Well, no prizes for having seen this one coming. From the Sunday Times headline: When you’re £30,000 down, ID cards look good. So says Sara Smith, a victim of identity theft.
Of course, nowhere in the article does the journalist, Rachel Cooke, make even a halfhearted attempt to explain the reality of ID card technology. Instead, she writes, “For [Sara Smith], a national ID card cannot arrive too soon.” Yes, a national ID card, any national ID card — don’t tell us if it can actually do what it says on the tin, just introduce one and make us feel a bit more falsely secure, please.
Cooke’s article does reveal, though not in so many words, exactly why it was so easy for Sara Smith’s identity to be used without her consent: Sara Smith let it happen.
Smith’s troubles began when she moved home. She arranged for her post to be redirected but, for reasons that are still uncertain, this was never done: her post continued to arrive at her old home, which was why she did not notice when her new Harrods store card failed to materialise. “If only I had,” she says. “That little piece of plastic was the start of it all.”
Some weeks later Smith received a telephone call. On the line was a man who purported to be from Harrods. “We are upgrading your card,” he told her. “Would you mind answering a few security questions?”
At first Smith protested, saying she had no need of more credit. However, she found herself telling him her date of birth and her mother’s maiden name.
Oh, it’s happened to us all. You know how it is — a stranger rings up, you get chatting about the weather, the snooker, or the state of your credit, and the next thing you know, you find yourself giving your most vital security information, for no reason you can really discern.
It’s not that I have no sympathy for Sara Smith; I certainly do. But when you consider her amazing new way of managing her most confidential business — not automatically trusting anyone who calls up asking for personal details, keeping a vigilant eye out for financial documents that fail to arrive in the post, actually looking at the statements for her “few accounts” — is really the way she should have been doing things all along, it does drive home the point that a bit of common sense is the best protection we all have against identity theft. An ounce of prevention is worth a pound of cure, and when it comes to ID cards, the “cure” is flawed both inherently and practically.
Sara should be thankful it was just her Harrods card that was mis-directed and not, say, her national ID card.
Of course having an ID card would make a big difference in this case. The caller would need to check her ID card number, rather than her mother’s maiden name. Much more important for a credit company to check that. (Once the register of births, deaths and marriages is automated as planned, I imagine getting a mother’s maiden name with an ID number will be simplicity itself.)
Since mother’s maiden name is the default security question for so many service providers, it is scarcely secure. I get the security question changed when I can. Most companies will do it, but it sometimes requires a lot of pressure.
Wow, so ID cards are a cure for terminal stupidity, too? Big Blunkett never told us that.