Identity is broken, where is the digital infrastructure solution?

Written by on September 22, 2016 in Guest Blog with 0 Comments

credit card phishing - piles of credit cards with a fish hook on computer keyboardOnline (identity-related) fraud is absolutely out of control in the UK and there is, so far as I can see, no prospect of any form of identity infrastructure to deal with the problem. Prospective Prime Minister Jeremy Corbyn has put forward the suggestion of a digital passport (and has, as yet, not responded to my offer to step forward in the nation’s hour of need with my Dr. Who-based identity architecture to implement it properly) but he won’t get elected anyway, so it won’t happen. Yet the fact remains that whether its scammers going through Facebook to perpetrate dating fraud or going through LinkedIn to perpetrate corporate fraud or going through the Land Registry to perpetrate property fraud or going through Companies House to perpetrate corporate fraud, identity is broken.

After two decades of the web we’re getting no closer to fixing it. And example from my e-mail today: how is the average punter supposed to know whether “” is real or not? It doesn’t look very real and there’s no digital signature on the email they sent me so I’ve got no way to check it (although all my messages from Facebook are digitally-signed!). Anyway, this is the sort of thing that plagues our nation:

The company was conned into paying more than £1million to a fraudulent caller. The conman told staff that the firm’s internet banking was the target of a virus. He managed to persuade them to transfer funds into a separate account while the bank worked to fix the issue.

From Suffolk company hit with ‘biggest single phone scam’ hand £1m to fraud caller | Metro News

How come it is impossible to know who you’re on the phone with (because of caller ID spoofing) let alone which dog is messaging you on the Internet? One of the great advantages of my ID scheme, as opposed to the last government’s scheme or the scheme that we abandoned in the 1950s, is that under my scheme, my “digital passport” (whatever) would be able to verify your digital passport. If you phone me claiming to be from NatWest then I will ignore you unless my digital passport (e.g., app) tells me that it has received a digitally-signed, verified credential containing your phone and a NatWest virtual identity

I talked about this last week when Brett King was kind enough to invite me on to an episode of Breaking Banks covering the blockchain and identity. What  might have gone on to say is that we seem to have made no progress at all on this since the internet reached the mass market. And if you think that you’re so smart that you would never fall for this kind of thing, you’re wrong.

Sole practitioner Karen Mackie took a call in April which claimed to be from her bank warning her that her clients’ accounts had been compromised — and as a result ended up moving £734,000 into new accounts in £99,000 chunks.

From Solicitor tricked into transferring £734k of client money to phone-scammers – Legal Cheek

The reason for the £99,000 chunks is of course that the Faster Payment Service (FPS) limit was £100,000 at the time. Still, not to worry, you would think, because the money can only be transferred to UK bank accounts and UK banks have very strict KYC procedures. It should be easy to text the plod with the names, addresses and phone numbers of the fraudsters. Apparently not…

Which is exactly what happened — only the accounts weren’t so safe. £222,000 was subsequently retrieved by the bank, but the scammers got away with the rest.

From Solicitor tricked into transferring £734k of client money to phone-scammers – Legal Cheek

Oh dear. So much for all the money that is spent on KYC, AML and generally annoying and hindering members of the public trying to go about their lawful business. It doesn’t seem to do much more than inconvenience criminals. They got away with half a million quid. So the moral of this story is that basically it’s more profitable using identity theft to steal from banks than it is trying to persuade banks to implement an identity infrastructure fit for the 21st century.

This article was first published on Tomorrow’s Transactions.

Tags: , ,

About the Author

About the Author: Dave is Director of Consult Hyperion, the secure electronic transactions consultancy and is an internationally-recognised thought leader in digital identity and digital money. Named in Wired magazine’s global top 15 favourite sources of business information; rated one of the NextBank “Fintech Titans”; voted one of the European “Power 50” people in digital financial services and ranked Europe’s most influential commentator on emerging payments. .


If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.