Identity-based crime is likely to rise as long as consumers, businesses and government do not value personal information highly enough to care for it properly.
This was the consensus view of a panel of experts convened by Unisys ahead of the release of its latest biannual study of security riskson Monday.
The panel comprised Duncan Hine, executive director of the Identity and Passport Service; Toby Stevens, director of the Enterprise Privacy Group; Angela Sasse of the University College London; Phil Jenks, former COO of the HBOS banking group; Ian Readhead, constabulary chair of the Association of Chief Police Officers (Acpo); and Neil Fraser of Unisys.
Noting that the public perception was that ID-based crime is rising, Hine said society also faced problems as a result of the creation of fictitious identities and with corrupted identities, as well as ID theft. "These are all usually precursors to something much worse," he said.
He said criminals found it advantageous to have multiple or "fractured" identities to make it harder for investigators to pin them down.
Stevens noted that banks were still using existing payment systems because, despite the risks and rising losses from ID-enabled frauds, they worked, and because the value of losses was trival compared to recent losses from bad loans.
The EPG's Stevens said businesses were unlikely to pay enough attention to ID-based crime until the personal information they held was properly valued. "Putting it on the balance sheet means they would have to look after it," he said.
Valuing such data is difficult. However, reports suggest criminals are willing to pay up to £675 for details of a single freshly-stolen bank account.
The panelists agreed there needed to be more co-operation between government, business and consumers about protecting identities. Hine said he was confident that thegovernment's controversial identity card system was robust, but also that any tampering or unauthorised access would be spotted and corrected quickly.
The National Audit Office is investigating the effectiveness of government e-crime-fighting policies and initiatives,particularly the Get Safe Online awareness-raising project. It is due to report in late 2009, but has already said it was hampered by the lack of hard data on e-crime, including ID-based crimes.
This should be partly fixed by the formation of the new Police Central E-Crime Unit (PCEU).One of its tasks is to collect and share data on e-crimes.