Identity - start by helping yourself ……

Whilst we all mull over the results of the General Election held on May 6th here in the UK, a time to ponder some other topics. It seems that it will be a while before there is any clear indication on future policy and on departmental responsibilities and it may now be likely that there will be some form of coalition. If there is not then we may well be in for a period of minority government and the likelihood of another election in the coming months. If that is the case I will suggest Thursday October 21st as a suitable day.

That is, of course, Trafalgar Day, so a suitable day to decide the future path of the coun try. Remember, you saw that date here first!

But, to a different topic. The Crusher finds an opportunity from time to time to consider things away from the normal run of regulation and legal development. Now seems as good a time as any to do that.

A few weeks ago The Crusher updated links to online credit cart transactions. As part of the update, the bank offered a higher level of security and the availability of software to monitor access to banking accounts and to advise of any potential threats to personal security. All good stuff and good to see that the bank are taking steps to help customers with their online transactions. The latest applications now run alongside the standard anti-virus, anti-spyware, firewall and other tools - all of which should be part of the standard set-up for any online user.

The Crusher is only too well aware of the potential problems. At the beginning of this year one of our financial service suppliers advised that they had detected an unusual transaction for a fairly large sum. They asked if an online order had been placed with a US based supplier. Apparently the order had already been declined as it was outside the normal pattern and had been flagged as potentially suspicious by security software - the call confirmed the status and no payment was authorised.

Of course, the result of this was immediate cancellation of the account and a new card. Interesting to speculate on how the card number came to be used. Maybe it was collected from the home PC (unlikely to be honest), maybe from a remote merchant or maybe it was randonly generated. Whatever the source, the security and anti-fraud systems at the bank kicked in and spotted and blocked an unusual transaction.

Online fraud and identity theft is an increaqsing problem. The card issuers in the UK have attempted to tackle problems here by issuing ‘chip and PIN’ cards. If a card is used and the correct PIN is inserted then the transaction is verified and payment authorised. If a card is used for an online transaction then there are a series of checks to ensure that the card is being used correctly - entering exact name, registration address, card verification code (the last three digits on the reverse), start and expiry date etc. And then there are the further security steps using ‘Verified by Visa,’ 3D Secure etc. where the card owner is asked to insert a password or a selection from a pass-phrase to validate the purchase. All godd stuff - but it is clear that the move to ‘chip and PIN’ has made life more difficult for criminals and that there is now an increasing in online fraud.

Identity theft is now a recognised problem, much publicised in the press and by financial service providers with strong advice to users. It really is not a good idea to store details of the PIN in the same location as the card! Shred unwanted documents and store statements and others in secure locations. Most people will recognise the actions and will be taking steps - and are rightly aggrieved with the loss of personal data by large organisations including Government Departments and others.

But - prevention of identity theft must start at home. As alreadysuggested, make sure that there are firewalls, anti-virus, anti-spyware in place and that operating systems are fully patched and up-to-date. Those are all the obvious and technical things. But it is the warmware that is likely to be the weakest link - not the software or the hardware.

Warmware is, of course, the user. So why is that that The Crusher is writing about this right now? Well, again it is down to personal experience.

Last week my mobile phone broke - well, it was the tiny pin within the charging connection of the Nokia phone. Once that broke it was impossible to charge the battery so only a short time before the phone became completely u/s. It probably could be repaired but it is now a few years old and there were other faults as well. So, time to get a new one. Or, at least, new to me. Relatively new mobile phones can be picked up quite easily online, eBay and other sources can offer deals at well below the prices of high street suppliers.

So, a search for a new phone, an order and a delivery. Very rapid delivery and far faster than it would have taken to have got the old one repaired. More up to date model to with lots of new gizmos to play with!

OK, steps to update. Connect old phone to PC and download all contact details and stored messages etc. Now connect the new one ready to sync the details.

Ah ha - the new phone has a lot of data in it. Download all the contents to the PC to edit. Now what do I have - all the previous owners contacts, family, friends, work related etc. Music tracks, some data, some video and more.

Of course, I have now taken steps to erase all the data, both from the phone and from my PC. But, in this world of identity theft it really is a little worrying to see what someone, probably wholly inadvertently, has left for someone else to discover.

Now, I no longer have the data but I coud very easily have built up a profile of the user. That would have included their home location(it’s in the Midlands), the location of family members (parents, parents-in-law, brothers and sisters and others), exact work location (try Googling a business phone number), names of work colleagues etc. I know who the previous owner is likely to bank with, likely hobbies and interests and that they are likely to be concerned over crime or anti-social behaviour in their area.

This sort of information would be an absolute gold-mine for a criminal. It is clearly so easy to overlook but a potential warning for us all.

If you are going to dispose of any item that may have personal or other important data on it then do take steps to either thoroughly delete the data or to destroy the device before disposal. The Crusher knows of one person who took a 12-bore shotgun to a hard drive, another who used a lump hammer and an electric drill to break up the device. You really cannot be too careful!