We need a few thousand years of evolution. Trusting people, and being able to punish them, is inherent to the way successful people have thought for a long time. The abstractions which make sense for today's world are not instinctive, and cause a rush of worry for a great many people.
Posted by Adam Shostack at March 10, 2005 12:52 PMThe problem isn't with identity; it's with a system where knowing someone's social security number and a few other facts is taken to mean that they are that person! And the people who make this determination, the banks, risk no penalties by doing so. Credit card fraud is paid by merchants, not banks, in any "card not present" transaction, which is how most identity theft is carried out.
There's nothing the end user can do about this. It's the banks granting credit in his name, based on easily falsified information, who are causing the trouble. Until we put liability on the banks, the problem won't get solved.
It's like the difference between ATM theft liability in the U.S. vs the U.K. In the U.S. it is the banks who are liable, and as a result they have been ahead of the curve in putting in security measures. The U.K. lagged behind because the customer was assumed to be at fault. Contrary to your prediction, the banks in the U.S. did not "bounce the risk" to the customers. They worked on technological measures to solve the problem.
If banks who issue credit cards to identity fraudsters were liable for the charges they ran up, you can bet that there would be a lot fewer credit cards issued. This would be a hardship for some people who want and need credit; they might have to go through a more extensive identity verification process. But it would largely eliminate an identity fraud problem which is otherwise only going to get worse.
Posted by Cypherpunk at March 10, 2005 02:28 PMThe trick is to have many ids that you choose to use . Fake id is the real prize because trusting any government is foolish. You must strive to have at least twenty ids that are valid. This use of mulitple ids makes any standard worthless. By keeping the society guessing who you are they are required to determine your authentic nature each and every time they extend trust. Yes each and every time because this causes one to think and thinking is very important flying around on auto pilot is dangerous. In the world of transactions it is the auto pilot assumptions of extending credit that cause collaspe. Monitoring a frequent client is always a good standard, why really trust what cannot be proven. So people should be asked to find many id and demand several for purposes of their own. Ye private ids issued by people for their own purposes and the law should respite these types of demands since they impose them on people at will themselves.
Posted by Jimbo at March 10, 2005 09:09 PM