My wallet was stolen and along went my ID card
This is how many identity theft begins in the physical world. Amount of stolen and lost wallets is luckily relatively small in Finland. Another, bigger and constantly growing problem is in the digital world where hundreds of thousands or millions of identities are leaked into the public as result of a security breach.
So even if you have kept your wallet safe and shredded all documents containing your private information and social security number at home, there is a growing chance that identity theft might occur to you as well.
All identity exploits and fraud cost a lot of time and effort by the victims to get solved and mitigated. Worst cases of identity thefts have tormented innocent victims for many years. There was even a case in the newspaper about an identity thief registering to a hospital to give birth on stolen ID records.
Personal problems associated to identity theft are not that visible to commercial or other service providers, but it also costs time and money when purchases need to be returned and compensation needs to be sought from many different parties.
For understandable reasons purchasing needs to be simple for the end-customers. Hence service providers are willing to accept some level of risk regarding identity theft.
There are still easy ways to mitigate risk and cost, without intervening to the customer experience.
If I call to customer service to cancel my electricity contract, I hope that the other end would have tools of the digital age to confirm my identity. Or if I order electronics from a web shop with an invoice, I could easily identify myself using strong authentication for example with a telco operators MobileID. This way just anybody couldn’t order things by just knowing my social security number and leave the invoice for me to pay.
Luckily the EU initiative of the Digital Single Market and the new Directive on Payment Services (PSD2) is bringing improvement requirements equally to all providers. The directive will be implemented in the member states’ legislation in 2018, but even before that rolling out simple strong authentication helps to identify users in the Internet, phone customer service as well as in brick-and-mortar outlets.
In addition to user authentication service providers should pay attention to sales personnel’s and other staff’s ability to identify and prevent identity theft related fraud. Processes and systems should be also designed so that just knowing your social security number is not sufficient for transactions and that fraud could be actively prevented, monitored and audited. Partner contracts, like with payment service or logistics providers, should take into account requirements for fraud prevention and liability restrictions.
We help our customers to improve identity management and fraud detection to ensure smoother business.