Identity theft continues to grow as a huge industry, nailing an estimated one in 10 Americans and generating more than $100 billion in losses worldwide.
Credit card companies and banks could take simple measures to curb the problem. They could start by taking a simple lesson from, of all places, Facebook. Sure, Facebook has had its share of security lapses. But, one of its new features provides a simple model that could be emulated at minimal cost.
The new Facebook security feature verifies that the computer you are using is allowed to log in as you. A consumer who uses this new security feature gets a text message via cell phone with a code that must be used to log in.
I still think that usb keys are the best way to thwart hackers. These keys would be set at the bank’s servers and the user would not only have to enter their password, but also insert the usb key into the computer the user was using to authorize the session. If the wrong key was used for the wrong account then the ip address would be blocked from the bank’s server for 24 hours. If the wrong password was used 3 times, then that ip address is blocked from the bank’s serves for 24 hours. This would allow somebody that travels a lot access to the bank from anywhere in the world while keeping the system more secure from hackers.
Hmm. That could certainly work in some instances. However Mobile devices like cell phone and iPads don’t have USB ports. Then there’s the problem of losing them and managing them if you have accounts at multiple banks.
I suppose you could have a single usb key for all your accounts no matter what the bank and just have to synch your key at the bank so it could download your key for that bank to your usb drive. As for cell phones, there are those new chips they are embedding in the phones for point of sale purchases that I suppose could be used instead of a usb key. Would be just as easy for your bank to plug in your cell phone instead of a usb key to synch it up. As for an ipad, well what if you could still do the transaction, but it would have to verify it by sending you a text message to your phone for which you would tell your phone to give the bank your key to authenticate the transaction?
Having a single key would be like using the same password for all your financial accounts, a major security risk. The big problem with cell phones is if you have access to the phone, then you probably also have access to all the accounts. Go to Amazon, add another ship to address, then send yourself stuff.