Skip to main content

Has security gone too far?

No-one would suggest that we abandon security measures that are designed to frustrate fraud. But we all hate passwords, and we are all driven mad from time to time by security questions, photo IDs, queues at airports and now endless 'opt in' requests to enable holders of our data to use it. GDPR... OMG!

I am currently screaming at brick walls in a crazy loop that's preventing me from accessing my own money. It all started simply enough. I use a gold trading service called Bullionvault. To start trading, you deposit funds from your personal bank account, buy some gold (or other precious metals) which they store 'digitally' or physically for you, and then sell some or all of it while hopefully making a profit (fully taxed of course). Any money that you want to withdraw is then deposited in the same bank account that was used to open the account. All well and good... until you change your bank account.

Here is what I have to do before I can get hold of my own money:
  1. Fill out a form declaring I've changed banks, sign and upload it 
  2. Upload a copy of my new bank account statement (I now bank online, so get no paper statements) which shows:
    1. Name and logo of bank
    2. Account name
    3. Account number
    4. Bank's address
  3. Upload a statement from my old bank account (also online)
  4. Upload photo ID
  5. Upload proof of address eg utility statement
  6. Upload a letter from the new bank confirming:
    1. My DOB
    2. Name and address
    3. Photo ID number
    4. New account details
  7. Upload my banker's business card
All of which I did (not without a great deal of teeth-gnashing and hair-tearing). But the reason they needed my bank representative's business card is because all of the above is not enough and they also need to hear his voice confirming all of the above (presuming that if I was determined enough to commit fraud, I couldn't make up a business card with a dummy number). And that is where my agonising tale of woe should have ended, but no. I'm now experiencing a whole new level of pain. My bank, Natwest Private (too Private it would appear), are refusing to talk to anyone other than me about my account. Because of SECURITY.

Net result - boxes ticked on both sides, customer enraged, money stuck.

This might be an extreme example of security gone mad, but there's a real issue here. When are security measures excessive? We can't go on increasing levels of security to prevent the latest and most devious fraud tactic. It's not just witless and vulnerable citizens being affected by this escalating arms race between goodies and baddies. It's the hassle for employees and increasingly complex and expensive process requirements imposed by legislation and consultancies alike who consequently slow down the wheels of commerce. Everyone is running around covering their own arses in a box-ticking frenzy of maximum compliance and risk reduction. And when it comes to banks, they face a double jeopardy of compensating de-frauded clients together with fines from class actions where lawyers prey on weaknesses and complicity at high levels. This is a nil-sum gain. Everyone, except lawyers of course, suffer exponential levels of pain - all to prevent baddies from grabbing what's not theirs (and now including another form of theft - loss of privacy).

So what's the solution? How are we going to get off this merry-go-round of increasing pain for all parties - albeit strengthening the purpose and value of London in its age of uncertainty and Brexit woe. What other city in the world would you trust as much for security? What a shame a place can create a reputation based on everywhere else being dodgier.

There are two approaches the world can take to make life easier and safer - ideally linked. The first is security simplification using increasingly sophisticated technology. The ability to prove who you are without delay, error, relying on memory or complication. The invention of blockchain is one example where improved verification and auditability is already being achieved. Expect lots more use of it - and cunning baddies who find ways of exploiting it. Other types of verification tech will assist including DNA, fingerprint, facial, voice and iris recognition techniques, probably combined. And not only with online / mobile verification, but also for crime detection in the environment... and then we need to question whether our governments are good guys or bad. And if bad, what can we do about it when protesting or opposing it becomes a crime? It won't just be China and Russia who use technology to protect their power bases. Trump threatened a few days ago to close media sources who weren't prepared to stop publish views of the world that didn't align with his own.

The other approach is to increase surveillance and penalties for bad guys... and thus reducing civil liberties to assist detection and prevention. You're not a baddie until you do something bad... or PLAN to do something bad. So whilst hoping they catch every baddie who is caught doing something bad, and then throw away the key (more money for solving crimes and prisons please), serious issues arise about invasions of privacy to detect changing definitions of potential delinquency.

On the radio this morning there was an interesting report about the British Health Service (NHS) refusing to share anonymised patient data for research on the grounds that it breached data protection regulations despite the potential for lives to be saved by improving research. Another example of compliance, box-ticking and arse-covering trumping plain old common sense. Someone needs to bring all of this back into perspective, and that will only happen when leadership calls foul to media (who love to sell outrage) and lawyers (whose job it is to ensure compliance without judgement about exemption).

Right now I want maximum investment by governments and business to reduce security pain whilst making life not worth living for those who believe they have the right to take what's not legitimately theirs. And I want common bloody sense to see the light of day when security has clearly become a ridiculous game of over-elaborate compliance to avoid lawyer enrichment. But longer term, our ability to do what we want, when we want, with whom we want is under attack. Some would argue for own safety, others for the safety of the systems established to protect us. The common good, or personal freedom. Which will triumph?



Comments

Popular posts from this blog

Phillips screws - yes I'm angry about them too

Don't get me wrong. They're a brilliant invention to assist automation and prevent screwdrivers from slipping off screw heads - damaging furniture, paintwork and fingers in the process. Interestingly they weren't invented by Mr Phillips at all, but by a John P Thompson who sold Mr P the idea after failing to commercialise it. Mr P, on the otherhand, quickly succeeded where Mr T had failed. Incredible isn't it. You don't just need a good idea, you need a great salesman and, more importantly, perfect timing to make a success out of something new. Actually, it would seem, he did two clever things (apart from buying the rights). He gave the invention to GM to trial. No-brainer #1. After it was adopted by the great GM, instead of trying to become their sole supplier of Phillips screws, he sold licenses to every other screw manufacturer in the world. A little of a lot is worth a great deal more than a lot of a little + vulnerability (watch out Apple!). My gromble is abo

Would we pay more for their stuff?

I'm confused. Brexiters argue the Germans, Italians and French will still want to sell us their cars, so continued free trade with the UK is in their best interests. But we'll have to negotiate this (with an EU unwilling to make leaving easy) by threatening to make their cars more expensive for British people to buy. We'll do this because WE need to make imports more expensive to try to restore our balance of payments. Are Brits prepared to pay more for their Audis, Fiats and Renaults in order to make British cars more appealing, or do Brexiters want to pay more in order to punish them for taxing our insurance and banking products? Either way, imports will cost more. While in the EU, we buy their cars because we like the choice and don't want our own government to tax them. Indeed it would be better for British car manufacturing if we went back to the good old days of being encouraged to buy cheaper British cars (made by foreign owned factories). Is that what Brexite

Brilliant Inspiring Statues