Moving Blues 2

In January 2011 I posted a blog called ‘Moving Blues’. Having moved this month from a well-known university town in Belgium to the rural depths of France, nearly two years later it’s disappointing we seem to be moving backwards in terms of security when it comes to safely asserting our new identity attributes like a changed address, a new bank account etc. Not forward the way I envisaged two years ago in ‘Moving Blues ‘ , by sending a new digitally signed Information Card with my changed ‘claims’ to my various new and old service providers.

Take the case of my Health Insurance provider. Casually talking to a girl on the help line informing her of our new postal address, I mentioned enjoying pre-retirement here in the French country side.  She only needed that one verbal cue to inform me that my policy was no longer valid and I was not insured (read the small print about being in full-time employment, she said. But who does?).

As an aside, a replacement private policy would quadruple my monthly payments.  “What, even though I now lead a much less stressful life”, I replied? It seems European governments force these insurance companies to provide so-called social healthcare policies for the working classes, heavily regulated  on a minimum cost-plus basis. So it seems they must screw all their profits out of the fortunate few that can say goodby to working life before their state pension kicks in.  And here it was me thinking, insurance companies calculate their premiums based on risk! Gardening must be more dangerous than being in a stressful office  job! Give the help line operator her dues, she said the company would refund my voluntary premium payments from the day I quit work.

Now move the scene to the department that wants to pay me back about five months worth of premiums. It writes to my new unverified address that it needs to verify my bank details. A simple mail from my verified email address all the sudden isn’t good enough. But it is OK to email them scanned copies of my passport and a scanned bank statement showing my account number and my new address.

Am I the only person thinking how stupid is that?  To make my point I searched on Google Image search for an example of a bank statement which I soon found and downloaded from MattsBits blog. A hacker with bad intentions would probably find one in your waste paper bin and scan that in.  I used the bog standard program ‘Paint’ from Microsoft, to be found on every Windows computer, used an electronic  rubber and changed the address and bank account number on Matt’s statement to illustrate my point. The result is displayed below:

Doctored pro forma statement using 'paintbrush' from Microsoft

Doctored pro forma statement using 'paintbrush' from Microsoft

Now it seems that today I could send this as a bona fide scanned copy in an attachment to the healthcare provider and they now think/pretend they have covered their arse?

How stupid is that? Who are they kidding? Is this secure identity management in the year 2011?  Shame on Microsoft for pulling the plug on Information Cards. Shame on the the likes of Verizon, Deutsche Telecom, Orange, the banks of this world even Google!  Why will no-one step up to the plate and give us secure Identity Verification Services to replace this pretense?  Why do Relying Parties lull themselves to sleep by allowing hackers to fool them with easily doctored scans of utility bills etc? It seems we are back in the 1950’s days of simple checkbook fraud as illustrated so well in the film ‘Catch me if you can’.

Advertisements

About lasancmt

Passionate about Identity Management Disgusted at #ukip and #brexit
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s