just one more geek in a sea of austin techies

May 8, 2011

Unsettling Online Checkout (Fraud Prevention)

I ordered a new cell phone this week.  It's a pay-as-you-go phone (don't ask -- I have my reasons and they're all called "unlimited data for $15").  Perhaps because it's a pay-as-you-go phone, during the online checkout process I was faced with several fraud-prevention questions...

I like to tune in to all types of tech-related news so it was no real surprise to me that I might be posed security questions of a personal nature based solely on my name, email address and billing address.  For many years there have been some VERY serious identity systems quietly available to companies with big pockets -- identity systems that tie more PII (personally identifiable information) together in more ways than most people imagine.  This is an ever-growing field with cloud-based SaaS identify verification becoming the new rage.  Still, even though I expect this I was left unsettled by the three questions presented to me during checkout:

  1. At which of the following addresses have you lived? (5 choices, 1 was for an address of mine from over 10 years ago)
  2. Which of the following addresses are you familiar with? (5 choices, all wrong -- trick question or just my bad memory?)
  3. What age range do you most closely attribute to <my mother's name>?  (5 age ranges, one obvious correct choice)
It was the third question that really got my attention.  Being able to tie me to my mother and her to her age was a step beyond my comfort level.  You have to understand that I happen to share the same fist and last name with more than one relative, so the ability to accurately tie me to my mother rather than a relative's mother suggests that there's sufficient info available to the identity system to determine my particular relationships based on my name, current address and (possibly) credit card.  Perhaps the first two questions were only asked in order to narrow down to the correct mother named in the third question.  Or perhaps some identity system is watching me right now through my (turned off?) webcam.

Compared to simply reading about identity systems, my reaction to news of their capabilities and routine use was a bit different when it was me answering the security questions.  You're not paranoid if an identity system really is out to get you(r personal data)...

No comments:

Post a Comment