By Trace Gosling
How much of your personal info is out there? How big is the Iceberg?
Most of us are oblivious to the threat of digital identity theft- that is, until we are notified of a possible breach (which will be mandatory from February 2018 for larger organisations in Australia). Maybe you still advertise your birth date – a key ID credential – on Facebook? These days even listing your phone number on LinkedIN is not recommended, in case someone ports (copies) your phone and opens another account with a Telco.
Just ask IDCare, the National Identity and Support Service, how difficult it is for people to reclaim their personal identity information once it is lost. It can take years of hard work, proving and re-proving that you are actually you, plus the costs of employing expensive monitoring services for your accounts.
The real problem is that all these small bits of data leaking into the ether from your various accounts mean that your profile can be slowly recompiled- as criminal elements collect birth dates, middle names, family member names, phone numbers, emails, health care card numbers, credit card details, fingerprints (used to authenticate ID on phones), and photos. Some of these items can be changed and reset after a breach, but many cannot. Because Australian organisations have not had to automatically report breaches in the past, who knows how much of this information is already out there in the ether? And perhaps our stolen data isn’t being used today but it may be accumulating for use in the future, when the probability of ID fraud success could be higher particularly for targeting executives of major businesses or politicians.
Most recently in December an aggregated database of 1.4 billion users information was found on the dark web. http://www.securityweek.com/database-14-billion-credentials-found-dark-web
What capacity will there be to restore online trust in our personal details if they are out there on the web permanently? What happens then?
Can we still avoid the Iceberg, or is it impossible to stop identity theft and fraud?
For decades we have used the same ID credentials to authenticate or verify a person, with layered up security steps that we answer to reduce the likelihood of impersonation. However this is the very data which is sometimes being breached and distributed.
Isn’t it time for a new way of identifying yourself? One that can’t be copied or used by others?
We love our mobile phones, but they are extremely vulnerable to hacking, so many of us now run malware and VPN software on them to make them harder to breach. But again we are spending more $$ to layer up security software and educate ourselves, while all the time it gets more complex to manage our personal lives.
ASIC Chairman Greg Medcraft recently stated that the next big ‘black swan’ event is likely to be a major cyber security attack, with contributing factors being the “patchy and inconsistent preparations by companies”, particularly small and midsize businesses who don’t have the resources to implement so much new and complex technology.
There is now a simpler option, with an Australian firm reinventing the rules.
In 2017, after years of development, there is now a new choice that could totally change the game on cyber-crime, by moving away from the traditional layered identity and security architectures.
Firstly, imagine that you (as an individual or staff member) have a brand new top level of cyber security available in your hands in a business card sized device. For decades there has been no known way of cracking this level of security, but it has now been engineered for consumers to use for the first time globally. Everyone can use an extreme level of security at an affordable price. And it works by wrapping around your online activity, point to point.
The next change is that you have this business card sized smart Digital Wallet device that can’t be tampered with, skimmed, duplicated or read. One which is both simple to use online when accessing services and simple to deploy for businesses. Increasingly, even global players like Google, Thales, Microsoft and many more are again issuing physical tokens to increase security. However no one wants to carry 5 tokens around.
Imagine also that your Digital Wallet can operate with any device or technology that you have, can do multiple functions with 1 PIN like single sign on, remote access, transfer securely, store your drivers licence, permits, building access, store payment cards and pay online or instore, accept payments, go cashless and is the only card you ever need to carry. Importantly it is your identity and data to control and use.
In Australia we are concerned about the Federal and State Government’s plan to introduce a digital ID, for fear of what will happen to our data and privacy. Perhaps we should be taking the opportunity to embrace (and set new standards for) the management of our personal Digital Identity, authentication and data, before somebody else does. When the USA National Institute of Standards and the Australian Signals Directorate are both highlighting concerns about the use of SMS or biometrics for identity verification, why then are we still so accepting of organisations asking us to use these methods for their services?
In reality there is always choice.
There is the choice to keep trying the same, complex, existing authentication methods OR the choice to select a new standard of security that protects both your identity and privacy, digitally and physically. It’s a choice to control your information.
If you want to change the game on cyber-crime and control your own Digital ID from 2018 on, whether individual, business or government, you can find out more or register your interest obligation free at www.veroguard.com.au.