Web Design Brisbane - Raycon Web Design Brisbane - Raycon

Articles

View full article list

Identity Theft

Mark Edwards
28-09-2003

This week our special edition covered the poor security of client data by a company providing email list management services. This story generated some very interesting responses especially about the issues we raised of possible identity theft.



The list manager allowed you easy access to their database including the full name of the client, their accountant and accounting firm for example. Their system also offered a simple means to pose as that client to the list owner (the accountant for instance). I outlined a simple fraud by which you could potentially obtain the tax returns of many accounting clients and use that to commit identity theft.



One of our responses was from a reader to whose partner this exact scenario happened several years ago. A tax return was fraudulently obtained by unknown means then used to apply for multiple credit cards. The result was a wrecked credit rating and a $50,000 debt. The victim's toughest task was to get the financial institutions to believe that identity theft had ocurred at all! It took exposure on a national current affairs programme to fix matters after fighting it for three years by other legal means.



The most disturbing thing about this to me is that if you steal using someone elses identity, your first line of defense is the innocent victim. They have to first get themselves in the clear before anyone even begins to look for you! This must make identity theft a pretty attractive crime.



Today I received an another credit card application. Like me you probably receive them regularly. Next time you get one, have a look at the minimal amount of data required to apply for a card. Looking at this in the light of our recent story is frightening. This is the reason why the best protection for your privacy is a paper shredder.



Another respondent to our story said that we were undermining public faith in the security of website databases and that PC security was far more lax. Whilst I agree that PC security is far more lax, the issue here is that people trust their accountant, their lawyer and their financial planner. They trust them with the most sensitive of their data. Any data service these professionals use should impose the same high standards of care and security.



In this case the company chosen did not warrant that level of trust. Our point is that if you take on this level of responsibility you have a duty of care to your clients to provide adequate security. If you are not competent to do so then you should not represent that you can. It should not be left to honest users of your system to find security holes and let you know.



That's enough from me this week, I am off to the shredder.

View full article list