BreachExchange mailing list archives
How Banks Are Aiding and Abetting Identity Theft
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 8 Jul 2011 22:00:11 -0400
http://moneyland.time.com/2011/07/08/how-banks-are-aiding-and-abetting-identity-theft/ To an identity thief, somebody else’s Social Security number is money in the bank. These nine digits unlock a world of phony credit and create a huge hassle for the poor person who actually holds that number. “The SSN remains the key that opens your life,” says Ed Mierzwinski, consumer advocate at U.S.-PIRG. “It’s the easiest way for a bad guy to pretend to be you.” So why are banks still using SSNs as a major form of customer identification? According to a recent study by Javelin Strategy & Research, 70 percent of the biggest credit card issuers in the U.S. use them in at least some cases as a way to verify a customer’s identity when he or she contacts the company. “It’s easy and they haven’t changed their systems,” says Phil Blanks, the study’s author and head security and risk analyst at Javelin. “My guess is they’d tell you they’ve done it this way for years.” Plus, financial institutions collect your Social Security number when you fill out a credit card application (or open a bank account), so they already have the numbers on hand. ... Javelin’s Blank says there’s no good reason for card-issuing banks to use Social Security numbers as all as a means of authenticating cardholders’ identity. “There can be out-of-band signaling, where they might send a text to a preregistered phone number they have with a temporary code. They can do voice authentication. There are lots of other ways they could do this,” he says. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- How Banks Are Aiding and Abetting Identity Theft Jeffrey Walton (Jul 12)