that, I'm not sure why you think it was my identity that was stolen instead of your money."
The problem isn't "identity theft." It's bad security and verification processes by a financial institution.

Filed Under: identity theft, scams, security

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Josh (profile), 19 Aug 2009 @ 2:09pm


    "It's the typical "I am never to blame" mentality that most people have. You got your information stolen / lifted / copied, that is where the crime(s) started. You are resonsible not to go to and type your information in."

    You (and in the case of this skit, the bank) are automatically assuming that the individual was the one who went to the fake site and entered his/her information in. While that is valid in some instances, it certainly doesn't address all of the ways in which "identity theft" happens.

    How often do we see data breaches involving thousands of people's information stolen through no fault of their own? Maybe the bank's systems were hacked. Maybe it was a retailer (TJ Max, amongst others). Maybe it was a credit processor that no one outside a specialized field has heard of, despite the fact they handle transactions for millions of people every day (Heartland). Any of those situations could allow an attacker to get enough information to open an account in the name of a random person who never had visited a bogus site or entered information on a malware infected machine.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.