A gram of caution is worth a ton of remedy

Identity theft may have the image a complicated new kind of cyber crime but it’s a concept that has been around as long as fraud itself.

The invention of credit cards made identity theft more profitable and the Internet has provided more opportunities for deception, yet our techniques for protecting ourselves lie - as they have always done - fundamentally in the domain of self-governance.

This is not to say that regulators do not have a role to play, even in a decentred multi-jurisdictional world, but our first best defence comes from citizen empowerment and industry self-governance rather than heavy handed government lawmaking.

Citizen empowerment and education are key concepts in crime prevention generally - most people know not to walk alone in dark alleys or take treats from strangers. Similarly, a combination of caution and awareness allows online citizens to be alert to scams, cons and pitfalls.

Our identity is a compilation of various documents, identity numbers, passwords and data. The first step to protecting our identity is to learn how to keep these things secure and what information not to hand out to strangers.

The bag of tricks used by the con artist and identity thief can be a lot more low tech than you would at first assume. While these offenders can hack into secure systems, they often gain information from more mundane sources. By “dumpster diving” fraudsters search through personal or business garbage for discarded bills and letters with scraps of information, post-it notes with vital passwords and other clues. Social engineers inveigle themselves into organisations by appearing to belong there and pick up bits and pieces of overheard information, unfiled memos and other unsecured data.

Neither the most heavy duty computer security nor the most stringent legislative controls can prevent these kinds of low key intrusion. Educating employees and citizens about their information handling practices is the first best method of preventing fraud. Of course all the education in the world will be of no use if it is not backed up with practical and efficient support from businesses and industry.

These forms of education usually target the younger and older Internet users who are perceived to be the most naïve or unfamiliar with technology and therefore the most vulnerable. Nevertheless scams often successfully target those who ought to know better or who lack the humility to perceive they may become a victim.

The ACCC has recently begun targeting corporate CEOs who are unfortunately falling victim to email scams that would be quickly avoided by younger, more sceptical and technologically savvy people.

It can be difficult to establish the right tone for these educational awareness campaigns so they build cautious yet confident e-citizens. Too alarmist or too complicated advice can harm electronic commerce and the confidence that consumers have in the market. Informal and low-key advice risks being ignored. Again there is a clear role for industry alongside government in provided good, concise and rational advice - reassuring citizens and countering media panic stories, while maintaining an appropriate air of caution.

The role of industry goes well beyond being an information point. This is the second important element of self-governance, the role of industry in providing safe online environments and protecting consumers. The commercial part of the Internet could not have grown at the rate it did without the support of credit card services and online services such as Paypal which give consumers access to remedies and refunds when they have been the victims of fraud.

While the cost of these safeguards have been distributed to consumers generally, they provide an important remedy for victims of fraud, particularly on the Internet. Insurance, investigation and remedies form the foundational structure on which confidence in e-commerce has been built.