Privacy & Security presentation - ID Summit 2008
Stephen's closing address at the ID Summit, 12 March 2008 in Sydney, discussed the wrong headed tension between security & privacy, and illustrated how we can (indeed, must) protect both at the same time, using techniques such as Lockstep Technologies' "Stepwise".
Sadly, privacy and security have been misconstrued by many as being in tension, as if they represent a 'zero sum game'. Not only is this attitude defeatist; it overlooks the fact that so many privacy and security problems on the Internet today have the same root cause.
At the heart of most identity theft is the carefree way in which online businesses ask for – and get – our personal numbers. The ease with which identifiers can be taken over and replayed has created a crisis of confidence in authentication, and ever worsening leakage of personal data, the raw material that powers cyber-crime.
Card Not Present (CNP) credit card fraud in Australia is out of control. The problem grew by 46% from FY06 to FY07 and now represents the dominant form of fraud. As card present (ATM and POS) fraud shrinks and two factor authentication locks down Internet banking, cyber criminals are moving to online merchant fraud on a massive scale.
This presentation highlights the vulnerability of merchants and cardholders to online ID theft, and introduces some techniques pioneered by Lockstep to curtail the problem, restoring 'safety in numbers'.