September 15, 2010 at 9:21 am
DELL is responsible to some extent. However then we just get more into a lawyer culture of suing everyone. Is it worth it for you to sue DELL for $10k if it costs you $10k? Or even $5k? It's not.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
September 15, 2010 at 9:42 am
Steve Jones - Editor (9/15/2010)
DELL is responsible to some extent. However then we just get more into a lawyer culture of suing everyone. Is it worth it for you to sue DELL for $10k if it costs you $10k? Or even $5k? It's not.
If we write the laws correctly in the first place then we would not have to sue.
We could have a multi level credit system if we really need to have credit that badly. (Given our recent economic crises I question if easy credit does more harm than good.) One level would require some form of real in-person identity verification and another level would not. If credit is given without in-person identity verification the company would not be allowed to put this on a person's credit history or sue to get their money back without first performing an identity verification.
Also any new credit application should automatically notify my at a registered address with the credit reporting agencies and I should be able to easily disable and enable new credit applications so if I know I won't be applying for credit for a while I have a simple method of shutting down the issuing of new credit in my name, and then have a simple way of turning this back on when I decide I need to apply for a new credit line.
September 15, 2010 at 10:24 am
The problem with social engineering and digital authentication is that it involves information that can be easily forged. If I call someone up and say I'm from the bank, they really have no way to confirm this. Any data that passes over the wire, even high tech retinal scans, can be highjacked or tampered with in some way. I think that most of these identity theives are reclusive types who would rather sit in front of a PC in a darkened room, someplace on the other side of the world. If we require a face to face meeting at a physical location to seal the deal, then we've just weeded out a huge amount of potential fraud.
When someone applies for a credit card through a bank like Chase or Wachovia, they should be required to show up in person at one of their local branch offices, sign the paperwork, and then provide a thumbprint. That thumbprint is a time proven and widely accepted form of identification. If at a later point it is discovered that the credit applicant was an imposter, then you already have a convenient tumbprint on file plus security camera footage that can be turned over to law enforcement.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 15, 2010 at 10:29 am
Eric Russell 13013 (9/15/2010)
The problem with social engineering and digital authentication is that it involves information that can be easily forged. If I call someone up and say I'm from the bank, they really have no way to confirm this. Any data that passes over the wire, even high tech retinal scans, can be highjacked or tampered with in some way. I think that most of these identity theives are reclusive types who would rather sit in front of a PC in a darkened room, someplace on the other side of the world. If we require a face to face meeting at a physical location to seal the deal, then we've just weeded out a huge amount of potential fraud.When someone applies for a credit card through a bank like Chase or Wachovia, they should be required to show up in person at one of their local branch offices, sign the paperwork, and then provide a thumbprint. That thumbprint is a time proven and widely accepted form of identification. If at a later point it is discovered that the credit applicant was an imposter, then you already have a convenient tumbprint on file plus security camera footage that can be turned over to law enforcement.
I totally agree. And if the bank does not have a local branch then banks \ other businesses like Dell could use a third party verification service, probably provided by another bank, to do the verification for them.
September 15, 2010 at 10:52 am
krowley (9/15/2010)
Eric Russell 13013 (9/15/2010)
The problem with social engineering and digital authentication is that it involves information that can be easily forged. If I call someone up and say I'm from the bank, they really have no way to confirm this. Any data that passes over the wire, even high tech retinal scans, can be highjacked or tampered with in some way. I think that most of these identity theives are reclusive types who would rather sit in front of a PC in a darkened room, someplace on the other side of the world. If we require a face to face meeting at a physical location to seal the deal, then we've just weeded out a huge amount of potential fraud.When someone applies for a credit card through a bank like Chase or Wachovia, they should be required to show up in person at one of their local branch offices, sign the paperwork, and then provide a thumbprint. That thumbprint is a time proven and widely accepted form of identification. If at a later point it is discovered that the credit applicant was an imposter, then you already have a convenient tumbprint on file plus security camera footage that can be turned over to law enforcement.
I totally agree. And if the bank does not have a local branch then banks \ other businesses like Dell could use a third party verification service, probably provided by another bank, to do the verification for them.
Even a notary public at the nearest post office could verify someone's photo ID against DMV records, take a thumbprint, and present the applicant with the paperwork to sign.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 15, 2010 at 10:58 am
Eric Russell 13013 (9/15/2010)
The problem with social engineering and digital authentication is that it involves information that can be easily forged. If I call someone up and say I'm from the bank, they really have no way to confirm this. Any data that passes over the wire, even high tech retinal scans, can be highjacked or tampered with in some way. I think that most of these identity theives are reclusive types who would rather sit in front of a PC in a darkened room, someplace on the other side of the world. If we require a face to face meeting at a physical location to seal the deal, then we've just weeded out a huge amount of potential fraud.When someone applies for a credit card through a bank like Chase or Wachovia, they should be required to show up in person at one of their local branch offices, sign the paperwork, and then provide a thumbprint. That thumbprint is a time proven and widely accepted form of identification. If at a later point it is discovered that the credit applicant was an imposter, then you already have a convenient tumbprint on file plus security camera footage that can be turned over to law enforcement.
Simple solution for a big problem... I like it!
Banks would have to:
1. take photo of person
2. take thumbprint of person
The problem is what to do after the bank does this - there would need to be some sort of national way for Dell (for example) to find out that the process is complete, but where only the bank can indicate that it is.
And banks are everywhere... even the little hick town village I live in has two!
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
September 15, 2010 at 11:33 am
WayneS (9/15/2010)
Eric Russell 13013 (9/15/2010)
The problem with social engineering and digital authentication is that it involves information that can be easily forged. If I call someone up and say I'm from the bank, they really have no way to confirm this. Any data that passes over the wire, even high tech retinal scans, can be highjacked or tampered with in some way. I think that most of these identity theives are reclusive types who would rather sit in front of a PC in a darkened room, someplace on the other side of the world. If we require a face to face meeting at a physical location to seal the deal, then we've just weeded out a huge amount of potential fraud.When someone applies for a credit card through a bank like Chase or Wachovia, they should be required to show up in person at one of their local branch offices, sign the paperwork, and then provide a thumbprint. That thumbprint is a time proven and widely accepted form of identification. If at a later point it is discovered that the credit applicant was an imposter, then you already have a convenient tumbprint on file plus security camera footage that can be turned over to law enforcement.
Simple solution for a big problem... I like it!
Banks would have to:
1. take photo of person
2. take thumbprint of person
The problem is what to do after the bank does this - there would need to be some sort of national way for Dell (for example) to find out that the process is complete, but where only the bank can indicate that it is.
And banks are everywhere... even the little hick
townvillage I live in has two!
Retailers like Dell should get out of the consumer credit business. They ultimately do their financing through a bank and just mark up the customer's interest rate anyhow. Salespeople (who don't know scat about anything except how to sell widgets) earn a commission on every line of credit they open, and I'm sure many of them fudge the paperwork they send the bank in order to insure the sale goes through.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 15, 2010 at 2:05 pm
Someone once said or wrote “When there is a will, there is a way.” This is the information age and we are dealing with professional information thieves/organizations. Just like the government spy’s who gather all information they can, these professionals are identifying our weakest links. More rules will not help because these people will find ways to go around the new rules. Unfortunately, the simplest/cheapest tried and true weak link is still the uneducated or disgruntled employee.
Steve is right to point out that we need to be the educators and security standard bearers for the company we work. The information we protect within some of our databases has the potential to provide very lucrative monetary gains. The rest of the information within our databases may provide the weak link to this lucrative information. The best we can hope for is to stay in touch with the latest security standards/news and then diligently educate/apply these security measures throughout our companies.
Viewing 8 posts - 16 through 22 (of 22 total)
You must be logged in to reply to this topic. Login to reply