Tag: Identity theft

How To End Identity Theft

by James Wallace Harris, 3/31/24

The reason we have identity theft is it’s easy to pretend to be someone else with just a credit card number, a password, and a bit of trickery. Because we no longer buy most of what we buy in person, sellers must accept tokens to prove who we are, and it’s easy for others to steal our tokens. We call it identity theft because thieves pretend to be us by using our tokens.

In the old days we had to show up in person to buy what we wanted. The seller was only concerned with the validity of the money. Their concern was counterfeit money, not counterfeit people. Credit cards introduced two problems. They could represent fake money from fake people. That was when the credit card only made an impression on a piece of paper. With electronic validation of funds sellers knew they could get their money, but they couldn’t prove from whom. This was the beginning of modern identity theft.

Thieves had to physically pretend to be someone else when buying in person, but the merchants’ requirements for proving identity weren’t hard to forge. It became even easier on the internet.

To stop identity theft will require perfect identification of a person. And we can’t reply on driver’s licenses, photo IDs, passwords, electronic keys, or other kinds of proofs of identity that can be forged. We need to prove the person is exactly who they are.

Can you prove who you say you are? Even if you had a birth certificate and every piece of printed identity you acquired over your whole lifetime, can you really prove who you are? Who are we really? Identity is an abstract concept. We need to make it physical.

Our bodies are who we are. We can give it any number, password, or electronic key to point to that body, but that won’t stop identity theft.

What the government needs to do is establish identity by having a person visit an agency that establishes physical identity. They record your face, voice, fingerprints, palm print, eye print, DNA, etc. and enter that into a database. Then whenever you need to prove your identity, either in person or online, those identifiers need to be measured again and the results compared to the database.

When validating your identity, it will be vital that no recordings of those biometric factors will be allowed. What’s needed is a machine that sends information back to the database in real time. The database needs to be able to connect to the validation machine and know it’s receiving live data only.

Imagine buying something at a store or at home. You’d have to have an identity validation device. It will include a video camera and a bunch of biometric sensors. You use the device to measure who you are. Since all transactions will also be recorded, I can’t imagine many thieves even wanting themselves measured so closely.

Our phones can do face and fingerprint identification, and it would probably be easy to add voice and eye print recognition. But phones compare input from sensors to previously stored recorded data on the phone. That’s not good enough. The recorded data of your physical identity needs to be in a national identity bank that’s guarded better than banks for money.

The national identity bank needs to be able to take control of remote sensors and verify live input against your recorded identity in the identity bank. If thieves somehow stole recordings of all your biometrics they could pretend to be you, so the key is to create identity recognition machines that can’t input recorded data and prove the data its sending back to the national identity bank is from live sensors.

Think of it this way. The old saying, “Seeing is proof.” That essentially meant you had to see with your own sensors (eyes) to believe. The identity bank will have billions of eyes that work in real time.

Of course, if such an identity system were created it would solve all kinds of problems, but it would also create others. For spending money, voting, buying airline tickets, going through customs, or doing anything where identity is crucial it would be a plus. But for people who want to stay anonymous, or not be tracked, or fool the system, or be somewhere illegally, it will be a negative. In a police state, with universal security cameras and AIs, such a national identity bank will be absolute power that corrupts absolutely.

But aren’t we moving towards such a system anyway? We’re required to get RealID driver licenses. Security cameras are becoming as universal as cockroaches. As we add more biometric sensors to our devices, merchants are bound to start using them. Banks and credit card companies are going to get tired of being responsible for refunding stolen money. They will demand more identity recognition tools. If banks and credit card companies didn’t refund stolen money and we had to cover our own losses, we’d start demanding them too.

I’m not sure we can avoid this future because most people will want it. My guess, is most people favor security over privacy.

JWH

Understanding Identity Theft-And the Scary Implications of Stopping It

With the recent Target hacking scare, identity theft has almost become a panic.  My goal here is to explain identity theft to myself and my readers so we can avoid it, but also to reveal a surprise side-effect of stopping identity theft.  One news commentator pointed out that Europe uses Smart Cards which are more secure against identity theft, and I wondered why we don’t use them in the U.S.?  This got me to thinking about the nature of identity theft.  To simplify, here are the basics:

  • Person
  • Proof of Identity
  • Financial institution
  • Transaction system
  • Business
  • Thief
  • Fake Identity

Because we now have electronic transfer of spending instead of money, the goal of a thief is to initiate a financial transaction with a stolen information about your identity.  When you deposit money in a bank or get a line of credit from a credit company, those institutions create an identity profile of you.  To spend money requires proving your identity at a transaction location.

identity_theft

Our old fashioned credit cards are rather simple.  The POS (point of sale) validates the card to see if it’s active.  The cashier must accept proof of identity from the person using the card.  If you are standing at the Target checkout counter, they will ask for an ID, or if you are buying from Amazon, they will ask for a password.  Both are easy to fake.  There’s a reason why many credit card thieves first go to gas stations – they don’t require any proof of identity. 

Even though the Target hackers stole over a hundred million card numbers and pins, they still have to find businesses that will process  transactions without a proof of identity, or create fake credit cards and fake identities.  Because they also stole names, addresses, and personal information, PINs, this is a scary possibility.

Proof of Identity

Every person has dozens of identities.  Your school or work has a system to identity you.  Your bank, credit card companies, insurance companies, health insurer, stock broker, library, utility company, phone company, etc., all have ways to identify you.  Even if you stood right in front of each of them, they wouldn’t know you personally.  They know you by your proof of identity.  Normally this is name, address, phone number, social security number, credit card number, library card number, customer number, etc.  Often this is in the form of ID card.  All of this information is easily stolen, and easily used by thieves.  In the old days, a fake driver’s license and stolen checks or credit cards was all it took to spend someone else’s money.  Now it’s just a name, debit card number and pin.

How To Stop Identity Theft

The current methods of protecting identity theft are far from perfect, but they are:

  • Keep your personal information as secret as possible
  • Use strong passwords and encourage the use of secondary pass phrases
  • Use credit cards from companies that have strong security monitoring
  • Monitor credit rating services
  • Hire a monitoring service

These efforts fall into two phases.  First, keep your information away from identity thieves, and second, stop thieves as quickly as possible when they do steal your identity.  What we really want is to stop thieves altogether. 

The best way to stop identity theft is absolute proof of identity.  This means creating a validation system to prove you are you in any financial transaction, whether in person or online.  I don’t believe Smart Cards are the solution.  Smart Cards are just credit cards with a computer chip – they make it harder for thieves but not impossible.  What we really want is biometric authentication.   This is technology that connects authentication to our biological selves – thumb print, voice pattern, retinal scan, face pattern, DNA, and so on.  Of course this means revamping our entire financial transactional system.  How does Amazon take your thumbprint?

There is new technology that might allow this transformation quicker than we thought – the smart phone.  But first some digression.

Let’s say a thumb print and voice pattern becomes the standard of identification.  How are they taken, and how are they validated?  There are a number of ways.  Smart Cards could store your voice and thumb print on a chip, and a POS terminal could take your prints and validate them against the card.  That would make things much more secure, but theoretically thieves could print fake Smart Cards with their prints recorded in them with your financial identity.  What we want is your credit card company to store a copy of your voice and thumb print, and the have the POS terminal authenticate your prints when you make a transaction.  Then we won’t need credit cards at all.  Identity will be bodily proof.

The trouble is our current infrastructure isn’t set up for this, so what would be the fastest way to transform our society into one secure from identity thieves?  Like I said, smart phones might be the answer.

There are many unique qualities about a smart phone.  The phone number, the IP address, the SIM card, the hardware address for the Wi-Fi card, etc.  All that’s needed is a way to tie your physical body to the smart phone.  Ultimately, in some science fictional future, I believe we’ll have a identity chip implanted in our bodies at birth and all our network connections will recognize us that way.  But until that future arrives, I believe smart phones are the answer.

Some smart phones can already do thumb prints, and voice prints can be done in software.  Newer phones could be designed to make biometric validation even easier.  Think of a smart phone as a genius level Smart Card.  To make a financial transaction you’d need your phone and your body.  That’s very hard for thieves to steal.  Not impossible.  A thief holding a gun to your head could make you buy things, give you money at ATMs.  But stress detectors might be added to smart phones to tell if a user is under duress.  We’re getting very close to foolproof.

Good Side Effects

If such a smart phone authentication system was developed it could have many positive side effects.  We’d have one of the best electronic voting systems possible.  It would allow for easy political referendums, or extensive public opinion polls.  This would change the nature of record keeping for school system, health insurance, all the way down to library cards.  Used in schools it would allow for instant testing and grading.  The spin-offs are endless.

Of course it would reduce identity theft.

Bad Side Effects

Identity theft is an easy way for thieves to steal from people without meeting them.  If we take this away, thieves will have to go back to being more personal about taking our stuff.  Switching to a smart phone authentication might increase robberies, muggings and burglaries.

However, the real scary thing about smart phone identity authentication is it creates a global identity card that’s extremely easy to track.  Americans have always been against a national ID card, and this system would be that to the nth degree.  Since we know the NSA is already tracking our phones, it’s not hard to imagine a whole host of governmental agencies, as well as businesses tracking our every move, communication and transaction.

It would make living off the grid almost impossible.  Anyone without a smart phone would have a very difficult time establishing any kind of identity with businesses, hospitals, insurers, libraries, credit agencies, etc.  If every policeman had a smart phone that could talk to your smart phone think of the Big Brother angle of that.

Other Solutions

Life on Earth is always evolving, and so does technology.  If we wanted, we could invent anonymous electronic spending.  Money is slowly disappearing, and with it privacy.  You can buy pre-paid credit cards and anonymous dumb phones to maintain your privacy, but that might not last for long.  If money disappears how do you buy pre-paid cards?  With direct deposit paychecks its now impossible to live without a bank account, and that requires a networkable identity, and thus a way to authenticate that identity.

People might not know it, but we’re on a path to no privacy.  For some people that might not matter, for others it matters a great deal.

JWH – 2/11/14