Wednesday, 9 November 2011

Obscurity and PII

PII is Personally Identifiable Information. Right now, I see and hear many people talking about just how easy it is to take and use PII. That it sells for cents in the dollar.

WELL WHO CARES!

I mean honestly, if all you do to manage the security of your finances is hide your head in the sand and trust to obscurity, then you deserve all that this approach entails. I may seem uncaring and I may come across as cruel here, but really, it is a simple process to actually protect your information.

WHY?

The most commonly missed issue in security is WHY. We commonly fail to investigate the cause and need. PII is not about privacy, it is about stoping unauthorised applications and changes to your credit file. This is, it is all about stopping people doing things such as applying for a credit card or a home loan in your name. The main issue being a credit card.

In this, the issue is not whether a criminal can buy your information, but if they can steal money from you.

So why are we looking at PII as the issue?

The big issue is (as is common) awareness (or rather a lack thereof). There are real controls that stop the problem and are not ones that can fail catastrophically as obscurity does. This is something such as credit monitoring.

I will first state, I an simply a client of Veda. I pay them money and they provide a service. I have not been approached to talk about their product. I am plugging it as I use it and like the service. It is a security solution to PII.

I use “MyCreditFile”, a service by Veda (http://www.mycreditfile.com.au/personal/).

For a dollar a week, I have any changes to my credit file reported to me. I can stop applications cold. I have had three attempts to apply for loans under my name and I do not hide any information (privacy is dead). Each time I have been notified. I have lost nothing but the time to send an email with a dispute notification.

It is that simple. There are similar agencies in the US, UK etc. SO I have to ask WHY? Why care about PII. Like many security solutions, they address a problem that is a symptom and do not offer solutions at all.

It is about time we address the cause and implement solutions that actually solve the problem. Here, this is a simple solution to PII theft.

Next…

I use Quicken and I load my statements into it and check what I have spent. I scan my receipts and I reconcile my accounts. Not only is this good from a point of view of  managing my accounts, I also know when something has occurred and I can lodge a hold within days.

We only win when we actually find controls that solve the problem and not ones that look at the symptoms.

2 comments:

Anonymous said...

The fundamental issue is not PII but money. The international financial and consumer system operates on the basis of volume and liquidity. At the root level, businesses don't care who spends (the crooks or you) but that someone, anyone, spends. Anything that is even perceived as preventing the consumer from spending will be treated with hostility. It will be seen as a barrier to entry into the market.

Most people make the mistaking of assuming PII protection is about asset protection. It's not. Because every dollar protected is a dollar not spent. Remember that.

Dr Craig S Wright GSE said...

Yes, I hear the big bad company rant all the time. A shame it has little truth to it and is just religion without any value.

Fraud costs banks. It means that interest rates are increased. There is this thing called competition.

And Banks LOVE customers using VEDA etc - it saves them time and money as well.\\\

Check your facts before using the Marxist BS answer based on nothing but thoughts on one man's utopia.