Played by Leonardo DeCaprio in the Steven Spielberg-directed film Catch Me If You Can, one-time fraudster Frank Abagnale knows a thing or two about security systems.
During his time on the wrong side of the law, Abagnale posed as an airline pilot, a lawyer and a doctor. These days Abagnale is firmly on the right side of the law, and has worked with the FBI for over 30 years.
In a Q&A session before his keynote at the RSA Conference Europe 2007, Abagnale spoke to ZDNet.co.uk about security projects such as the UK ID scheme and explained how one weak link can compromise a whole organisation.
Q: You recently said that technology is making it easier to perpetrate fraud. Could you elaborate on that point?
A: Forty years ago I forged cheques on a Heidelberg printing press that filled the room, took three printers to operate, and I had to build scaffolding to get up to the top of the press itself. Today if you are forging cheques you can open your laptop and pick a graphic, and in 15 minutes have a beautiful four-colour cheque. Obviously there are no con-men any more — the victim never sees you and you never see the victim. Now you can do it by the internet, in your pyjamas.
How big an issue do you think identity theft really is?
Stealing identity is the simplest crime of all, as simple as counting "one, two, three". Individual identities have a high net worth, yet [some] mortgage companies throw out their records, and you can find them in a dumpster. The problem is, companies and governments need to ask themselves what they are doing to protect the identity of employees — most do nothing. They need to invest in identity management, and put authentication on laptops.
What are the factors that make identity theft easy?
Businesses can have details on 6,000 policy holders, and one employee who's on minimum wage can sell it. They [businesses] have nothing in place, this takes place every single day.
You go to the gym to work out, and they take a copy of your driver's licence and credit card details, and hold them in an unlocked filing cabinet. A person in the gym is on minimum wage, say $6 an hour, and you go to them and say "I'll give you $50,000 if you get me this information. I don't know you, you don't know me, just go and write these details down, then put everything back — don't take anything or remove anything". Selling information for profit is easy, if you don't get caught.
Aren't there technological ways to strengthen security, though?
Technology, and the use of technology to defeat criminals, is improving. However, there is no foolproof system, and whoever says there is fails to take fools into consideration.
What are your views on biometrics to strengthen security?
The most important thing for humans is privacy. I wouldn't want to supply my biometrics for transactions. I support biometrics for...