Sunday, December 31, 2006

Identity Theft

It's New Year's Eve (or Old Year's Night as we like to call it) and yet my thoughts are focussed on Identity Fraud/Theft. Why?

Yesterday, a credit card statement turned up - post Christmas credit card statements are grim! Stuffed into the envelope was a leaflet informing me of the growing problem of identity theft. Of course there were the usual helpful tips on keeping your identity safe: shred your statements & use different passwords for each of the websites you visit. It was a gripping read.

But I also got a letter addressed to my 2 year old daughter from another financial institution advising her that Identity Theft was on the rise. It too had similar hints and tips for Identity Theft prevention.

The two institutions that sent these leaflets were purpoting to be eager to help my daughter and I the combat against Identity Theft. Of course, this assistance would be provided for a small monthly charge - what cost your identity after all. I must admit, though, that I struggled to see what these companies were actually doing for the money that they were demanding.

Of course, these companies are relying on our fears and perpetuating the notion that the world is a dangerous place. Of course it is... but one of the safest places to be is in an electronic world. I feel quite safe purchasing goods with a credit card via the wonder of the internet with reputable suppliers. I feel quite safe looking after my financial affairs online. And I still believe that if someone is going to steal my identity, they won't necessarily do it online - they will do it the old-fashioned way.

"The old-fashioned way?" I hear some of you say, "surely identity theft is a new phenomonen?"

Of course it isn't and the online world hasn't made it that much easier really. Those that fall foul of phishing attacks are likely to be the same people that fall foul of more traditional cons. (To understand the traditional cons, "The Real Hustle" on the BBC is a very good series showing how it is done).

So will I be parting with my hard earned cash in order to protect my identity? Nope... I'll look after my identity myself by being vigilant.

Happy New Year....

Friday, December 22, 2006

Time for Fun!

It's the last working day before Christmas and therefore the time to ensure that everything is in order for the holiday period.

More importantly, it's time for some "resting" and fun.

My friends and I had great fun this morning discussing the results of the Hobbit Name Generator which can be found at http://www.chriswetherell.com/hobbit/ - it is well worth a 5 minute visit.

My Hobbit name is "Mungo Loamsdown of Deephallow" with which I'm quite pleased. We were also particularly impressed with "Minto Hamwich of Buckleberry Fern".

We all have a name yet we are known by various names & identities depending on who is addressing us. I respond to the following:
  • Stephen (and sometimes Steve)
  • Sir
  • Son
  • Daddy
  • Mr. Swann
  • Oi You
  • (and now Mungo Loamsdown)
Nothing particularly unique in much of that unfortunately. When it comes to accessing systems (whether they be web based or not), the combination of identities that I have is even greater. I like to think I know who I am but it is a sorry state of affairs when you not only have to commit your passwords to some medium other than your brain, but you also have to have a serious think about recording (and transporting) your "name" in a similar manner.
  • At my bank, I am a number.
  • On my blog, I am an email address.
  • At work, I am a combination of letters and numerals.
  • On my web based training site, I am a nickname.
Will there ever be a time when I can be considered truly unique and known by all as a single name?

Nah... I'll always be either a son, daddy or husband. But there must be a chance that the number of identities I own can be reduced significantly. The utopian world which includes an Identity Provider as a service which can be utilised by all these various systems sounds great (if a little dangerous if it were ever compromised). The world of security federation is just around the corner and I for one can't wait - my brain is stuffed to capacity with UserIDs and Passwords!

In the meantime, I might just change all my UserIDs to "Mungo Loamsdown" :-)

Merry Christmas everyone...

Tuesday, December 19, 2006

My Poor Wallet

I have a Samsonite wallet that I bought at Heathrow a few years ago. Upon opening it today, however, I noticed that it was torn and will need replaced - which sounds like a good Christmas present if ever there was one.

The problem, as I see it, is that the wallet is stuffed full of cards and has been under considerable straing for far too long:
  • 4 credit cards
  • 2 debit cards
  • 3 hotel loyalty cards
  • 2 air operator loyalty cards
  • 6 store loyalty cards
Note: For some reason I have Sterling, Dollars and Euros in there as well just now.

Almost all of these cards have a chip on them - I'm guessing a lot of them are only single-function chips, unfortunately. I say unfortunately because if I could in someway amalgamate the functions of these cards, then I wouldn't be in the position of having to replace my wallet!

Why can't we live in a world whereby I have a single card which has a chip capable of:
  • identifying myself for cash withdrawal
  • recording my spending habits (and thus accumulate cashback points from my various "suppliers")
  • identifying myself when gaining access to airport lounges
The reason why I can't have this? The world of Federated Security is too immature and no one company seems to want to take the leap of faith required to change our lives.

An identity provider/service provider model would certainly ease the strain on my poor wallet. In the meantime, I will have to continue carrying the lorryload of cards I need to go about my daily business.

Monday, December 18, 2006

Practical RFID

I remember proposing to the Chief Architect at my company that we should be looking into how RFID might help our sales teams in our branch network.

How so?

Well... Picture the scene. A customer goes to their Bank's branch to lodge a cheque. While standing in the queue, they lift a brochure detailing the benefits of taking out an insurance policy or investing in the latest "fund".

If the brochure is tagged using the latest RFID technology, when the customer finally arrives at the teller position, the teller will now be armed with some vital information: the customer's details and their interest in other products. What a powerful position to be in! The teller could either log the information (or it could be logged automatically) or the teller could broach the subject of the product in question with the customer.

At the time, the Chief Architect was very interested although I'm not sure he was convinced that the technology would actually work. In short... it was not a visionary at all.

And therein lies the question. Is the role of IT within the enterprise solely to deliver on business requirements or is it there to help define opportunities for the business. Personally, I believe the guys in IT wouldn't be doing their job properly if they weren't spending some of their time investigating new opportunites. Unfortunately, the Cost Centre approach to enterprises doesn't really allow for this type of research.

Does anybody remember the days when we used to be called "Research & Development"? (Google employees need not answer that question - I'm really quite jealous of you!)

A Difficult Year

I can't believe it has been a year since I last posted!

The year has been a tremendously difficult one with many low points. The main low was the realisation that major technical decisions within organisations are rarely made by people who actually understand technology. Why didn't I previously understand this? Naiviety?

It would seem that the decision making process is typically a process which is based on the following:
  • Political manouevring
  • Self-interest
  • Self-promotion
  • Self-interest
  • and Self-interest
I know there is duplication in that list...

So can people really make a difference in an enterprise? Of course they can, but only if they are prepared to play the game. There's little point in complaining about the decision making process - no amount of complaining is going to change anything! Instead, working from within the system is likely to reap greater rewards.

Unfortunately, it can be seen how the destructive decision making process described above becomes self-perpetuating - it's the only way to get things done!

Of course... I'm not necessarily talking about my own organisation!

On a positive note... I did manage to pass an exam recently which allows me to display the following image: