Skip to main content

Has security gone too far?

No-one would suggest that we abandon security measures that are designed to frustrate fraud. But we all hate passwords, and we are all driven mad from time to time by security questions, photo IDs, queues at airports and now endless 'opt in' requests to enable holders of our data to use it. GDPR... OMG!

I am currently screaming at brick walls in a crazy loop that's preventing me from accessing my own money. It all started simply enough. I use a gold trading service called Bullionvault. To start trading, you deposit funds from your personal bank account, buy some gold (or other precious metals) which they store 'digitally' or physically for you, and then sell some or all of it while hopefully making a profit (fully taxed of course). Any money that you want to withdraw is then deposited in the same bank account that was used to open the account. All well and good... until you change your bank account.

Here is what I have to do before I can get hold of my own money:
  1. Fill out a form declaring I've changed banks, sign and upload it 
  2. Upload a copy of my new bank account statement (I now bank online, so get no paper statements) which shows:
    1. Name and logo of bank
    2. Account name
    3. Account number
    4. Bank's address
  3. Upload a statement from my old bank account (also online)
  4. Upload photo ID
  5. Upload proof of address eg utility statement
  6. Upload a letter from the new bank confirming:
    1. My DOB
    2. Name and address
    3. Photo ID number
    4. New account details
  7. Upload my banker's business card
All of which I did (not without a great deal of teeth-gnashing and hair-tearing). But the reason they needed my bank representative's business card is because all of the above is not enough and they also need to hear his voice confirming all of the above (presuming that if I was determined enough to commit fraud, I couldn't make up a business card with a dummy number). And that is where my agonising tale of woe should have ended, but no. I'm now experiencing a whole new level of pain. My bank, Natwest Private (too Private it would appear), are refusing to talk to anyone other than me about my account. Because of SECURITY.

Net result - boxes ticked on both sides, customer enraged, money stuck.

This might be an extreme example of security gone mad, but there's a real issue here. When are security measures excessive? We can't go on increasing levels of security to prevent the latest and most devious fraud tactic. It's not just witless and vulnerable citizens being affected by this escalating arms race between goodies and baddies. It's the hassle for employees and increasingly complex and expensive process requirements imposed by legislation and consultancies alike who consequently slow down the wheels of commerce. Everyone is running around covering their own arses in a box-ticking frenzy of maximum compliance and risk reduction. And when it comes to banks, they face a double jeopardy of compensating de-frauded clients together with fines from class actions where lawyers prey on weaknesses and complicity at high levels. This is a nil-sum gain. Everyone, except lawyers of course, suffer exponential levels of pain - all to prevent baddies from grabbing what's not theirs (and now including another form of theft - loss of privacy).

So what's the solution? How are we going to get off this merry-go-round of increasing pain for all parties - albeit strengthening the purpose and value of London in its age of uncertainty and Brexit woe. What other city in the world would you trust as much for security? What a shame a place can create a reputation based on everywhere else being dodgier.

There are two approaches the world can take to make life easier and safer - ideally linked. The first is security simplification using increasingly sophisticated technology. The ability to prove who you are without delay, error, relying on memory or complication. The invention of blockchain is one example where improved verification and auditability is already being achieved. Expect lots more use of it - and cunning baddies who find ways of exploiting it. Other types of verification tech will assist including DNA, fingerprint, facial, voice and iris recognition techniques, probably combined. And not only with online / mobile verification, but also for crime detection in the environment... and then we need to question whether our governments are good guys or bad. And if bad, what can we do about it when protesting or opposing it becomes a crime? It won't just be China and Russia who use technology to protect their power bases. Trump threatened a few days ago to close media sources who weren't prepared to stop publish views of the world that didn't align with his own.

The other approach is to increase surveillance and penalties for bad guys... and thus reducing civil liberties to assist detection and prevention. You're not a baddie until you do something bad... or PLAN to do something bad. So whilst hoping they catch every baddie who is caught doing something bad, and then throw away the key (more money for solving crimes and prisons please), serious issues arise about invasions of privacy to detect changing definitions of potential delinquency.

On the radio this morning there was an interesting report about the British Health Service (NHS) refusing to share anonymised patient data for research on the grounds that it breached data protection regulations despite the potential for lives to be saved by improving research. Another example of compliance, box-ticking and arse-covering trumping plain old common sense. Someone needs to bring all of this back into perspective, and that will only happen when leadership calls foul to media (who love to sell outrage) and lawyers (whose job it is to ensure compliance without judgement about exemption).

Right now I want maximum investment by governments and business to reduce security pain whilst making life not worth living for those who believe they have the right to take what's not legitimately theirs. And I want common bloody sense to see the light of day when security has clearly become a ridiculous game of over-elaborate compliance to avoid lawyer enrichment. But longer term, our ability to do what we want, when we want, with whom we want is under attack. Some would argue for own safety, others for the safety of the systems established to protect us. The common good, or personal freedom. Which will triumph?


Popular posts from this blog

Phillips screws - yes I'm angry about them too

Don't get me wrong. They're a brilliant invention to assist automation and prevent screwdrivers from slipping off screw heads - damaging furniture, paintwork and fingers in the process. Interestingly they weren't invented by Mr Phillips at all, but by a John P Thompson who sold Mr P the idea after failing to commercialise it. Mr P, on the otherhand, quickly succeeded where Mr T had failed. Incredible isn't it. You don't just need a good idea, you need a great salesman and, more importantly, perfect timing to make a success out of something new. Actually, it would seem, he did two clever things (apart from buying the rights). He gave the invention to GM to trial. No-brainer #1. After it was adopted by the great GM, instead of trying to become their sole supplier of Phillips screws, he sold licenses to every other screw manufacturer in the world. A little of a lot is worth a great deal more than a lot of a little + vulnerability (watch out Apple!). My gromble is abo

Prepare for Alien Contact

I've not gone barking mad or joined some weird religious cult (aren't they all?). But I do predict that we will make contact with intelligences from other planets soon. Here's my reasoning: There are approximately 100,000,000,000 stars in our galaxy (easy way to remember this order of magnitude is it's one hundred, thousand, million). Usefully there are also approximately the same number of galaxies in the universe. And assuming every star has about the same number of planets orbiting it as our Sun, and that the Milky Way is an average size of galaxy, that means there are around 100,000,000,000,000,000,000,000 planets in the universe. A lot. Scientists have long debated the probability of life, as we would recognise it - reproducing, eating, etc - existing outside Earth. Most agree mathematically that it's a certainty. What they did was take all the components they believed were required for life to have evolved on Earth and then extrapolate what they know about

Norman's Autobiography

The following is an unfinished autobiography written by my father who passed away earlier this week at the age of 93. Cheerbye Dad (you were the only person I knew to use this expression). You were a huge influence on my life. Thanks for taking the time to record so much that I never knew about your own life and those of our immigrant ancestors. Dad's the one in the middle ;-) The HorBraJacSac Saga by Norman Horwood  9th June 1926 (or possibly earlier!) - 27th June 2019 The Families' Backgrounds. We have four families; Abrahams/Horowitz/Horwood; Bralofsky/Braley; Jacobs and Tchaikofsky/Sacof. Taking my pair, the (Abrahams) Horowitzs/Horwood and the (Bralofskys) Braleys. They escaped from different parts of "Mittel Europe" at different times. Abraham and Rachel Abrahams, nee Gess, (Horowitz), had been in England longer than the Bralofskys, having come here from Lithuania in about 1897 as a married couple without children. It is certain that Abraham