Security guru urges banks to beat ID theft

Bruce Schneier says that financial institutions are leaving the public to pay for identity theft, but if they take the right action the problem will go away

Banks and other financial institutions need to do more to beat the problem of identity theft, according to a leading information security expert.

Security expert Bruce Schneier warned this week that the problem can be solved if banks take the right action, and aren't deterred by the cost.

"Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names," warned Schneier. "They can put security countermeasures in place to prevent fraud, detect it quickly and allow victims to clear themselves."

Writing in the latest issue of Wired, Schneier says that banks haven't solved the problem of identity theft and phishing because putting in the right infrastructure is expensive and is "not worth it to them".

Schneier called on governments to take action, arguing that if they push the responsibility for identity theft onto the financial institutions then this will compel them to tackle the problem of phishing.

He argued that although financial institutions bear the direct costs of identity theft, "the costs in time, stress and hassle are entirely borne by the victims" so "financial institutions have no incentive to reduce those costs of identity theft because they don't bear them".

Others agree. "Banks and financial institutions can do a lot more to protect people from phishing," said Alyn Hockey of content security company Clearswift. "Sender Policy Framework, Caller ID and USB tokens can all help make system more secure. We just need someone to make the first move."