Rarely a day goes by when I don't receive an urgent e-mail from Nigeria telling me I have a chance to enrich myself to the tune of $10 million to $20 million.
These "offers" all roughly follow the same format: an ex-government official from Nigeria was involved in a transaction where a foreign contractor was mistakenly over-billed or accidentally invoiced anywhere from $50 million to $150 million. Instead of giving the money back, a group of officials has decided to keep it for themselves. In order to get around government regulations, they have to wire the money to a bank account outside the country. Previous arrangements for this "legal" transaction fell through, and there is an opportunity for me to receive 20 percent to 30 percent of the proceeds simply by setting up a bank account for them under my name and allowing them the right to transfer money into it.
For those of you who have never been sent such a letter, consider yourselves fortunate. It's actually a decade-old scam to steal your personal information, and use it for all kinds of nefarious tasks-everything from establishing false lines of credit to creating illegal passports.
As consumers and businesses embrace the electronic world, they are finding themselves a target for identity theft schemes far more esoteric than e-mail letters from rogue Nigerian officials. A recent edition of the New York Times actually contained two articles alerting people to potential personal information threats. One involved two University of Cambridge scientists who were able to extract secure personal information from a smart card using a camera, flashgun and ordinary laboratory microscope. Several smart card manufacturers have acknowledged the vulnerability, and are now developing countermeasures, according to the article.
Far more heinous was a report of Russia-based "cyberbazaars" where thousands of stolen credit card numbers and identities are sold to the highest bidder. These numbers are obtained from various legitimate Internet merchants by black-hat computer hackers who are able to infiltrate the sites and download credit card numbers.
Although financial institution infiltration was not mentioned specifically in either of these articles, it stands to reason that banks are prime targets for identity thieves. After all, if hackers can easily obtain a person's secure, private information from an online vendor, what is stopping them from getting similar financial information from an Internet banking site? If the supposedly secure chip of a smart card can be compromised for information, why not the magnetic strip of an ATM card?
Banks have shown that they can take measures to secure customer privacy (A PRIVATE Arrangement). Providing protection against identity fraud may prove more difficult given the sophisticated nature of the criminals, but it is something banks must do if they are to remain the trusted financial vehicle for all consumers.