> It genuinely could threaten the ability of banks to continue operating retail banking services if it continues to almost exponentially grow.
Preventing this kind of fraud is a solved problem. The reason it still happens is that banks are forced, through competition, to minimise "identity proving" burden for consumers, in a "get credit now with instant approval!" kind of way.
At the moment we're stuck in a "marketing armageddon" of banks competing with each other by not properly verifying identity before granting credit or transferring away money. This seems to me like a Tragedy of the Commons.
If, across the board, people were required to prove their identity properly before banks rely on them, then the problem would go away overnight. It'd be a bit more tedious for consumers, but I don't see how that would cause banks to fail. The cost would merely move from fraud to identity verification.
Perhaps some people wouldn't be sold credit that they can't afford, but I don't buy that such people are keeping the banks afloat. Before banks stop operating retail banking services, I'm sure they'll just start actually verifying identity properly to keep that market.
As someone in the banking industry, this is the "right" answer. When I got started in banking I was pretty shocked about how easy it was to "authenticate" yourself to open a bank account. For example, this breach has pretty much all the things needed to open an account in someone else's name: Name, SSN, DoB, Address. That's pretty much all the KYC services use for validating an account application.
There are, of course, easily added forms of additional verification - for example, Stripe just added their Identity service which lets you take a picture of your driver's license and then match the image against a selfie. But that puts "friction" in front of the application process, so most banks don't do something like this unless other signals make them think the application has a high fraud risk.
If basically everyone's Name, SSN, DoB and Address is easily viewable public info, this will all change.
On the other side of that, there is such thing as too much friction.
Shortly before BBVA closed them, I was in a back-and-forth to open an account with Simple.
First, my ID was too shiny, then it wasn't black and white, then it wasn't color, then they wanted a picture of my apartment building, then ...
it was just on and on and on for three weeks. It got to the point where I asked what exactly they wanted and they literally told me that they cannot tell me because it would allow me to commit fraud. I asked if I could talk directly to their fraud team to figure out what exactly: nope. Can't do that, they can't talk to you.
So I was expected to either read their minds or play infinite whack-a-mole with them where they say one thing in one email then say the opposite in the next.
Yes, no problem with that. Eventually a long standing established digital identity is needed. Provided by anyone, state, bank, etc. Opening a new one should be easy though, but risk assessment should be done at every step (as the account gains new trust in whatever system).
Security doesn’t appear on a balance sheet, but security expenditures and related depreciating assets certainly do appear. A classic example of measuring the wrong thing.
If you can explain to me how a monthly service where payment is required in full every month requires a credit agreement, I'll (don't know, do something crazy like eating my hat) - this is the standard service provider contract, for some reason it is considered a credit instrument and can land on your credit report.
That being said, you are right, there are prepaid options and postpaid with a deposit ($50) that can put you outside of this SSN requirement on T-Mobile. I guess you have to know to ask for them. It is for credit, that's the only reason they can ask for your SSN.
Everything is credit based now, and for some people their phone bill might even be their first positive (or negative) mark on a credit score rating.
It's credit because, regardless is you pay in full every month, you receive the service before you make the payment. That opens up the service provider to the risk that you'll ring up a huge bill and then skip out on the payment, and all of the rules around credit are designed to mitigate this fact.
The standard service provider contract you mention (in the US) is "postpaid": you pay at the end of the month for the usage you had during that month. This is credit: you use the service, then pay after for what you used. That's opposed to "prepaid" service, where you buy "minutes" or "data" before use, and must manually buy more if you run out.
I have been through many phone sales and the postpaid model does not always have to account for price variability. There are plenty of fixed cost plans with unlimited calling. They will still ask for your social security number and try to make you a new credit account before they tell you there is a deposit option possible.
I have no idea why it would be to the advantage of a business like T-mobile to get you on a postpaid plan when there is no possibility of running up your bill. It's still the option they push on hardest when you walk up to the storefront.
The credit model is the default model. That was my point. I don't know that I had a point.
You shouldn't need to maintain a credit account just to keep a phone number, but I guess it's real estate and that's valuable, they will put it back into the pool if you ever stop paying the bill. I haven't had to deal with these kind of problems myself for a long time, but the pain is still fresh.
> The reason it still happens is that banks are forced, through competition, to minimise "identity proving" burden for consumers, in a "get credit now with instant approval!" kind of way.
The best solution would be if the US introduced mandatory passports or other forms of ID cards with smartcard capability, similar to the German Personalausweis. It has a secure cryptoprocessor with key vault, meaning it can be used to sign documents (if the bureaucracy to get a signature CA wouldn't be completely stuck for years now, SIGH), but especially companies willing to use authenticated data can fetch them securely over any NFC enabled terminal. Quite ingenuous.
This would entirely kill ID fraud at the source. The problem only seems to be an aversion in some parts of the US population against ID documents.
I don’t think you’ll see this happen in the US any time soon, literally because of a Bible verse; Revelation 13:16-17 (King James Version):
16 And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:
17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
It’s not talked about a lot here, but this verse is the go-to for many flavors of Christian politics in the context of federal law and national identity.
The pathetic irony is that intelligence services and dozens of corporations have already done this. So we citizens, err consumers, have all of the downsides and none of the benefits of authenticity.
In addition to the sky faerie grifters, the anti-rationality mentats categorically oppose allowing government to govern.
The problem is the US would first need to grow the political will to ban most businesses from demanding and then long term storing that ID. As it stands right now, for needlessly invasive things like supermarket discount cards you can just give them a bunch of fake info, and get a new nym every year or so to make your history less useful. But with an unrestricted smartcard ID, there would be no escape from the commercial surveillance web. Something like the GDPR is a hard requirement before stronger identification is palatable in the US.
> The best solution would be if the US introduced mandatory passports or other forms of ID cards with smartcard capability, similar to the German Personalausweis. [...] This would entirely kill ID fraud at the source.
Sure, fake or stolen passports and (often preliminary) ID Cards from public offices exist and are traded on the darkweb but ID fraud is so rare it´s almost unheard of compared to the rampant fraud in the US
I think part of it is deregulation in the USA too. As has been mentioned it is sooo easy to sign up for credit cards because banks want citizens drowning in debt. When I lived there I got like 4 credit card applications in the mail per day; every store has its own credit/rewards card; every company has the same idea to extract as much wealth from citizens at the expense of their good health.
All of this fraud is an extension of that deregulation, which leaves people exposed. Frankly a slower moving economy is probably BETTER in the long run, but it’s all numbers and figures nowadays. People are reduced to an SSN number.
No. Doing so in a way that is intentionally designed to be more difficult for disadvantaged groups to fulfill so that they do not participate in the democratic process--that is not "considered" racism, it is racism.
But you know that. It must be hard to be so aggrieved.
> intentionally designed to be more difficult for disadvantaged groups
Why is obtaining an ID "intentionally designed" this way. Don't you need to get a driving license to drive? A passport to re-enter the country? Do disadvantaged groups not get driving licenses?
> Why is obtaining an ID "intentionally designed" this way.
Because when you make the places to get them few in number and difficult to get to, then make the lines to get them very long, you create hurdles for people who have jobs that are not overly friendly towards long or variable absences.
This is intentional, much as many places in the United States have reorganized voting locations to themselves be difficult to get to. Disenfranchisement is intentional.
> Don't you need to get a driving license to drive? ... Do disadvantaged groups not get driving licenses?
Many in the United States live in urban areas where they're not required and where they may not be economically feasible. (These folks tend not to vote for the people who are pushing ID requirements.)
> A passport to re-enter the country?
The set of Americans who never have cause to leave the country is very large.
I've never seen the problem explained this way. Thanks for helping me to understand. Seems like we could "fix it" if there was some way to make obtaining the IDs easy and quick. I doubt there's a solution for that, however...
There are ways, but they would require the cooperation of the political actors who don't want people whose votes they do not have--and, more generally, who they appreciate being at the mercy of the police in very actionable ways, which is the other issue with a lack of identification.
I'm still kinda shocked that it took so long to get chipped credit / debit cards in the US, and the fact that credit cards still don't have pins...
Most of the online transactions I do with my credit card in Europe require me to verify them via some approval app (often the bank's own app) before they're submitted.
But I guess it's more profitable to just let US folks spend spend spend and rack up huge debt burdens. The interest is probably higher than whatever anti-fraud efforts cost them at the moment.
I think you would be surprised how much fraud still happens with strong identity protections.
Here in the UK strong customer authentication and strong proof of identity is a requirement in law, breaching it lands you in significant amounts of hot water. So at the bank I used to work at, identity theft was pretty rare and only made up a tiny fraction of the fraud we saw.
A much bigger share of the pie, and the area that we really struggled with, is customer authorised payments. The customer gets socially engineered into parting with their cash, and as a bank we're expected to reimburse them if we can't prove that we didn't take steps to detect the scam in progress and prevent the customer making the transaction.
Doing that has “economic costs” too. I have seen both the models. In the US, you can walk in to a dealer and walk out with a car. Elsewhere, you usually get your preapproval before you start car shopping. Then usually you have to go to the bank to close the paperwork and get the car in a few days to a week. It’s for the best in general. But it’ll make people make more informed decisions and that’ll reduce the spending.
And proper identify verification - like looking at the document in person - also has downsides. It still can be forged. Just a little harder than what we have. (Other countries with mandatory physical KYC and a wet signature still have fraud issues)
Overall I think it’s a lot of added cost and inconvenience for a slightly better benefit.
As a counterpoint, I recently tried to sign up for a store card to take advantage of promotions on a large purchase. I was not approved- apparently because “my phone number could not be validated”. This even though I had my drivers license, ssn, and spoke personally with a bank representative. Weird.
Can't comment on why the other things weren't enough, but do you have a "real" phone number or is it VoIP? I was unable to verify my Twitter account until I contacted support, nor could I get the IRS website to take my number when doing taxes, and I think the reason is that my (small) carrier uses VoIP: https://help.republicwireless.com/hc/en-us/articles/36002509...
Preventing this kind of fraud is a solved problem. The reason it still happens is that banks are forced, through competition, to minimise "identity proving" burden for consumers, in a "get credit now with instant approval!" kind of way.
At the moment we're stuck in a "marketing armageddon" of banks competing with each other by not properly verifying identity before granting credit or transferring away money. This seems to me like a Tragedy of the Commons.
If, across the board, people were required to prove their identity properly before banks rely on them, then the problem would go away overnight. It'd be a bit more tedious for consumers, but I don't see how that would cause banks to fail. The cost would merely move from fraud to identity verification.
Perhaps some people wouldn't be sold credit that they can't afford, but I don't buy that such people are keeping the banks afloat. Before banks stop operating retail banking services, I'm sure they'll just start actually verifying identity properly to keep that market.