A year ago PayPal reported that identity theft was three times more likely in the UK compared with other European...
countries, writes Ben Chai.
It said some 14% of UK online shoppers had fallen victim to identity theft, three times higher than other European countries.
Paypal warned that online security was being undermined by popular social networking site posting details. It said that one in seven (14%) "social networkers" in the UK admit to displaying password-related information on a social networking page, which could ultimately lead to identity theft.
The PayPal study also found that a number of identity theft victims had no idea how the theft occurred, with 40% in the UK clueless as to how their information was obtained. In fact, more than half of identity theft victims in the UK (52%) had to be contacted by their bank or credit card provider before they were even aware their identity had been stolen.
However, another identity theft risk has recently come to light. Credit card companies and banks are putting the public at risk by using personal information to verify customers' identities. That information is held in public records such as council records, birth, marriage and death records, which can be obtained from FamilyRecords.gov.uk and records held at Companies House.
A recent interview with Bruce Jenkins, managing consultant at Fortify Software, revealed that personal details, including date of birth, place of birth, mother's maiden name and current address, are held in easily accessible public records.
If the financial industry wanted to reduce identity theft in the UK, it should quit blaming what users post on their Facebook accounts and stop using information that can be obtained through public records. In other countries such as Sweden, many banks use two-factor authentication, so users have one-time password devices to access their finances.
The UK finance industry should look to do something similar or allow users to create their own questions.
Ben Chai is chief editor of SecurityVibes