Posted by racingsnake
@ 12:51 PM GMT+00:00
01 Feb · Wed 2006
Is "user-centricity" the answer to identity fraud?
I've just returned from Berlin and the Net-ID 2006 conference organised by Computas. I'll blog about that in detail shortly, but in the meantime just wanted to refer to a snippet from yesterday's Wall Street Journal (www.wsj.com if you have a subscription).
The headline read "Identity fraud affects fewer but losses mount". The piece goes on to record (based on a survey by Javelin and the Better Business Bureau) that in 2005 about 4% of US adults had their identities stolen and used to commit fraud. The number of cases fell slightly from 2004, but the average fraud per case rose (from about $5,900 to about $6,400).
The point I wanted to bring out was in the closing sentence: "Businesses absorbed 93% of the financial damage".
I think it's true to say that, at the moment, most online services are not 'user-centric' in the way they handle personal data; that is, the user seldom has much effective choice as to how, when or by whom their personal data is processed. As I mentioned back on December 19th, the USA Today article on ID Theft to fund a meth habit suggested that a huge proportion of identity theft arises when the user's details are in the custody of someone else.
It's therefore tempting to suggest that increasing the 'user-centricity' of the system is the answer. Either make the user the data custodian, or give the user the (only) means to control access to their personal data.
The question the WSJ article prompts me to ask, though, is this: can you envisage a case where the user has that degree of control, and yet businesses still shoulder 90% of the cost of identity theft? I can't. This suggests two factors which weigh heavily in favour of the status quo:
--- the lack of incentive for users to bear added responsibility, as long as someone else is picking up the cost of the current approach;
--- the difficulty of raising the awareness and competence of every user and citizen, as data custodians, relative to achieving the equivalent rise in awareness and competence among existing data custodians. Not that I'm suggesting the latter is 'easy' either!
Comments:
- Blogroll
- Alan Mather
- Alec Muffett
- Bill Vass
- Bill Walker
- Burningbird
- CPO - Michelle Dennedy
- Conor Cahill... has an opinion or two
- Consult Hyperion
- Don't Panic - Trust blog
- Eric Mahe
- Eve Maler
- Geoff Arnold
- Gerry Beuchelt
- Greg Matters
- Hubert Le Van Gong
- Ideal Government
- John Sandell's Photography
- Kim Cameron
- Lauren Wood
- Ludovic Poitou
- Mark Dixon
- Masood Mortazavi
- Monkchips - James Governor
- New Drew...
- Oz Yigit's brainstorms
-
POSIWID
- Paul Walker's Getting His Coat...
- Peter Davis
- PlanetIdentity
- Stefan Brands
- Superpat
- Tatsuo-san
- Tim Bray
- Toby Stevens
- Tom Gordon
- Vikram Kumar (NZ)
- Wayne Horkan's eclectic
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}