They are actually pro fraud. It is much better to doubt who the person is, and look for proof, then rely on an ID card.

And the ID card carries information, that can help someone assume an identification, so instead of hindering ID theft they will end up helping it.

It is like Biometrics they are not more secure than passwords, take the fingerprint example, if you can get someone to give you a fingerprint, probably not hard if they become common, then that fingerprint is encoded to a number, if the numbers match then you are in. So, get one fingerprint and work out the salt (yeah I wonder if they will even bother), you have the number, break pass the reader bit and just supply the number directly, hey presto. Cannot do that with a password.

I wonder about chip and PIN, clean the PIN entry device, get them to enter the PIN and then look for the finger prints, 4 digit pin 16 combinations. If you watch for the first finger position, then that drops to 8 combinations, you are averagely lucky you can break a PIN in 4. And that's assuming the PIN reader hasn't been replaced.

What we really need is decentralised security, security we control, so connect via an API to devices we code and own ourselves, but most people are numpties and they just won't get it.

I know someone once said that you will never go broke over-estimating the stupidity of the public, but 23% of the population have, or have a close family connection, who has fallen VICTIM to a phishing scam or similar ?

Or do they mean that 23% of the population have received phishing e-mails etc. ?

In view of the comment about ID cards in the article, someone had better make this distinction clear rapidly.

I used to be a ( legitimate ) salesman - I wish i could have found this 23% of the population !

Chris Cosgrove

. . . until your last "Caveat" paragraph!!

It's a good job you signed off with that because I was looking to rip you a new one . . . or two!!

It doesn't help when you 'file a report' with acronyms such as . . . OFT, APACS and FSA . . . whether you expand them or not!

But the clincher . . . for me personally, was . . . the 'comment' from David Emm, senior Tech C'unt of . . . 'Kasper - drive your bulldozer through my front and back door - Sky' looking for a way out of the . . .Ess-aitch-one-tee !!

Which, as it happens, was preceded by this:

http://www.theregister.co.uk/2009/02/10/kaspersky_promises_audit/

My summary?:

1. S.I.D., et al, should 'cease and desist' using the "cyber" prefix! Dr Who always defeats the Daleks and Cyber(wo)men . . . or so I am told!!

2. OFT and GSO research ( Who the feck are GSO?) shows fuckall about fuckall because they know fuckall about fuckall. The only thing missing from their report is 'child abuse!!'

3. APACS "report" is to June 2008 and has fuckall to do with 'online banking fraud' and more to do with covering their fecking asses in the same way the FSA is doing!!

Hmm, what's that smell? Er, nothing. Really?

I thought it was . . . books . . . cooking!!

4. A risk outlook report by regulators the Financial Service Authority lamented that consumer awareness of fraudulent techniques is mediocre - at best.

Is this a defense plea or a , , , "Yippie-Ky-Ay . . . MoFo!!" . . . moment??

5 . . . "and finally" . . . To appease all those who have . . . "Nothing to hide, nothing to fear" . . . advocates . . . I personally have nothing to hide and the only thing I have to 'fear' . . . is FEAR ITSELF !!

Or more precisely . . . FUD . . .

Fear (Hmm, don't think so),

Uncertainty (I know where others are coming from but I know where I am),

Doubt (Don't we all, but like a blizzard . . . I can see through a shit-storm and a storm of shit!!)

Ho-Hum for now!

"...get them to enter the PIN and then look for the finger prints, 4 digit pin 16 combinations..."

I assume you mean that the fingerprints will identify which 4 numerical keys were pressed?

In that case there will be 4!= (4x3x2x1)=24 combinations.

If you know the first finger position, that drops to 3! = 6 combinations.