BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

How Banks Are Aiding and Abetting Identity Theft

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 8 Jul 2011 22:00:11 -0400
http://moneyland.time.com/2011/07/08/how-banks-are-aiding-and-abetting-identity-theft/

To an identity thief, somebody else’s Social Security number is money
in the bank. These nine digits unlock a world of phony credit and
create a huge hassle for the poor person who actually holds that
number. “The SSN remains the key that opens your life,” says Ed
Mierzwinski, consumer advocate at U.S.-PIRG. “It’s the easiest way for
a bad guy to pretend to be you.” So why are banks still using SSNs as
a major form of customer identification?

According to a recent study by Javelin Strategy & Research, 70 percent
of the biggest credit card issuers in the U.S. use them in at least
some cases as a way to verify a customer’s identity when he or she
contacts the company. “It’s easy and they haven’t changed their
systems,” says Phil Blanks, the study’s author and head security and
risk analyst at Javelin. “My guess is they’d tell you they’ve done it
this way for years.” Plus, financial institutions collect your Social
Security number when you fill out a credit card application (or open a
bank account), so they already have the numbers on hand.
...

Javelin’s Blank says there’s no good reason for card-issuing banks to
use Social Security numbers as all as a means of authenticating
cardholders’ identity. “There can be out-of-band signaling, where they
might send a text to a preregistered phone number they have with a
temporary code. They can do voice authentication. There are lots of
other ways they could do this,” he says.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: