About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Triple play | Main | The internet of things 2.0 »

Top gearknob

By davebirch posted Jan 7 2008 at 10:00 PM
[Dave Birch] There's a wonderful "identity theft" story running in the U.K. and I feel I must draw our international readers' attention to it. The BBC presenter Jeremy Clarkson, famous for presenting a programme about cars called Top Gear, published an article in the Sun newspaper saying that identity theft was a fuss about nothing and that no-one need worry about having their bank account details stolen. To prove the point, he published his bank account details in the newspaper. Now he's found money missing and, hilariously, the bank won't tell him who took it "because of the Data Protection Act".

Technorati Tags: , , ,

The thing is, knowing someone's bank account details (ie, the account number, the sort code and the person's address) really should not be useful to a fraudster because there should be some form of 2FA in place. It seems bizarre that I have 2FA to log in to my bank over the Internet but anyone can randomly fill out a direct debit form -- as they did in Clarkson's case -- and the bank will accept it. I'm sure there are aspects of bank identity management that I don't understand and that there are good reasons for running the system in this way, and I'm also sure that as the banks introduce their new SEPA-compliant pan-European direct debit systems there will be new safeguards in place to stop fraudsters in, say, Eastern Europe from setting up direct debits into U.K. bank accounts.

Fortunately, this sort of fraud will soon be a thing of the past because the Prime Minister, Mr. Gordon Brown, said in another newspaper interview yesterday that

Maybe when you go to a supermarket as happens in some parts of the States and Europe you are going to be safer, instead of carrying a credit card which can easily be stolen, in using your biometrics to shop.
I'm not entirely sure what part of Europe he is referring to, but I do know what part of the States he is referring to: Piggly Wiggly. Although he may have benefited from some more up-to-date advice now that PayByTouch has decided to move away from fingerprint payments at POS. But anyway, the Prime Minister goes on to say that
Maybe in relation to banking to use biometrics one way or another or fingerprint biometrics, whatever, whichever basis you might find that you are safer in your banking transaction than if you carried with you a card and a number.
I couldn't agree more. In other words, if you want to set up a direct debit, then you should have to go to a bank branch and set it up in a secure, attended, location where your fingerprints can be easily verified and I'm sure that most voters will agree.

Hold on a minute. How will biometrics help to stop people pretending to be you and filling out a direct debit form on the Internet? As has been noted here more than once, biometrics may cause more problems than they solve when it comes to online access to banking. Biometrics are helpful in trusted environments: connecting a a fingerprint reader to a PC would deliver a false sense of security and, according to the EU Data Protecton Supervisor, governments might well compromise their citizen's privacy by rushing to biometric solutions.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Top gearknob:


The comments to this entry are closed.