|
Identity theft – stealing you. |
|
|
|
|
Written by Tony Phelps
|
|
Thursday, 17 November 2005 |
Following on from last week’s column about spyware, this week we expand
on spyware’s most threatening potential – the ability of faceless
international criminals to pretend to be you, steal large amounts of
goods or funds in your name, and leave you to pick up the pieces.
One of the drawbacks of our world’s increasing use of electronic
information is what happens when that information is wrong. To start
with, you simply don’t know who is storing what about you, and you can
guarantee that there is much more than you imagine. In Vanuatu, we are
far less exposed to the electronic tracking that takes place. Places
like America and Australia which have advanced and huge chains of
stores collect data about every single purchase – who made it, where,
when, and with what other items, and in response to what special offers
or promotions. How it was paid for, and which financial institution the
purchaser belongs to. Electronic payment is coming to Vanuatu, with the
introduction of ATMs (cash machines), EFTPOS (electronic purchases) and
even BPay (electronic bill payments), and data collection comes with
these convenient facilities.
So dozens of organizations will one way or another be collecting
information about you, sometimes quite extensive information about your
habits and preferences. Someone steals enough personal data (for
example, login name and password for your online bank account, your
passport number, and your full name and address) by using spyware or
hacking into a database or even just buying it from a corrupt insider,
and they can electronically pretend to be you. They do all sorts of
naughty stuff, such as buying expensive goods, taking out loans, and
transferring your money out of your accounts. Suddenly you need to
prove that it wasn’t you that did this. How? The bank will say “But it
was your login and secret password, it must have been you”. The loan
company will say “But you gave us all your personal and private
proof-of-ID information, it must have been you”.
It will take weeks of effort, considerable expense, and much anxiety
for you to get signed sworn affidavits that you weren’t responsible
accepted by the appropriate companies, just to clear yourself of guilt
for the crimes that were committed in your name. But even then, the mud
will stick. Some countries have laws that force an organization to tell
you what they know about you, but you have to pay to see it and you
have to know which organization to talk to in the first place!
The moral of the story is to be careful what information you give to
any organization or individual. It should be on a “need to know” basis,
and you should satisfy yourself that they are taking appropriate
precautions to safeguard your data. You should also make sure that your
own data is safe eg. on your home or office computer, by installing and
updating anti-virus and anti-spyware applications. Identity theft is
growing, and will continue to blight the electronic world for some
time. Try not to become one of its victims. |
