Fighting ID Fraud

Following on from my last post where I mentioned about the convenience of certain online behaviours like having your browser “remember” your login details or credit card information, I wanted to explore the idea of online risk vs. reward a bit more.

I am a great believer of context whenever engaging in a discussion. Facts and figures can be seen in completely different light when two or three contexts are involved. Many of the businesses I deal with are constantly trying to balance security, customer experience and cost. The most effective businesses are very good at identifying which of the three are the most important to the overall strategy. Too many security controls can be costly and provide a rubbish experience. Too good a customer experience may lack security and still be costly. Buying cheap means too few security controls and poor experience. These extremes are meant to demonstrate the point that going too far in a single direction can destabilize the overall goal.

So what are the risks that you take online in the interest of pursuing better services? Do you divulge excess information in order to get the best car insurance or mortgage rates? The next time you shop on eBay or Amazon, think to yourself “how much do these companies know about me?” and is it relevant to the activities I am performing and the risk I am willing to take in the name of convenient online shopping.

I have made these decisions and more for myself with some great results. I renewed my car tax disc online earlier this year, I will probably buy every single present this Christmas using apps on my phone and I would be surprised if I even need to open my wallet to do so. PayPal, eBay, Amazon, they all provide cashless, cardless, walletless shopping experiences that means I can use my phone to shop online for just about anything I like. The risk? Probably less than using my home PC and taking my card out of my wallet every time I make a purchase.

With my previous post on Trojans talking about the way in which they are able to key log information that I type into my PC, it doesn’t take long to realise that the more often I use my PC to type my card details into a merchants website, the more chances I have of a Trojan key-logging my data. By “storing” my card details with the merchants I use most often, I don’t need to type them in. This is enhanced by the fact that by using their apps (debate on App security another time) I have a somewhat trusted interface with their e-commerce platform without fear of phishing attacks directing me to a spoofed site.

Yes, there are risks, but by having the merchant or payment processor (which I trust) take control of my details, I am in effect transferring the risk to them. Should any data breach occur and my information get lost or compromised, they are the ones in the hot seat and I should be insured for any losses. I say should, because nothing is every guaranteed.

I have hardly broken the surface when it comes to the number of online services available. I use the e-commerce example as it seems to be one most people relate to in some form or another. In my following posts I will explore the different online services with some comments on the risk vs. reward. Ultimately you have the choice on what information you put online. Some of your personal information may already be in the open through other sources and it’s a good idea to know about that digital footprint before becoming too paranoid about some of the more sensationalised contexts. Use your common sense when navigating through the digital world just as you would in real life. Remember, there is nothing virtual about e-Crime.