Monday, July 11, 2005

How to solve the problem of identity theft and mass credit card fraud

Data Theft: How to Fix the Mess - New York Times

Today merchants and card holder are the victims of identity theft and credit card misuse. The banks do very well thank you; they even make money if the card holder doesn't detect the fraudulent transaction. Merchants don't have the resources to deal with this problem -- only the banks can tackle it. They've had solutions in hand for over a decade, but they cost money to implement -- so nothing happens.

This NYT article outlines the obvious solution, championed by Bruce Schneier. Make fraudulent transactions the bank's problem.
What we need right now is someone in power who can put the burden for this problem right where it belongs: on the financial and other institutions who collect this data. Let's face it: by the time even the most vigilant consumer discovers his information has been used fraudulently, it's already too late. 'When people ask me what can the average person do to stop identity theft, I say, 'nothing,' ' said Bruce Schneier, the chief technology officer of Counterpane Internet Security. 'This data is held by third parties and they have no impetus to fix it.'

Mr. Schneier, though, has a solution that is positively Proxmirian in its elegance and simplicity. Most of the bills that have been filed in Congress to deal with identity fraud are filled with specific requirements for banks and other institutions: encrypt this; safeguard that; strengthen this firewall.

Mr. Schneier says forget about all that. Instead, do what Congress did in the 1970's - just put the burden on the financial industry. 'If we're ever going to manage the risks and effects of electronic impersonation,' he wrote recently on CNET (and also in his blog), 'we must concentrate on preventing and detecting fraudulent transactions.' And the only way to do that, he added, is by making the financial institutions liable for fraudulent transactions.

'I think business ingenuity is top notch,' Mr. Schneier said in an interview. 'And I think if you make it their problem, they will solve it.'
Indeed. The banks know what to do, if they start losing billions they'll put their fixes off the shelf.

Update 1/23/2008: A comment pointed out that South Korea has implemented the policy Mr. Schneier recommends. Sure enough, Schneier wrote about that in December 2005.

1 comment:

Anonymous said...

Good point! Check out what the Korean law makers do on this? Exactly, they came up with the same strategy. :-)