« Err | Main | Logic, Logic »
March 30, 2007
Quick, Quick
Someone tell me how ID Cards could have stopped this happening:
The world’s biggest theft of credit card details has left 45 million customers exposed to fraud.
Everyone who paid with credit or debit cards at any branch of TK Maxx between January 2003 and June 2004 is at risk.
Customers of the fashion chain’s 210 stores in Britain have already had their card details used to make fraudulent transactions.
The company admitted that details of credit and debit cards used in its shops had been stolen by sophisticated computer hackers and warned its customers last night to monitor their credit and debit card statements for suspicious transactions.
The company confirmed that information had been stolen from 45.6 million cards used in Britain and North America between December 31, 2002, and November 23, 2003. It did not know how many had been stolen for transactions made between November 24, 2003 and June 28, 2004.
Tony would like to know: you see, he's still looking for a justification for them.
That such details can be stolen makes ID cards less secure, not more, but don't expect him to admit that.
March 30, 2007 | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/23056/17329994
Listed below are links to weblogs that reference Quick, Quick:
Comments
Absolutely. ID Cards won't stop meningitis, Alzheimer's, MSBP, seizures of Royal Navy personnel in Iraqi territorial waters by Iranian Revolutionary Guards, George W Bush's head rushes, computer viruses and much more. But there is a chance ID Cards will make it much more difficult to set up multiple personal identities to obtain multiple passports and conduct benefits fraud and money laundering through bank accounts under different identities and ID Cards will make it more difficult for criminals to hide with multiple aliases. Hundreds of laws over centuries haven't prevented murders, woundings, burglary, theft, arson and fraud but it doesn't follow that we should therefore repeal all criminal law.
In current and recent trials for terrorism related offences, it is quite common for some accused to have several identities. The great mystery is why passports supported by personal biometric data are evidently acceptable to some libertarians but not personal ID Cards. I'm obliged now to "prove" my identity to obtain a legitimate bus pass or to collect any Royal Mail parcels which can't be delivered - ID cards will make it easier to do that with more reliable means than at present.
By media reports, the TK-Maxx fraud seems to have been perpetrated outside the UK and the US. The company should have had better firewalls to protect personal data in its computer databanks in the US and at Watford.
"Tony would like to know: you see, he's still looking for a justification for [ID cards]."
Tony evidently believed Iraq had weapons of mass destruction which could used within 45 minutes of an order being given by the late Saddam.
http://news.bbc.co.uk/1/hi/uk_politics/2955036.stm
Posted by: Bob B | Mar 30, 2007 12:47:58 PM
"The great mystery is why passports supported by personal biometric data are evidently acceptable to some libertarians but not personal ID Cards."
Because there's an F-off great database behind ID cards that will store details of EVERY SINGLE TIME YOU USE THE CARD. So when you go to the Post Office, the Home Office will know where and when and why. When you get a bus pass, the Home Office will know when and where and why. This kind of information can be put together to form a very detailed picture of someone's life.
Worse still, the ID card will become an internal passport. We will all need to show it to buy a drink in a bar so that people convicted of drink-related offences can be banned from drinking. Or alcoholics "protected" from themselves. Or simply people being punished by removing their drinking "privileges". Don't deny that New Labour would do this kind of thing. It's already being trialled in the West Country, and the idea of "privileges" being revoked is already being planned (driving licences being confiscated for unrelated offences).
It's not too much imagination required to see ID cards being mandatory in supermarkets and shops. Mandatory use for buying fertilizer, because you could be making a bomb, right?). Mandatory use for buying "unhealthy" food (because you might have a fat kid who is identified as "at risk" on the Government's new kiddie database).
So there are those of us who see a big difference between a passport with better security (good) and the New Labour ID card (total evil).
Posted by: Kay Tie | Mar 30, 2007 1:14:10 PM
Ooops. I forgot it was BobB who posted. I need to add some links.
http://www.theregister.co.uk/2006/10/26/pub_fingerprint_plan/
http://news.bbc.co.uk/1/hi/uk/6174671.stm
http://news.independent.co.uk/uk/health_medical/article2305536.ece
Posted by: Kay Tie | Mar 30, 2007 1:21:00 PM
Kay: "Because there's an F-off great database behind ID cards that will store details of EVERY SINGLE TIME YOU USE THE CARD."
In these times, I profoundly hope that will be so for every use of biometric passports.
Will you shortly be proposing repeal of all criminal laws because breaches and convictions are recorded and since criminal laws haven't prevented murder, assaults, theft, arson, fraud etc?
Posted by: Bob B | Mar 30, 2007 1:57:21 PM
Bob B says:
"But there is a chance ID Cards will make it much more difficult to set up multiple personal identities to obtain multiple passports and conduct benefits fraud and money laundering through bank accounts under different identities and ID Cards will make it more difficult for criminals to hide with multiple aliases."
So we should spend more than £18bn on 'a chance' ? Some of us would argue that there is a much greater chance that they will be used for government to interfere more in our lives and they will be a boon to those who want to set up multiple identities or steal other people's. A single system is always much more vulnerable to fraud, hacking etc.. Multiple non-standard voluntary methods of establishing identity (as we have now) perform much better. Witha single system, if you can get a false card or database entry you become 'provably' that false identity.
Incidentally, when it comes to benefit fraud, recent evidence has clearly demonstrated that only a tiny proportion of this is due to identity fraud. The vast majority is due to people lying about their circumstances.
Incidentally, can Bob B point us towards the cost:benefit analysis that the government has carried out to demonstrate the value of ID cards? One might have thought they would do this before spending billions.
Posted by: HJHJ | Mar 30, 2007 1:59:38 PM
"In these times, I profoundly hope that will be so for every use of biometric passports."
I bloody well hope not. I'd not be happy for the US to see I'd been to Cuba, or for Dubai to see I'd been to Israel.
And I'm damn sure that showing my passport to open a bank account isn't logged with the Home Office.
So, no, in "these times" (different from the times of the Bad Meinhoff gang, the Red Brigade, the IRA, Abu Nidal, the PLO?) there is no universal database logging use of the biometric passport.
In your world, Bob, it's OK for us all to be tracked and traced. You only see the upsides of tracing "them", the terrorists, teenagers wearing hoods, etc. (in reality it's snake oil, but that's another story). But we (you, me, Tim) are all "them" to the Government.
Posted by: Kay Tie | Mar 30, 2007 2:25:04 PM
"Incidentally, can Bob B point us towards the cost:benefit analysis that the government has carried out to demonstrate the value of ID cards? One might have thought they would do this before spending billions."
On track record, the present government is manifestly hopeless at setting up and running mega IT projects - hence the continuing debacle over the national NHS database of personal medical records, presently under development - as well as much else:
http://news.bbc.co.uk/1/hi/uk_politics/6174244.stm
Blair called it the Third Way.
But the issue here is not the serial incompetence of Blair's Third Way but whether ID cards with biometric data - and biometric passports - could help in preventing certain varieties of crime and in catching criminals at reasonable cost.
My understanding is that the police - for entirely understandable reasons - believe that ID cards would help prevent identity fraud and the creation of multiple bogus identities as well as the range of crimes that identity fraud facilitates.
"An investigation shows that conviction rates for many of the most violent crimes have been in freefall since Labour came to power in 1997 and are now well below 10 per cent. The chronically low figures for convictions come at the same time as reports that violent crime is increasing. An analysis of Home Office figures reveals that only 9.7 per cent of all 'serious woundings', including stabbings, that are reported to the police result in a conviction. For robberies the figure falls to 8.9 per cent and for rape, it is 5.5 per cent."
http://observer.guardian.co.uk/uk_news/story/0,,1784623,00.html
In January 2005 I had a phone call from a guy complaining that I'd not sent him the computer memory he had bought from me on eBay for UKP 109. I'd not been onto to eBay, let alone sold any computer memory there but someone else had and had posted my name and telephone number as the vendor's contact references. Fortunately for me - and ultimately the victim - the money had been paid into a PayPal account and I don't have a PayPal account.
"Internet fraud victims lost an average of £875 in the past 12 months, according to a safety campaign fronted by the UK government, and sponsored by eBay, Microsoft, HSBC and BT, among others."
http://www.pcadvisor.co.uk/news/index.cfm?newsid=8849
I'm quite often asked for proof of ID nowadays. The extraordinary thing is that showing a recently paid and receipted bill for public utilities - such as gas, electricity and phone bills - is taken as definitive proof of personal identity in practice, which seems entirely ludicrous to me.
Speed cameras on roads track vehicle movements, as does the London Congestion Charge. The application of satellite tracking of vehicles for road pricing and vehicle security will also trace and record vehicle movements. Biometric passports are becoming obligatory and properly so IMO. How else will it be possible to track illegal migrants, slave traders and other international criminals in these times?
Posted by: Bob B | Mar 30, 2007 3:25:14 PM
Bob B,
In fact, I seem to remeber that senior policemaen doubted the value of identity cards until they were told to change their minds by their political masters.
Then you post an entirely unrelated piece about low conviction rates for violent crime. Does the article say that establishing identity is in any way a factor in this? It does not. In fact, it cites all sorts of other reasons but not problems in establishing identity.
And can you please explain how ID cards will reduce internet fraud?
Posted by: HJHJ | Mar 30, 2007 4:03:41 PM
I'm fairly sure that the National Identity Scheme (NIdS) would not have contributed anything to protect against this infringement of data privacy.
The NIdS might offer some general protection against the more serious forms of identity fraud without being too onerous. However, it is difficult to see it as practical in protecting against credit/debit card fraud of the usual sort, beyond any equivalent protection that could be put in place or recommended by Visa, Mastercard, etc, themselves.
However, in this particular case, I do suspect that all infringement arising from transactions made in the UK could have been better protected, through adherence to the Data Protection Act. This act requires the following compliance:
(i) Fairly and lawfully processed
(ii) Processed for limited purposes
(iii) Adequate, relevant and not excessive
(iv) Accurate and up to date
(v) Not kept for longer than is necessary
(vi) Processed in line with individuals' rights
(vii) Secure
(viii) Not transferred to other countries without adequate protection
It is, I suppose, fairly obvious that there is infringement of 'vii', though there must be reasonable doubt as to the extent to which the UK company and its Data Controller can be held directly responsible.
However, there are several other aspects where investigation of breach of the Act might be worthwhile. In particular, I wonder why information on any credit/debit card transactions actually made in the UK were ever transmitted to the USA (see 'viii'); also, whether the information was kept longer than strictly necessary (see 'v'); also whether there was the right match between 'ii', 'iii' and 'vi', in terms of knowledge and permission by the individual concerned for their information to be used beyond payment for each individual transaction.
It will be interesting to see whether anything is actually done on these matters.
Best regards
Posted by: Nigel Sedgwick | Mar 30, 2007 4:15:13 PM
"Then you post an entirely unrelated piece about low conviction rates for violent crime."
The quote was to establish the prevailing reality in Britain now of a very general problem of extremely low conviction rates for many serious crimes, including fraud.
As I understand it, for some percentage of crimes the police have biometric clues as to the identities of suspects - such as DNA or fingerprints - but have no connections on file between the scene of crime data and the personal identity of likely perpetrators. Judging by recent cases in the news, terrorist suspects often have multiple identities, with supporting passports fraudulently obtained.
Large scale benefit fraudsters typically establish multiple identities to increase their sources of benefit incomes. Money laundering often involves shifting sums of money between multiple bank accounts in common ownership but different names. The whole point is to make it difficult and costly for investigating authorities to unravel what is going on.
"And can you please explain how ID cards will reduce internet fraud?"
Identity was clearly at issue in the case where a party claiming my name and telephone number sold computer memory on eBay. A major problem in that and similar cases is that the potential costs of investigating and tracing the identities of fraudsters are greater than the individual amounts lost in the fraudulent transactions. The investigations are therefore not always pursued for cost reasons and the fraudsters are left to continue their criminal business of ripping off a long succession of victims.
The fact is that I'm fairly often (and reasonably) asked for proof of identity when applying for various passes and credit and when collecting undelivered Royal Mail parcels from the sorting office. It seems to me ludicrous if a recently receipted public utility bill is sufficient to establish identity, as it is in many instances.
Everyone here seems to be dodging the issue of tracing illegal migrants.
The populist campaign against ID cards is simply dodging the real criminal issues of identity theft and fraud.
http://news.bbc.co.uk/1/hi/business/4342212.stm
http://news.bbc.co.uk/1/hi/england/london/6079396.stm
Posted by: Bob B | Mar 30, 2007 8:29:12 PM
"And can you please explain how ID cards will reduce internet fraud?"
Bob B"
"Identity was clearly at issue in the case where a party claiming my name and telephone number sold computer memory on eBay. A major problem in that and similar cases is that the potential costs of investigating and tracing the identities of fraudsters are greater than the individual amounts lost in the fraudulent transactions. The investigations are therefore not always pursued for cost reasons and the fraudsters are left to continue their criminal business of ripping off a long succession of victims."
Yes, and how will you use your identity card over the internet to avoid identity fraud. Please explain the mechanism.
Clue: there isn't one.
Posted by: HJHJ | Mar 30, 2007 10:20:27 PM
Just FYI, the National Identity Register is excluded from the Data Protection Act.
Posted by: Kay Tie | Mar 30, 2007 11:07:37 PM
Hello, Your site is great. Regards, Valintino Guxxi
Posted by: Valintino | Apr 13, 2007 7:24:24 AM
