July 13,2009
-
How Safe is Electronic Identity?, Pt.4
Verification Process Drawbacks.It would appear that the onset of this new technology offers a secure and safe solution to identity theft and credit card fraud; however, they have a major drawback. As with any other system, the validity of the user must be verified and there are potential threats. If the process is conducted properly from the onset, the information contained in the originator's database would not be available online. If the information were not available online, the credit card verification process at the point of sale would have nothing to be checked against. Another potential threat is the possible tampering of the embedded chip that might lead to credit card cloning. Additionally, management of a sophisticated and mutually shared cryptographic key system that does not become public is very challenging.
Although difficult for the average credit card consumer to understand, is the SIM card weakness of a false base-station attach. Because there currently is no SIM authentication, an attacker can pretend to be a base station. A good example are the phishing attacks with credit card internet banking where a consumer uses a password for identification purposes. Banks have been working on other means to verify the consumer's authenticity. Some have begun using a second mechanism; however, this system has not proved any more secure.
So, are any of these identifiers more superior over the other? Passwords have been proven to be the most vulnerable; however, token systems can be easily copied or stolen. Biometrics are the most personal to an individual. They are more difficult to copy or steal; however, the consequences are devastating because recovery is virtually impossible. An intrusion of this magnitude would have very serious repercussions for the victim of such an attack. It would not be losing your identity for a year, two, or even five. It would mean the loss of one's identity for a lifetime. It is clear that a great deal more work needs to be done with verification of credit card information and the management of personal identification information. It also means that consumers should be even more watchful over their personal information.