Catching up with a famous fraudster

Catching up with a famous fraudster

Summary: Subject of the film Catch Me If You Can, Frank Abagnale may be on the right side of the law these days but he hasn't forgotten how to beat the system

TOPICS: Security

...access to buildings and computers, but do you trust Visa with your DNA? I wouldn't. Once you lose your DNA you've lost your identity forever. As long as information is stored somewhere there's going to be breaches.

The UK government seems to claim that the National Identity Register won't be breached. Are you in favour of identity cards?
I'm not big on ID cards — you're giving the government information that someone else can access. ID cards make it 100 times easier to steal that information, because it's concentrated in one place.

That the ID Cards scheme was passed into law was not a good idea. Nothing is really secure; if the money is right, you can forge a passport to back fraudulent activities — you can forge ID cards. You can replicate holograms, dyes in paper, and give terrorists access to Britain.

With the ID cards scheme, all it takes is one weak civil servant to be bought off, and one weak link can [compromise the system].

So how concerned should businesses be about their employees?
Businesses should be very concerned about their employees. Most don't do background checks, because an employee started out as a receptionist. But now, guess what? They're an accounts executive, with access to [sensitive] information.

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

Companies should do background checks before they employ someone, and continue to do background checks, every 90 days.

But wouldn't that infringe on someone's privacy?
Basically the employee would grant permission to do background checks, as a condition of employment. It's a right of the company to do background checks on employees, to make sure information stays within the company. You can't just keep hiring people, because one weak link breaks the chain.

What's your opinion on a data-breach notification law for the UK?
In the US, every time there's a breach, you get a letter. Absolutely I'm in favour of data-breach laws — if someone gets into a company's systems, or there's a breach, by law companies have to send their customers notification within 24 hours. It lets the person take action themselves.

People have a right to know if their information has been breached.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion