The chairman of Barclays Bank, Marcus Agius, has reportedly fallen victim to identity fraud; a fraudster apparently researched Mr Agius' details on the internet, then convinced a call-centre to issue him with a Barclaycard and used that to withdraw cash in person from a branch. The bank has repaid Mr Agius. I haven't been able to find out yet whether Jeremy Clarkson has had his recent loss refunded, or whether the bank is claiming some kind of contributory negligence on his part.
To my mind, though, both incidents illustrate a worrying fact about much identity theft: there was little or nothing the victims themselves could do to prevent the fraud from taking place. OK - you may say that Clarkson need not have put his account number and sort code in the newspaper, but there are many instance in which he would be expected to divulge that information to a third party... for instance, if he's bought an airline ticket to the States out of his Barclays account, his payment details (and more) will not only have gone to the airline, but will then have been exported to the US authorities, whether he likes it or not. Similarly, paying for something by cheque, or allowing a hotel receptionist to take a card imprint when you check in, are all instances where you disclose your account number and sort code to a third party in the normal course of events.
There are conflicting tensions at work here: for the customer, convenience versus security; for the bank, fraud prevention versus customer retention. Customers settle for the status quo because in about 95% of cases they don't end up footing the bill. Banks accept it because they're nervous of losing customers to a competitor, and can mitigate the financial risk in other ways. I suspect the bottom line is that customers need to get more sophisticated about managing their biographical details online, and service providers need to get more sophisticated about making reliable assertions without necessarily disclosing personal data.
The question is - is it too late for anyone who has already embarked on the 'declarative life' to regain control of their digital footprint? I happen to think that, for most people, probably not... but redressing the balance will take informed and explicit management of several things: your own personal data, including 'corroborative facts' which have not (yet?) appeared online; the registration and verification processes through which we have to go; the custody of the resulting data lodged with other parties; the ways in which that data (or assertions based on it) is exchanged.
Out of the default 'cast' - the data subject, data custodians and relying parties, no single entity can fix this on their own. That requires collaboration based on constructive dialogue. Luckily, there's a forum for that...
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}