In light of the new HUGE data breach from Equifax, it’s time to consider a new normal, where we are all breached, and we have no secret information.
Essentially, with the loss of records pertaining to Personally Identifiable Information (PII) for half of all Americans, we have to ask:
“Can we continue to assume our private information is private?”
Historically, we’ve kept our SSN and credit/debit card numbers private. We guard them, and hope no one finds them out, cause if they do, they can open credit accounts, mortgages, but furniture, etc in our names. It’s identity theft. Fraud.
What happens now that half of the people in the US are affected?
This may be freeing for normal folks like us. No longer caring who sees our SSN or Credit Card numbers. Heck, the bad guys have them already!
Banks, Lenders, etc are the ones that need to be concerned. How can they reliably know that it’s ME signing up for a new bank account, or car loan. How can they KNOW for sure that it’s not a bad actor in <insert bad actor country here>.
A few scenarios I can think of:
Banks start to go nuts for validation. Phone calls, SSN, DOB, insane credit validation based on previous addresses, etc. Not sure they’ll be enough.
The slow death of electronic only accounts? Are we going to have to go to the bank for everything? Open a new account, go to the bank. Apply for a new loan, go to the bank.
Is that enough?
Do we all need new IDs? We keep our public identifier, like SSN, but, we all get a ‘private’ key that only we can use? Yeah, that’ll get out too.
Security is hard.
What about a hardware token? The federal gov’t gives us all a heavily encrypted RFID chip/implant. There’s no way to duplicate/spoof it. If every computer can guarantee the identity of the chip holder, then there’s no doubt the person applying for a credit line, is that same person. Essentially a non-duplicatable digital signature that anyone can verify, but no one can mimic. Is this technically possible? Maybe.