Password Frenzy

Created on 31/3/2008

I don’t know about your take on this, but I have reached Password overload. I agree with the need for security, but clearly our systems don’t operate as they should. They’re impossible for the consumer, but perfectly navigable for the fraudster. That cannot have been the intent.

I have about ten personal and corporate credit and debit cards, and they all have Pin numbers, or in the UK you simply can’t use them. The temptation is to change these Pin numbers when you received the card, to a simply remembered number, such as a birthday, on all of them. Of course this is pretty foolish since, if someone else, can figure this out, and gets hold of your card they can have a birthday treat of their own. But how can anyone remember ten different Pin numbers, it’s not possible. Some of us cunningly have half of our cards using one memorable birthday and the remainder on a different memorable birthday. Then you’re faced with which card belongs to which birthday group.

Add to this the requirement to remember every one of your web, blog and other Internet addresses, passwords and URL’s. My head begins to spin. If you write it down somewhere then your local, friendly crook can find it just as easily as you can. In my home and business we have another four computers for which I am responsible, each with their own passwords, and then there’s our WiFi broadband access code. The burglar alarm has its own code, and a word to remember to tell the central dispatcher when you set it off by accident. Of course all the bank accounts have their own security codes, and passwords, as do every other account we have.

Imagine my horror when, after all of this being in place, I looked at one of my credit card bills last month. I discovered that someone had defrauded the card of nearly £3,000 ($6,000) in January. Immediately I telephoned my card issuer to notify them of this. A charming young lady with a Punjabi accent passed me to someone in the Fraud department. They listened to me patiently, but somehow they made me feel as if I had done something wrong. The questions they asked me sounded more like accusations. I re-assured them that I had never been to any of the places in Florida in which the fraudster with my cloned card had spent this money. In fact I have only been there twice, once about eight years ago, and previously twenty-two years ago. I found myself having to prove a negative, which was not appropriate or easy. I wasn’t there, and could prove it, but maybe, the implication was, you had given someone else your card and they were doing this on your behalf. A neat trick when I had the card with me all the time.

My card must have been cloned but I was faced with having to dispute each and every Florida entry, including visits to a risqué lingerie shop, and trying to reclaim the excess interest and over limit charges.
Surely the way to counter act all of these problems is for the credit card companies, the banks, the insurers, the customs and immigration people and anyone else whose business demands knowledge that proves we are who we say we are to work together. Maybe there’s one biometric system for everyone to enable this. That way the system could be made foolproof. We can’t fake the details in our eyes and fingerprints simultaneously as its just too difficult. We would be left with a system that didn’t involve signatures, codes, passwords or other nonsense.

Of course I would then have no alternative but to fight the system I’m calling for on the grounds of it infringing my human rights and privacy. What was that bloody number?