Identity-based crime is likely to rise as long as consumers,
businesses and government do not value personal information highly
enough to care for it properly.
This was the consensus view of a panel of experts convened by
Unisys ahead of the release of its latest biannual study of
security
riskson Monday.
The panel comprised Duncan Hine, executive director of the
Identity and Passport Service; Toby Stevens, director of the
Enterprise Privacy Group; Angela Sasse of the University College
London; Phil Jenks, former COO of the HBOS banking group; Ian
Readhead, constabulary chair of the Association of Chief Police
Officers (Acpo); and Neil Fraser of Unisys.
Noting that the public perception was that
ID-based crime is rising, Hine said society also faced problems
as a result of the creation of fictitious identities and with
corrupted identities, as well as ID theft. "These are all usually
precursors to something much worse," he said.
He said criminals found it advantageous to have multiple or
"fractured" identities to make it harder for investigators to pin
them down.
Stevens noted that banks were still using existing payment
systems because, despite the risks and rising losses from
ID-enabled frauds, they worked, and because the value of losses was
trival compared to recent losses from bad loans.
The EPG's Stevens said businesses were unlikely to pay enough
attention to ID-based crime until the personal information they
held was properly valued. "Putting it on the balance sheet means
they would have to look after it," he said.
Valuing such data is difficult. However, reports suggest
criminals are willing to pay up to £675 for details of a single
freshly-stolen bank account.
The panelists agreed there needed to be more co-operation
between government, business and consumers about protecting
identities. Hine said he was confident that thegovernment's
controversial identity card system was robust, but also that any
tampering or unauthorised access would be spotted and corrected
quickly.
The National Audit Office is investigating the effectiveness of
government e-crime-fighting policies and initiatives,particularly
the Get Safe Online awareness-raising project. It is due to report
in late 2009, but has already said it was hampered by the lack of
hard data on e-crime, including ID-based crimes.
This should be partly fixed by the formation of the new
Police Central E-Crime Unit (PCEU).One of its tasks is to
collect and share data on e-crimes.