Posted by Jen Gilburg, Director of Business Development for Identity and Authentication Solutions
I have a confession to make. I was almost a victim of fraud.
It involved Craig's List, the selling of a refrigerator, a random check for $3000 over the amount being sent for payment, the panic of the buyer for overpaying and them begging me to 'Western Union' them the erroneous overpayment once I cashed the check. I was even 'offered' $200 of the overpayment for my troubles.
I am embarrassed to admit- I got all the way to the bank. I actually deposited the check- then in a last minute of "this doesn't seem right" had them run the check and low and behold...
Truth is I was taken off guard, in the middle of a move, not really paying attention-- just happy to have the refrigerator out of my garage.
What is mortifying is that I have been working in security sector of high tech for the last 20 years. The fact I didn't immediately rip up the check shows how even the most security minded of consumers can fall prey.
Last week there was a phishing report by California Berkeley Law School researcher Chris Hoofnagle. The report shows the increase volumes of reported identity theft and highlighted the most frequently phished sites -- the numbers were incredible. The chatter around the report in the press and on other blogs put the stress on consumer awareness. I would argue (from experience!) that is not the answer.
The answer lies in fool proofing websites. Making it so that even if someone did get a hold of your userID and password- they cannot gain access to your accounts. A layered approach including second factor authentication is indeed the answer.
Ironically- many financial institutions that we talk to about two-factor authentication often take the stance that "their customers don't want it". Conversely every member of our VIP network who is providing opt-in second factor authentication has exceeded expectation of the amount of users who indeed opt-in.
Hoofnagle advocates that identity theft information be made available so consumers can make educated decisions on whom to bank with based on security risk. If consumers took his advice banks and ecommerce sites might actually be forced to take action.
I will look forward to the day that my bank protects me should my guard ever drop again.