The largest problem with identity theft is CREDIT. The credit bureaus started using our social security numbers, as did banks, hospitals, school system, etc. etc. It was all based on the premise that only we would know our own SSNs and the associated name. Obviously in the information age that is no longer true. So our method of determining the credit worthiness of a person we don't know hinges entirely on an invalid premise, that the SSN + Name is a way to establish positive identification and authentication.
The solution is relatively simple. Publish everybodies SSN and Name simultaneously. Doing so will force banks, credit bureaus, hospitals, and even the government to find another means for authenticating the identity of the person. No longer will it be assumed that just because you have the SSN that the information is reliable. It will make it worthless to have an SSN and a name. So what would be the new way to positively identify someone?
Maybe that method will be through some biometrics. DNA markers, fingerprints, retinal scans. Maybe it'll be through signatures. I had a program on my Palm PDA (Sony Clie actually) that required me to sign my signature. I'm not sure how they did it, but even when somebody else tried to copy my signature from something I had written down, they still could not get in. I suspect it used timing in that it only authenticated if I signed my signature at the same rate. It was also amazingly forgiving. Sometimes my signature wasn't very good and it still let me get in. But I challenged lots of people to try to break in and nobody was able to. So maybe something as simple as that. There are issues to consider, as somebody could have a stroke, or lose an eye, lose their hand, etc. That's why DNA becomes so appealing, since you will always have it and you will generally know if somebody tries to steal it. As a side bonus, it'll stop people from spitting on you since that would risk identity theft. LOL!
The security my bank USED to have (so sad they got rid of it) was a device with a number that changed every 30 seconds. You had to know your PIN and enter the number from that device. Thus the security was two-fold -- something you know, and something you have. But the device can easily be stolen. If you did a DNA spit test, you could do something you HAVE and combine that with a PIN # (something you KNOW) and voila, you've just eliminated almost all identity theft.
The holdback right now is that DNA testing takes time. But if the marketplace is demanding something right here right now that has to give DNA results accurately (at least to the 1 in 100,000 level) then you can be sure the current test providers will find a way to reduce that positive identification timeframe.
You wouldn't need to do a spit test for everything. You'd need it for major identifications. For instance, you apply for credit, you'll need a spit test / PIN # to identify which credit information is used. But once you've got the credit card, everyday purchases using the card would not require the spit test.
This also requires giving up some level of privacy, as a national database would need to be tapped into for validating this information. A one way hash to prevent the PIN # from being reverse engineered.
Alternatives would include having a chip ID placed into our bodies for positive ID. Between the two, I'd choose the spit test.
I'm sure eventually the thieves would be able to come up with some way of obtaining what you know and a piece of you...but if it is too hard and too costly, it would have to have a huge payoff to make it worthwhile. Certainly it would be more than the cost of an SSN, which is worth less than $1 on the black market.
This does amount to a certain level of privacy being given up. But privacy is another topic for another day.
No comments:
Post a Comment