ID fraud hits record levels in UK

There needs to be a rethink on the use of Personal Identification Numbering, particularly if managed by a strong biometric, such as iris scanning. It was pitifully explained a few years ago, causinga backlash against 'big brother' factors; what now needs to be explanied is how, without assurance from it, we have opened up our whole data to every criminal in the world.

Your eye is unique - from 18 months of age it can help secure all medical, educational and financial data at a 100% level for the rest of your life. We need a small, time-intensive study on how to manage and better explain this - before it is too late. The rewards can be immense; the cost of delay too horrible to contemplate.

This news is not surprising, it is clear evidence that authentication security methods are not meeting requirement, especially for fraudsters targeting online retailer’s transactions. Currently, we see methods that are either too low or too high-security; which affect consumers and merchants in two very distinct ways. The former sees merchants and consumers lose confidence when transacting online, whilst the latter risks driving away honest consumers (and sales) through false declines or through the frustration of numerous and complex security procedures. As a result, authentication must up its game. A simple yet secure approach is required, to give both consumers and merchants the confidence to transact. This will grow acceptance rates and improve customer satisfaction.

For at least a decade, we've been hearing about the next great security technology that will crack the Holy Grail of convenience versus security. Hasn't happened in the last 10 years. Doubt if it will ever happen unless we drastically change the way we think about security technologies. In simple terms, the security challenge is as follows: User wants easy access to her funding source to make a payment. User wants others to have absolutely no access to her funding source to make a payment. The "system" needs to figure out whether user is the legitimate owner of the funding source (and accordingly offer me easy access to her) or not the legitimate owner of the funding (and deny access to her). But the system can't see the user physically and can't figure out whether she is genuine or not. The way current security technologies are designed, the only way Therefore, the system can do what's expected of it is to subject all users to the same degree of gatekeeping aka security, which causes inconvenience. I somehow think this Holy Grail will be cracked only when we think beyond authentication factors and come up with a technology that provides a different paradigm of presence to the system.