- Email: [email protected]
Not all good things come in small packages
Review
Book:
Identity theft: everything you need to know to protect yourself
Author:
Gavin Mills,
Publisher:
Summersdale Publishers
Price:
£3.99
ISBN:
9781840245776
Not all good things come in small packages Hugh Penri-Williams I’m the first to acknowledge that every initiative is welcome in combating the “identity theft scourge”, as I entitled my talk at ISACA’s International Conferences in Singapore and Mumbai. That said, I found it rather difficult to produce a review shorter than the booklet in question – a 118 page mini paperback. After a very short introduction – ‘What is identity theft and how does it work?’ – the author approaches the subject from three angles: •What makes up my identity? •How can I protect myself? •How do I know if I am a victim of identity theft? The various definitions of identity – biometric, attributed, and biographical – are briefly explained but with the wrong emphasis. The fact that such data can be misused is not so much the fault of a criminal’s, as that of the various agencies that allow ‘genuine’ documents to be fraudulently obtained. It is a severely neglected field where vigorous action would have immediate deterrent results. Unfortunately, some of the recommendations are, to be frank, plainly unrealistic or manifestly in contradiction with everyday practices in certain parts of the world. For example, having to leave your passport upon check-in with the hotel clerk overnight or having the main page photocopied is more often than not simply unavoidable, whether we like it or not.
46
Security codes are unverifiable by bank employees, only by devices, hence advice about only giving part of your PIN to them over the phone or a specific letter in your mother’s maiden name (which, incidentally, you shouldn’t have used as an authentication factor in the first place) is, I’m afraid to say, rubbish. Likewise, avoiding mention of the date of birth in obituaries is also ridiculous. As for redirection of a deceased person’s mail, how does the post office even know that you are entitled to request it compared to anyone else? There are also a few inaccurate technical ‘tips’, including the statement “wireless networking is not as secure as using a hard line to access the internet”. As is so often in life – it all depends. However, as an article in the Washington Post nicely put it: “but alas, just as every problem has a solution, so every solution has a problem, right?” Furthermore, identity theft has also spawned an industry of its own: private agencies to ‘protect’ you for a monthly fee, reminds me of certain neighbourhood practices. Mind you, I doubt whether these measures are really worth the investment; they are certainly not foolproof (as the CEO of one of them himself recently and embarrassingly discovered). Quite honestly, there is now such a plethora of preventive medicines out there, both behavioural and technical, that I find it hard to recommend
INFOSECURITY EUROPE 2009
buying a booklet costing £3.99 (or even USD29.95 for a similar opus) when you can quite simply get most of the same information and tips absolutely free after a few minutes of Googling. Websites not only give pertinent advice, but also include appropriate reporting mechanisms in the event that you have actually fallen victim to one of the numerous prevailing scams. Some reputable sources worth consulting are: www.identity-theft.org.uk/ www.ftc.gov/bcp/edu/microsites/idtheft/ www.bos.frb.org/consumer/identity/ video.htm, www.ftc.gov/bcp/edu/microsites/idtheft/ consumers/about-identity-theft.html. www.fivecentnickel.com/category/ identity-theft/ www.onguardonline.gov/games/id-theftfaceoff.aspx The latter is an on-line quiz, though I’d hesitate before following their advice. After all, the cure might be worse than the illness. In summary, although one could credit this mini-guide with being a noble attempt, regrettably it is not worth even its small price tag. Internet searches and a good dose of common sense are less expensive alternatives to understanding, protecting and alerting. Hugh Penri-Williams is the owner of Glaniad 1865 EURL in France and a former Chairman of the Executive & Council of the Information Security Forum.
Book:
Identity theft: everything you need to know to protect yourself
Author:
Gavin Mills,
Publisher:
Summersdale Publishers
Price:
£3.99
ISBN:
9781840245776
Not all good things come in small packages Hugh Penri-Williams I’m the first to acknowledge that every initiative is welcome in combating the “identity theft scourge”, as I entitled my talk at ISACA’s International Conferences in Singapore and Mumbai. That said, I found it rather difficult to produce a review shorter than the booklet in question – a 118 page mini paperback. After a very short introduction – ‘What is identity theft and how does it work?’ – the author approaches the subject from three angles: •What makes up my identity? •How can I protect myself? •How do I know if I am a victim of identity theft? The various definitions of identity – biometric, attributed, and biographical – are briefly explained but with the wrong emphasis. The fact that such data can be misused is not so much the fault of a criminal’s, as that of the various agencies that allow ‘genuine’ documents to be fraudulently obtained. It is a severely neglected field where vigorous action would have immediate deterrent results. Unfortunately, some of the recommendations are, to be frank, plainly unrealistic or manifestly in contradiction with everyday practices in certain parts of the world. For example, having to leave your passport upon check-in with the hotel clerk overnight or having the main page photocopied is more often than not simply unavoidable, whether we like it or not.
46
Security codes are unverifiable by bank employees, only by devices, hence advice about only giving part of your PIN to them over the phone or a specific letter in your mother’s maiden name (which, incidentally, you shouldn’t have used as an authentication factor in the first place) is, I’m afraid to say, rubbish. Likewise, avoiding mention of the date of birth in obituaries is also ridiculous. As for redirection of a deceased person’s mail, how does the post office even know that you are entitled to request it compared to anyone else? There are also a few inaccurate technical ‘tips’, including the statement “wireless networking is not as secure as using a hard line to access the internet”. As is so often in life – it all depends. However, as an article in the Washington Post nicely put it: “but alas, just as every problem has a solution, so every solution has a problem, right?” Furthermore, identity theft has also spawned an industry of its own: private agencies to ‘protect’ you for a monthly fee, reminds me of certain neighbourhood practices. Mind you, I doubt whether these measures are really worth the investment; they are certainly not foolproof (as the CEO of one of them himself recently and embarrassingly discovered). Quite honestly, there is now such a plethora of preventive medicines out there, both behavioural and technical, that I find it hard to recommend
INFOSECURITY EUROPE 2009
buying a booklet costing £3.99 (or even USD29.95 for a similar opus) when you can quite simply get most of the same information and tips absolutely free after a few minutes of Googling. Websites not only give pertinent advice, but also include appropriate reporting mechanisms in the event that you have actually fallen victim to one of the numerous prevailing scams. Some reputable sources worth consulting are: www.identity-theft.org.uk/ www.ftc.gov/bcp/edu/microsites/idtheft/ www.bos.frb.org/consumer/identity/ video.htm, www.ftc.gov/bcp/edu/microsites/idtheft/ consumers/about-identity-theft.html. www.fivecentnickel.com/category/ identity-theft/ www.onguardonline.gov/games/id-theftfaceoff.aspx The latter is an on-line quiz, though I’d hesitate before following their advice. After all, the cure might be worse than the illness. In summary, although one could credit this mini-guide with being a noble attempt, regrettably it is not worth even its small price tag. Internet searches and a good dose of common sense are less expensive alternatives to understanding, protecting and alerting. Hugh Penri-Williams is the owner of Glaniad 1865 EURL in France and a former Chairman of the Executive & Council of the Information Security Forum.