8/08/2008

08-08-08 - 1

Identity theft would be so freaking easy to prevent, but there seems to be no real action on it. I haven't even thought about it much, the solutions are just so obvious it doesn't even seem worth thinking about.

For example, one solution would be to let you change your account numbers whenever you want. This is just a number in a computer database, it's not like it costs them anything to let you have a new number. The old number would still be in your credit report, so it's not like you could hide your financial sins. So like the old numbers stick around but become read-only keys, and only the new number has write access to your finances (eg. getting new credit cards, taking out loans etc. requires the new number). This should really apply to your social security number too.

That reminds me, you should be able to make all your information require approval. For example, credit queries should require your approval. You should get a notice saying so and so wants to see your credit report, do you approve? Y/N. You should be able to do the same for ACH electronic bank transfers, etc.

The other obvious thing you could do is temp proxy numbers. Instead of putting in your real credit card number to buy something on a web site, you generate a temp Id Number from your credit card company which is only authorized for that one transaction. Again this would be super easy and make you super secure.

I'm not even considering methods that require a central safe clearing house for identity verification. If the government actually got involved they could make a safe id number trivially using something like a public/private key system where you only ever give out your public key to others, but I presume that won't happen, so I'm just mentioning things that the private sector (banks, credit card companies, etc.) can do within the current system.

ACH bank transfers are ridiculously insecure at the moment. Basically anybody who's seen one of your checks can instantly pull any amount of money directly out of your bank account, because they've got your account number and bank routing number. The best way to protect yourself at the moment is to have a "private account" and a "sandbox account". You keep most of your money in your private account and you never give out the number from that account to anyone - which means you do not even write checks from it. You keep a little bit of money in your sandbox, that's the account you hook up to ACH's and write checks from. Every so often you transfer from your private to your sandbox as necessary. If you get a leak, worst case you lose what's in the sandbox. You can also be more secure by closing the sandbox periodically and making a new one.

No comments:

old rants