Catching up with a famous fraudster

Summary:Subject of the film Catch Me If You Can, Frank Abagnale may be on the right side of the law these days but he hasn't forgotten how to beat the system

...access to buildings and computers, but do you trust Visa with your DNA? I wouldn't. Once you lose your DNA you've lost your identity forever. As long as information is stored somewhere there's going to be breaches.

The UK government seems to claim that the National Identity Register won't be breached. Are you in favour of identity cards?
I'm not big on ID cards — you're giving the government information that someone else can access. ID cards make it 100 times easier to steal that information, because it's concentrated in one place.

That the ID Cards scheme was passed into law was not a good idea. Nothing is really secure; if the money is right, you can forge a passport to back fraudulent activities — you can forge ID cards. You can replicate holograms, dyes in paper, and give terrorists access to Britain.

With the ID cards scheme, all it takes is one weak civil servant to be bought off, and one weak link can [compromise the system].

So how concerned should businesses be about their employees?
Businesses should be very concerned about their employees. Most don't do background checks, because an employee started out as a receptionist. But now, guess what? They're an accounts executive, with access to [sensitive] information.

Companies should do background checks before they employ someone, and continue to do background checks, every 90 days.

But wouldn't that infringe on someone's privacy?
Basically the employee would grant permission to do background checks, as a condition of employment. It's a right of the company to do background checks on employees, to make sure information stays within the company. You can't just keep hiring people, because one weak link breaks the chain.

What's your opinion on a data-breach notification law for the UK?
In the US, every time there's a breach, you get a letter. Absolutely I'm in favour of data-breach laws — if someone gets into a company's systems, or there's a breach, by law companies have to send their customers notification within 24 hours. It lets the person take action themselves.

People have a right to know if their information has been breached.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.