Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


IDENTITY THEFT AND THE BIOMETRIC SOLUTION

Essay by Dara Gold, York University, Toronto

Source: York University Science & Technology Essay

Posted on November 24, 2004

      In our modern consumer society the methods of consumerism have changed with our rapid technological advancements. Almost everyone has access to the internet and at some point has been asked to supply some form of personal information. Sharing information over the internet is a common affliction in our society. We have developed a level of trust with the internet that blinds us to the inherent dangers. Our global community has caused many persons and aspects of our lives to become interconnected, causing consuming and life management to become easier and more dangerous. Online banking and shopping are common examples of this. But this "new" way of dealing with our community and necessities has led to the continued growth of a problem within the system.

      The more information we give out, or have on file, the easier it is for us to go about our business. At the same time it also makes it easier for our identities to be stolen. Precautionary methods have been taken by individuals and various government programs, but it has done little to combat the problem. Society is left with the need for a new, albeit seemingly odd solution. Biometric technology allows for a heightened scientific sense of security. Undoubtedly there are benefits to this solution. At the same time technology (that for the average person has only been seen in movies) seems a little out of place.

      Today, we are connected in a global consumer community with consumer goals in mind. We have numerous ways of proving our identities to authorities and other consumers. Through this network of interconnection and the desire to consume and live with speed and ease, we have opened ourselves to a form of espionage called "Identity Theft". Theft of this sort has become easier as our needs and comfort with supplying personal information has grown with the technology that we depend upon. The more information about ourselves that we divulge, the more accessible it becomes to interested parties.

      "We fail to safeguard vital codes, numbers, and facts, blithely handing over credit cards to clerks or waiters who take them out of our sight. Or filling in online forms without considering who's receiving them or whether they really need the information they're requesting." (PC Magazine, 1) With all this information lying around it is hardly surprising that the crime rate is so high. 10 million Americans suffered from identity theft in 2003 alone. (PC magazine, 1) Not all of the cases were reported and due to the sheer mass of crimes the legal system has had difficulty keeping up.

      The most frightening aspect of identity theft is not how often it happens, but rather who it happens to. Anyone can have their identity stolen. Most victims aren't even aware of the crime until months after the initial occurence. In most cases the victim will try to open a new bank account or make a large purchase only to find that they don't have the funds to do so. In many cases there will be bounced cheques, unexplained documentation of changes of address, and creditors calling about mysterious purchases.

      The internet poses new possibilities for fraudulent schemes. Online auction fraud and internet "phishing" are the most common ways for identity theft to occur. Internet phishing is a form of e-mail fraud. The victim receives an e-mail asking them to verify some personal account information from a well known source such as eBay. The information is provided and sent to a web site that ceases to exist once the thieves obtain what they are looking for. (PC magazine 2) With this type of crime so common and continually on the rise, what can the average consumer do to protect themselves? Taking precautions can the minimize risk, but not prevent the crime from occurring. If this is the case, what can we do to protect ourselves?

      In today's world it has become evident that government and individual precautions are not enough to stop identity theft. It seems only natural that in a capitalist consumer society large companies would offer a solution. Private companies such as DigitalPersona are teaming up with Microsoft to bring a new level of security to the home.(Johnson, 1) This "security system" uses fingerprint readers to identify the user so as to allow them access to personal online information. This technology is known as biometrics.

      "Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic." (Campbell, 1) These automated identifiers range from fingerprint readers, to palm and iris scanners. As far-fetched as it may seem, many scenes seen in high-tech action or sci-fi movies with these methods of security are based on fact. Many organizations use multiple levels of biometric security. The more sensitive the area or the information, the more levels of biometric security that are employed. For example, to gain entry to a "top secret" room one may be required to provide a spoken password (for voice recognition) as well as being subjected to a palm or iris scan.

      Biometric technology in corporate situations is not as new as one may think. It is only biometrics for the consumer market that is a new idea. DigitalPersona, for instance, was founded in 1996 but hasn't offered biometrics for home use until now. (DigitalPerson.com, 2) It would seem that now that the consumer populace is plagued with a crime that will inhibit it's spending, the time is right.

      The product being brought to the market by DigitalPersona is called Password Manager. It works with fingerprint readers and PC computers. The program includes Microsoft Intellimouse Explorer with fingerprint reader, Microsoft Optical Desktop with fingerprint reader, and the Microsoft fingerprint reader. (DigitalPersona, 1) The idea behind this software is that the user won't have to enter personal information, credit card numbers or passwords. A fingerprint reading would be enough to gain access to all accounts and to prove one's identity. This technology works with online shopping, as a fingerprint is connected to the user's account. The fingerprint belongs to one user, and no other person can gain access to another's information. This technology provides a new sense of security and ease to the consumer.

      The internet brought us easier ways of accomplishing things and easier ways of getting one's identity stolen. The biometric technology for home use is a new idea, and anything new is always laced with concern. For consumer biometrics to be successful it has to be paired with other forms of technology and a certain amount of knowledge on behalf of the consumer. Before buying into this technology it has to be considered if a fingerprint reader integrated into the home computer system is actually a necessity. Certain households may feel they use the internet enough that they will need this technology, while others will not. One would think that someone providing enough information over the internet to need higher security would already be taking precautions to protect themselves against identity theft. Even though precautions are not always enough, the want for a fingerprint reader may be a sign of a consumer not possessing the knowledge about the technology that they are already using. In a case like that, biometrics may be more of a hindrance.

      Fingerprint readers are not as simple as the companies behind them claim. In many cases a password may still be required, which defeats one of the initial reasons for purchasing a reader. The password serves to tell the reader which user it is about to identify so that it can match the fingerprint to the appropriate image for that particular user. Another person's knowledge of another's password is not going to gain them access unless they have managed to take their fingerprints as well. There is also the issue of where all the account information is to be stored. It has to be kept on some sort of database to be properly protected. A smart card would serve these needs while at the same time adding further complications. Smart cards have the potential of being stolen and decoded. This leads to the need for another fingerprint reader on the smart card itself. (Callas,2) Effective, but expensive.

      On the other hand, (or in this case finger) it is unlikely that the actual reader will be tampered with. That being what the thief would have to do if they couldn't access the information on the smart card, or if there wasn't a smart card to begin with. One can feel fairly secure that a thief with technical and electronic expertise isn't going to come into their home, locate the reader-equipped computer and tinker with its insides.

      There are issues with fingerprints themselves. Scars or dirt on the fingertip can make it difficult for the reader to do its job. This interference is one reason why the use of fingerprints in the courts is coming into question. Another factor is that it has never actually been proven that all fingertips are unique. (Johnson, 1) Once again this problem is paired with an unlikely scenario. The odds of the thief in question having fingerprints identical to, or almost the same as, the user whose house they have managed to enter, and whose reader they are using, is highly unlikely. And as for print interference, it is a problem that has been proven to be easily surpassed with a second scanning attempt.

      Azteca Bank in Mexico uses biometric technology at its ATMs. "Azteca Bank reports a 97 percent success rate in identifying customers on the first scan. In instances of failure customers are simply asked to scan their print again." (Johnson, 2) This real-world case shows that interference is not an issue to be concerned with.

      Perhaps the only real issue is that this technology for home use is new. The "kinks" haven't been truly tested or worked out. In fact on the DigitalPersona web site (digitalpersona.com) one can read about the services that the home technology is meant to provide, i.e. making networks and financial accounts more secure. At the bottom of the page there is a disclaimer that reads: "Microsoft fingerprint readers should not be used for protecting sensitive data like financial information or accessing corporate networks. (digitalpersona.com, 3) It's ludicrous that one shouldn't use the technology for the very reason that it was bought. So while the technology seems fundamentally sound, it is too new to be completely successful in the consumer market, at least for now.

      Biometric technology for home use is a reasonable solution to a social problem, provided that the user has the appropriate knowledge to allow the technology to work for them. It is unlikely that the technology will be tampered with if the consumer has taken all the appropriate measures. A PIN should always be used to gain access to information stored on the reader or smart card, followed by a fingerprint. This method should be used even if it means that another fingerprint reader is required on the smart card itself. With this in mind, it is possible that biometrics for home use will intimidate the thieves and the consumers. The technology for the home is new and it is not yet known if it can do all that it claims. (Think back to the disclaimer on the site). The extra levels of security to make this new technology successful may make the whole ordeal seem overly complicated to the average person.

      There is another factor in whether biometrics for home use will be successful or not: How comfortable the user is with the idea of this technology. To the average person fingerprint readers and the like have only been seen in movies and books. The presence of this technology in the home makes science fiction seem much less like fiction, and may unnerve the average person. There is also the "Big Brother" aspect that is inherent in this type of technology. The idea that once physiological characteristics are used to identify a person, anyone can keep track of that person anywhere, at anytime. This idea of control in society is reminiscent of the future portrayed in Gataca or Minority Report. Of course this is not the case, yet. Biometrics are not widespread throughout the populace to elicit that amount of control. This is not to say that it won't happen in the future. Already certain airlines are considering using iris scans for quicker check-ins. (Liu, Silverman, 3) The question is if society overall is ready to take that next step forward.

      We live in a consumer society. The technology discussed above is fundamentally sound so there is little doubt that in time biometrics will be common place in many aspects of society. Fingerprint readers in the home to help prevent identity theft is just the beginning. The Biometric Consortium states that "trust in these electronic transactions (using biometrics) is essential to the healthy growth of the global economy." (Campbell, 2) But as it is with anything, that trust has to be earned.

- By Dara Gold

Bibliography:

• Barret, Jennifer. "Could Someone Steal Your Identity." Newsweek. 29 Mar. 2002: 1-3. Keepmedia.com. Oct. 2004

• Bjorn, Vance, and Harvey Bondar. "Don't Use A Sledgehammer To Kill A Fly: A Primer On Practical Security." DigitalPersona (2003)

• Callas, Jonathan. "Considerations for Biometric Use." Online posting. 20 June 2003

• TechTarget. Oct. 2004, www.techtarget.com

• Campbell, Dr. Joe. the Biometric Consortium. 6 Nov. 1995. the biometric consortium. Oct. 2004, www.biometrics.org

• DigitalPersona. DigitalPersona Inc. Oct. 2004, www.digitalpersona.com

• "Identity Theft: What, Me Worry?" PC Magazine. 02 Mar. 2004: 1-2. Keepmedia.com

• Johnson, Steven. "How to Stop Identity Theft." Discover Oct. 2004: 27-28.

• Liu, Simon, and Mark Silverman. "A Practical Guide to Biometric Security Technology." IEEE Computer Society (2001)






CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.