Is It ID Theft Or Was The Bank Robbed?

from the which-one-seems-more-accurate dept

Via Clay Shirky, comes a very good point from Kevin Marks concerning claims of "identity theft," where he notes that identity theft is not actually an identity being stolen but is usually a bank/credit card company being robbed and passing off the blame for their own poor security on the victim. He point to a brilliant comedy routine by Mitchell and Webb that makes this all pretty clear:
"They took all the money? That sounds more like a bank robbery."
"No, no. If only. 'Cause we could take the hit. No, no. It was actually your identity that was stolen, primarily. It's a massive pisser for you."
"But, it's actually money that's been taken..."
"From you?"
"Kind of."
"I don't know what you want from me other than my commiserations."
"You see it was your identity. They said they were you!"
"And you believed them?"
"Yes, they stole your identity."
"Well, I don't know. I seem to still have my identity, whereas you seem to have lost several thousands of pounds. In light of that, I'm not sure why you think it was my identity that was stolen instead of your money."
The problem isn't "identity theft." It's bad security and verification processes by a financial institution.

Filed Under: identity theft, scams, security

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Gregory, 19 Aug 2009 @ 7:27pm

    Banking security

    A lot of work has gone into information security; you can read up Bruce Schneier for a fairly comprehensive look at how you can become as secure as your needs go - but there is always a tradeoff between security and convenience.

    I guess I'm one of those who got suckered by that very phrase 'ID theft' - you're right, I still have my identity, it's just that someone else has been masquerading as myself.

    HSBC, amongst others, employs true security by using multi-factor authentication. You get a 'football' similar to the one PayPal and Verisign use, where you input one-use numeric codes to gain access to the account, and to do 'risky' transactions. A local bank of mine sends that code via SMS to my mobile phone, which is another form of multi-factor authentication (assuming my SIM didn't get cloned).

    Any bank trying to do anything else is not employing true security, and should be castigated from the highest places.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.