Search again

Keywords


Location




Filter by sector


Narrow by resource type







Search
Back


Article

Protecting personal information in the digital age

This article has been taken from The Gen newsletter - Summer 2008. Click here to download the pdf.

In the UK, recent high profile cases of personal data loss or theft have fuelled a more widespread mistrust of the computer systems which handle so much of our personal data. These cases include the theft of laptop computers, loss of CDs carrying confidential databases, and the systemised skimming of credit cards in order to fund overseas terrorist organisations. The UK introduction of Chip and PIN aimed to stem the rise of credit card fraud in particular, but it has done little if anything to prevent fraud taking place around the 'card not present' transactions used in online shopping or banking. In addition, the growing trend of shared computers increases the risk of sensitive data being left as an 'image footprint' within the system, vulnerable to theft or misuse.

 The password is clearly a weak link in the chain, especially as most people use the same password whenever one is needed. A recent study by Which?, the UK's largest consumer body, estimated that one in every two people is at risk from fraud simply because they use the same PIN or password for more than one card. However, remembering a multitude of passwords is inherently difficult, making the problem even harder to solve.

 In the UK, the perceived problem of information security is reaching a tipping point, with consumers unsure about any system which stores personal data remotely. Already, there is anecdotal evidence of more people carrying cash as they no longer trust the safety of the devices used in certain outlets. As so many UK organisations depend so heavily on their e-commerce systems, a loss of public confidence represents a serious business threat.

 The fundamental issue with all digital payment and identity protection systems is that they require the individual to hand their crucial password over to another device. Through our work, we have identified converged solutions which we believe hold the key to unlocking this growing issue in the UK. These link a suite of managed services to a device which relies on a biometric key, such as a thumbprint, and a password-protected SIM card. Such devices require the user's thumb to be pressed against a built-in reader, possibly every time the device is used rather than when first turned on. If the device is lost or stolen, it cannot be used without the thumbprint, but because the services are managed elsewhere, the user simply finds another fingerprint scanner, for example at a bank, to access their personal information. Password verification, therefore, takes place within the device, making the device essentially worthless when not with its owner.

 We’ve identified opportunities where solutions such as this could support major events, for example the 2012 Olympics in London. The system could use a thumb-activated device to store cash, electronic tickets, and even to provide information on activities taking place. If such services and devices can be delivered at a price point which enables mass market adoption, they have the potential to provide a realistic, safe and robust solution to the complex problem of identity management and protection.
Protecting personal information (PDF)

Ask us

Ask us a question about Protecting personal information in the digital age
Ask us

Email newsletters

Keep up to date - sign up for our e-newsletters
Certified