PI Launches 'And Who are You?' campaign to protect individuals against fraud
11/01/2008
And who are you?
Identity theft has become a complex and serious problem for an increasing number of people across the world. The flood of personal information on public registers, credit files, databases, junk mail and websites provides rich pickings for enterprising criminals. Even small nuggets of information in the wrong hands can provide the key to ID theft.
The solution to ID theft won’t be found through one simple approach, but through multiple strategies adopted both by consumers and by the organisations holding their information. But Privacy International believes that to tackle identity theft at its core, companies and government agencies should give consumers more control over their personal information.
For example, each day millions of UK consumers are telephoned by their bank, local council, phone service or utility company. On many such occasions the consumer is asked to immediately provide personal information to verify their identity. This could be a date of birth, previous address, recent payment history or even a password.
But how do you know who’s on the other end of the line? Is it really your mobile phone provider, or are you about to become a victim of a malicious identity attack?
Most customers are forced to rely on trust, meaning that they hand over valuable and sensitive personal information to a total stranger with no guarantee where it will end up.
Privacy International believes that companies and government have a responsibility to verify their own identity before requiring customers to divulge such information. For true security and trust, proving identity is a two way street.
Our solution is simple and inexpensive. We believe companies and agencies should provide a facility on a customer’s file to add a "special instruction" section, on which can be placed a secret word or the answer to a challenge question that the customer can ask. For added security customers can ask that the organisation reveals only, say, the first and last letters of their secret word. Only then can the customer have any trust that the calling party is who they say they are.
"And who are you?" is Privacy International’s new campaign to shift more responsibility onto organisations. In our view, those companies and government agencies which refuse to empower their customers are failing to show a duty of care. From today we will begin publishing the names of those companies who are prepared to protect their customers' information by making identity a two-way responsibility. As this list grows, customers can make a more informed choice about who they should do business with.
Let’s start with T-Mobile. This provider will set up a "special instruction" field on your file requiring staff on request to give you a secret word of your choice before asking for personal information or a password.
We would be grateful for feedback - whether negative or positive – about your experiences with organisations. Please email us at privacyint@privacy.org.
Related:
PHR2006 - Privacy Topics - Authentication and Identity Disclosure
PHR2006 - Privacy Topics - Identity Systems and Identity Cards
PI Comments on UK Tax Agency Data Breach
Privacy International to pursue data breach legal action against UK government
|
