Fight identity theft

Would your customers be willing to submit to a fingerprint or iris scan? Unisys's general manager Andrew Barkla reveals Australian's changing attitude to biometrics as identity theft becomes a growing problem.

People today have a greater appetite for security than ever before. They expect, even demand, security and protection in many more aspects of their lives. But it takes the combined effort of governments, organisations and individuals to provide the most effective protection of personal data.

In August, the US Department of Justice began prosecuting its largest ever identity theft case when 11 people were charged with the theft and sale of more than 40 million credit and debit card numbers after hacking into the computers of nine major US retailers. The sheer scale of the crime is a timely reminder that the risk of identity theft and financial fraud remain ever present, and we need to be vigilant if we are to protect ourselves against it. 

Australians are well aware of the issue. The Unisys Security Index is Australia's only regular snapshot of public perceptions towards security. The index, run in Australia since June 2006 and now conducted in 14 countries worldwide, has consistently found that Australians are more concerned about unauthorised access to - or misuse of - personal information and other people obtaining and/or using their credit or debit card details than about any other security issue.

But protecting personal information takes more than being simply aware of the issue.  Responsibility rests not just with us as individuals, but also the organisations we deal with. And legislation also has a vital role to play, as is seen in the current review of the privacy law here in Australia.

Protecting privacy

The fight needs to be fought on many fronts - and we need to work together in this.

As consumers and community members, we want, and expect, our private data to be protected by our government and the organisations that we deal with. In today's fast paced, web-connected and mobile environment, the challenges to the security of that data are becoming much more complex.  For public and private sector organisations, this means that issues of privacy, confidence and trust are becoming critical operational issues.

Not surprisingly, organisations such as banks, health providers and social service agencies are beginning to introduce more stringent methods to verify our identity, and new technology is a key part of that. Protecting your personal information with a simple PIN number (or "something you know") is no longer enough as it is now too easy to find information like birthdate, address and mother's maiden name when we freely post them on social networking sites like Facebook and MySpace.

Additional security can be provided by combining "something you know" with "something you have" (such as a bank-issued smartcard) as another level of protection for consumers against identity fraud. Since the introduction of chip and PIN card technology in the UK, bank card fraud losses have fallen by nearly œ80m since 2006. 

Unique protection

In some instances, where even greater assurance of identity is required, organisations are seeking even better protection by means of another layer, "something you are". Biometrics is the use of technology to prove identity using biological identifiers, such as the patterns in your fingerprint, iris, voice or even the veins of your hand, that are unique to each individual.

The Unisys Security Index has shown that 98% of Australians would be happy to use one or more techniques, such as photographs and fingerprint scans, to prove their identity.

Government and, increasingly, commercial organisations are beginning to realise the value biometrics provide in a contemporary security strategy. Moreover, the community is beginning to appreciate that such initiatives provide greater privacy, improve security and offer convenience. The ability to build consumer confidence and trust is an additional benefit of biometrics and identity-based measures that are beginning to be realised.

Identity credentialing is, of course, about people. Biometric and other identity-based measures are one of the more visible approaches organisations can take to reassure customers that their personal information is protected. 

However, if people are to embrace new security measures they need to be informed about how they work and what they are designed to achieve. Why is a fingerprint being taken?  Where will their photograph be stored? Having this knowledge helps build trust and confidence in the organisations that we deal with. People are then more likely to willingly do some things they might not have once done, forgoing some degree of privacy, such as providing a fingerprint or voice recording, for better protection.     

A survey of Australian retail bank customers, conducted on behalf of Unisys, found that 91% of respondents would welcome more biometric technologies to protect their identity and transactions. Consumers recognise the role biometrics and other technology-enabled identity verification techniques can play in ensuring their personal information and assets are secure.

Organisations that adopt these technologies and make their security measures transparent will take the lead in creating trust and confidence among their customers and achieve the biggest prize of all - loyalty.

Today's security landscape is global and these issues need to be addressed beyond national borders. In 2007, the global Centre for Ethical Identity Assurance (CEIA) was created - an alliance of industry, government and academia -  was created to establish consistent, global practices for identity assurance. Key among CEIA's initiatives is the development of a draft Consumer Bill of Rights to protect personal information and safeguard against identity fraud.

This highlights that, if the benefits of any security initiative are to be fully realised, there needs to be ongoing dialogue with customers, wherever they may be located. Knowing what is being implemented and why, and what standards of privacy protection it will deliver are essential in building confidence and trust.

Individual responsibility

However, the individual must be part of any identity theft solution and privacy protection - we are all responsible for the protection of our own information and data. 

The December 2007 Unisys Security Index found that 83% of Australians are very uncomfortable providing personal information on online sites like MySpace, FaceBook and RSVP. They are almost as uncomfortable providing personal information online as they would be to someone they met on a bus or train.

However, the study also found that significant numbers of Australians are willing to share information that way. Nearly six out of 10 said they are comfortable providing their age, about half are comfortable providing their religious views and half are comfortable providing their relationship status. One in five say they never destroy bank or credit card statements before throwing them in the garbage, one in four say that they never read privacy policies and almost one in three use an easy to remember figure, eg, their birth date, as a PIN.

The best protective measures can fall short if people do not take even the simplest steps to protect themselves. For organisations and individuals, education and awareness will remain critical for winning the battle against ID theft on all fronts.

--------------------------------------------------------------------------------

Identity protection tips

Some of the best ways to protect yourself from ID theft and financial fraud are also the simplest:

  • Always read and check your credit card and bank statements
  • Make sure that you can account for any expense on your credit card or bank statement, no matter how minor
  • Regularly check your credit history report; it's a simple way to catch financial fraud in its infancy
  • By regularly requesting an updated credit report you can identify unauthorized activity undertaken in your name as early as possible
  • Destroy sensitive documents
  • ID theft and financial fraud often begins in the garbage. Paper statements provide thieves with your address, accounts and bank balances. Instead of paper statements, opt for electronic statements
  • Lock your mail box. Stolen mail remains one of the most prevalent means by which identity theft occurs
  • Make a note of when credit card bills, bank statements, mortgage loans and other important financial correspondences normally arrives, and check with your financial institution if you don't receive them
  • Always know who you are giving information to
  • Always insist on identity verification from people seeking your personal information
  • Be aware that ID thieves often gain important personal information from victims over the phone or internet

 More features