ID sales sites start loss leader marketing programme
Journalists find thousands of IDs online
Customer Success Testimonial: Recovery is Everything
The Information Commissioners' in-tray got a little bigger today as it confirmed it would be investigating a series of ID trading sites unearthed by journalists.
The Times screamed today that "the financial details of tens of thousands of Britons" were being sold on the internet.
The paper detailed how it had been able to download banking information for 32 people, including account numbers, PINS, and security codes, "without spending a single penny". The data, including that of a deputy judge, was apparently offered as a free taster by the ID traders.
It's no secret that personal details are being traded online, although the fact that criminals are now offering free samples is a new wrinkle.
A spokeswoman for the Information Commissioner's Office (ICO) confirmed the paper had passed on the details of its investigation, and said: "We'll be looking at the evidence."
She pointed out the ICO had previously called for custodial sentences for criminal trading of details.
Given the ICO's remit, the organisation's interest would presumably be in how the data escaped into the wild in the first place.
Criminal investigations would be down to the police, who would also take the lead in shaking down sites which are based abroad – it seems unlikely such sites are being hosted in the Thames Corridor.
Unfortunately, UK police are not falling over themselves to investigate card fraud as it is. A change in the law earlier this year means victims of card crime are now advised to go to their banks, rather than to the police.
The recent release of 25 million IDs into the wild courtesy of HMRC might be expected to further complicate matters, both for consumers looking to keep their IDs out of fraudsters' hands, for the ICO, and for authorities investigating fraud.
Of course, we could always look on the bright side, and hypothesise that the UK government's decision to flood the market with IDs will drive prices down, encouraging some ID traders to pack up shop. ®
COMMENTS
Why don't banks make signature and PIN systems reliable as proposed to deter fraud.
These details show that the government and banks are letting fraud crimes grow by relying on unreliable systems rather than combat them simply by making signature and PIN systems reliable and foolproof as proposed on website www.xwave.co.uk
Fake documents has made our signature system unreliable while skimmers and pin-hole cameras etc. have made PIN system unreliable. We have option to make signatures reliable by personalising them with ID stickers and option to use Card Key Code to make PIN system reliable.
Proposed ID KEY system will deter fraud by making signature and PIN systems reliable and so this will eliminate the need for us to protect our personal and PIN details since fraudsters will not get tempted to misuse them.
Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals.
Ermm..
If trading in stolen bank details is a crime then surely the buyer is as guilty as the seller - I can inform the police of one such criminal organisation's identity..
"The paper detailed how it had been able to download banking information for 32 people, including account numbers, PINS, and security codes.."
The previous posters are corerct, though; nothing will be done until this sort of crime hits those who actually matter to the government (big banks, rich tax-exiles with brown envelopes full of bribes ..er.. 'legitimate political donations', weapons manufacturers, 'merican presidents, cabinet members' wives' tennis partners and so-on). Until then bugger-all will be done because frankly they couldn't give a soggy toss about the man in the street. hell, they don't even make an effort at lying to us convincingly any more.
Accounts should be frozen
Surely the solution is that any account where the details are known to have been compromised like this should immediately be frozen? I know it would be a serious pain for the account holders, but it would reduce the resale value of such details to zero. I'd sooner go through the process of resurrecting my account than have criminals clean it out.
Penalties depend on people being caught, and credible evidence being presented to a jury with the nous to understand it. The solution is to make the information worthless.

IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything