Aardvark Daily

Please visit the sponsor!

Could biometrics save you money?

In the past, life online was simple.

Mostly, Net users were academics who were focused on the positive. To them, the Net was an invaluable tool that allowed interaction with their peers across huge distances and access to a growing goldmine of data and information.

Although some services and data were password-protected, such things were more of a formality than a necessity. Even access to your Net access or email account wasn't something you needed to guard too carefully -- after all, friends and peers seldom rifle through the letterbox outside your house -- so why would they peruse your email?

And then it became a "consumer" product, packaged for and aimed at every man and his computer-hacking dog.

Things soon changed from those halcyon days of loving and caring and now, whenever you commit anything to cyberspace, the security of that information has to be foremost on your mind.

One only has to look at the number of massive data-thefts which have taken place in recent times to realise that there are a lot of very clever people out there who are just looking to steal whatever they can from any insecure part of cyberspace.

Just today, a number of Microsoft's own websites were hacked *again* by the Syrian Electronic Army and in Germany, 16 million email users had their passwords stolen.

Both of these events come hot on the tail of huge security breaches in the USA where Neiman Marcus and Target had more than 70 million credit card details stolen in hacking attacks.

Let's not also forget that the personal data of 20 million South Koreans (20% of that nation's total population) were stolen this week as well.

Clearly -- we (the world's internet users) have a problem; a very big problem!

We're no longer talking about some script-kiddies breaking into the poorly maintained website of some mom and pop business -- we're talking about some very dedicated and motivated groups who are collecting extremely valuable data that affects the lives of unbelievably large numbers of people -- almost half an entire nation in the Korean case.

Is there a solution?

No... but there are some mitigation strategies that could be implemented.

Firstly - a lot of the thefts were of credit card details. I remain gobsmacked that all you need to steal money from someone is a short string of digits -- consisting of a credit card number, expiry date and authentication code. Surely this is utterly ridiculous in the second decade of the 21st century.

In an era when even some mobile phones (the iPhone) have biometric authentication devices built in, surely it's time to start rolling out such things to a much wider audience.

Why on earth don't credit card companies offer biometric authentication technology to those customers that want to use their cards online? Sure, there'd be a cost but with the rate of card-thefts and resulting fraud rising at an almost exponential rate this would certainly be an investment rather than a cost. Or at least that's what you'd think.

The reality however, is that when card-fraud occurs, it's not the bank that loses money -- it's the seller -- the retailer.

So why would Visa and Mastercard worry about such things? Their arses are nicely covered.

In the event of a major security breach with the loss of millions of credit-card details the card companies are not at risk at all. They'll claw the money back from any vendor that accepts a fraudulent transaction and they'll happily replace any user's stolen card -- for a price!

Meanwhile, the card companies can also use these high levels of theft and fraud as an excuse for charging eye-watering rates of interest on outstanding balances.

So as you can see, they don't care in the least that your card is so vulnerable to fraud.

However, I'd like to see at least one card company offer a biometric reader that would plug into your computer and allow *you* to be identified whenever initiating a transaction over the Net. This device could create a hash from your biometric info, encrypt it and then match it with the hash held (securely) by the card-issuer. This would render any stolen card data useless.

Vendors, for their part, could offer preferential deals to the users of these bio-cards because they'd know that they weren't going to find themselves becoming the ultimate victims of card-theft and the fraudulent transactions that result.

Of course if you're someone who doesn't mind paying double-digit interest on your outstanding card balance or you're a retailer who doesn't mind being ripped off by online users of stolen credit cards then you won't give a damn about this ideal. However, if you're someone who'd really love to pay lower interest or pay a lower price for the products you buy online then maybe you ought to be asking your bank "why aren't you doing this right NOW?"

Please visit the sponsor!

(Sorry, forums are stuffed at present)

PERMALINK to this column

Rank This Aardvark Page

Change Font