Re: Identity Theft: Big Enough to Steal Lawmakers' Attention

By Adam Karlin, Contributor to The Christian Science Monitor

> BOSTON - Sandra Pochapin learned a few key lessons from her ordeal > with identity theft. Among them: Check the mail early. > Had she done so, she may have gotten the replacement credit card in > her mailbox. Instead, a thief lifted the card and took it on a $1,200 > shopping spree at Lord & Taylor. > Ms. Pochapin eventually recouped her money, but the incident haunted > her for months afterward, as the criminal opened other new accounts in > her name. > She recalls a Macy's representative calling to ask about a $2,400 bill > on her new store card. "I asked them, 'How could you open an account > in my name if I already have an account there?' " said Pochapin, > testifying recently in front of the Massachusetts state legislature. > Experiences of people like Pochapin, and break-ins at large databases > that hold Americans' most sensitive personal information, have grown > severe enough in recent months to prompt a new wave of protective > legislation by lawmakers at the state and federal level. > The bills are designed to address various aspects of the threat, but, > as identity thieves find new ways to ply their trade, the efforts > represent a daunting race against crime. > Credit-freeze laws growing

Credit freeze is one thing. But if the legislators really looked at the true causes of identity theft they'd have to point the blame squarely at the feet of the banking industry.

For example, as mentioned in a prior posting here on c.d.t if ATM's simply read the second track of a car and used challenge-response you could kill off most replicant identity theft.

But as I'm lead to believe, even the PIN is challenge-response. So that means the procedure for encoding the PIN on a card has been exploited.

But banks don't want you to know that your money isn't as safe as you think it is. For example, ever write a check to someone? They could empty your account just by knowing the routing and account number on the check using a demand draft. It's a bit more risky but completely within the realm of the probable.

So don't expect an immediate answer to the problem. First off, it would require a rehash of procedures to identify any vulnerabilities. Then it would require a replacement of the infrastructure that is already out there.

It isn't going to happen anytime soon.

Reply to
Tony P.
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.