Skip to main content.

Identity Fraud and the Myth of "Secret" Personal Information


The problem of identity theft and other identity-related fraud has generated a need for people to be able to prove who they are, especially when they are online and there is no prior relationship between someone and the entity needing to verify that person's identity. Although a person may use different "identities" for different online activities, it becomes especially important to know a person's "true" identity in certain key situations such as applying for a new credit card, car loan, mortgage, or other credit accounts, or when seeking access to sensitive medical records.  In the physical world, we rely on government-issued photo IDs because we trust that the government has issued the ID to the right person. Viable alternatives are needed for consumers in the online world that would serve a similar purpose in those situations where it's critical to know someone's true identity.

There's been a long history of using knowledge of personal information such as passwords, Social Security Numbers, or mother's maiden name to "prove" someone's identity.   This practice is based on the flawed assumption that such information is somehow "secret", and cannot be discovered by an identity thief.

As a result of the introduction of data breach notification laws, it's well established that large amounts of sensitive personal information about people that are maintained by businesses, government agencies, and other organizations have been lost or stolen through poor information security practices.  

Although better information security would help to reduce identity fraud and maintain our privacy, there's plenty of personal information about us "out there" in one form or another, and we cannot realistically expect to prevent identity fraud by hoping that all those data custodians will keep the information secure.  A more realistic approach to identity fraud prevention is to augment better information security with other means of ensuring that knowledge of personal information, by itself, is insufficient for committing identity fraud.

>"Secret" Personal Information That Isn't Really Secret

What's The Solution?


There are at least two ways to combat the identity fraud problem: 

We believe that although better information security is essential for protecting the privacy of individuals, relying solely on trying to keep personal information "secret" will not prevent identity theft or other types of identity-related fraud.

Better information security needs to be augmented with better ways to verify that those seeking  to establish new accounts, or to access existing accounts, are truly authorized to do so.  The real problem is the widespread assumption that knowledge of personal information, by itself, "proves" the identity of the person who knows the information.  We believe that the way to deal with this problem is through adoption of better forms of authentication.  

>Authentication for Identity Fraud Prevention