Clubcard on acid
And in exchange Equifax, who administer the back-end, get a master view of all the sites and uses of an individual's card. Lots of scope for targeted advertising and privacy 'issues' going forwards.
Credit reference agency Equifax has launched an online identity card scheme that aims to reduce consumer security and password headaches. The Equifax online identity card or I-Card, launched as a beta on Thursday, is designed to make to make online transactions easier and more secure. Users of the i-card will be able to log …
As the first (and only poster as i type this) states. I would not be happy using such a service as the article mentions. Personally i have no desire to have a credit checking (and now) purchase checking org be combined.
Here's a thought, how about banks etc, come together and devise their own plan for security for online transactions - saves them money in the long run and protects customers...
Of course, that woud mean them actually talking together (well, apart from the obvious meetings they have when determining how to screw over the population, and line their own pockets).
Why would anyone want to give a Credit Reporting agency any more information about themselves than they already have? They are the the ultimate purveyors of personal information, selling all manner of personal financial information to anyone who wants it. Do they get to see your web site login activity also as a result now??
I have no doubt that this is what they intend, and without Vaseline, a reach-around, or even a good-bye kiss.
Nevertheless, it might be possible in theory to do this without handing over all your data to anybody. Maybe using local storage, in combination with centrally stored hashes. You hand over to a banking or e-commerce site only as much info as you need to (you can't really get around this part) and they confirm your details by looking up the hash on Equifax's servers.
Or something. A text file recording everything I know about security would have fewer bytes than its own PGP signature.
Online shopping would be so much easier and safer (for both buyer and seller) if there was some centralised identification system. Of course, the problem is that sooner or later you have to trust *somebody* with your data, and you have to trust that no-one has compromised this most tempting of targets. Or simply registered a fake ID with them.
But only in a perfect world would we find such a system, and in a perfect world, we wouldn't need it, because everybody would already be trustworthy. Sigh.
I acquired an advertising CD from Equifax some years ago from a stand at a security related exhibition. Even then it was scary, just how much information they bragged about having on every UK citizen. About how they could find anyone inside 6 months, just from the normal traces that they leave in the course of buying and selling and working and breathing. [OK the last one might be an exaggeration!]
I agree with the others that the last thing they should be trusted with is even more pieces of the same jigsaw.
A quick comment on OpenID. I suspect that one of the reasons that it "does not work" is that it is not in the pocket of the big internet giants as firmly as they want it to be. That we are not yet sufficiently subservient to MicroGooghoo! as they think we should be. For anyone can issue their own OpenID. See http://openid.net/get/ and scroll down to "Roll Your Own" or http://wiki.openid.net/Run_your_own_identity_server . Of course my own phpMyID script doesn't work any more as it gets trapped by PlusNet's transparent Squid proxy, forcing a time out. The proxy that is used to enforce the IWF prohibition list. No they won't do anything about it, because I do not host the script on their servers, but on a free one elsewhere. I wonder ...
the orwellian all-controlling gvt and their disgustingly selfish overlords can JUST FORGET IT.
their days are numbered.
bit by bit people are waking up to what is really going on and when they do, they must REJECT it.
is it right that we allow ourselves to bullied and forced into accepting all this rubbish?
i say NO NO NO NO NO.
this is supposed to be OUR country, where we actually get to choose for ourselves, yet it is not.
....they can trace me, know who i am, place me under surveillance, label me in any manner they choose, or try whatever they like (and they know it, and probably have/do already hehehe).
i say B O V V E R E D!..
come and get me then...
i'm sure to have broken some laws like: standing in a long queue, or having no plant passports, or exuding unapproved co2 emissions (from breathing).
Once upon a time it was compulsory to prefix a word with an "e" to guarantee that it automatically became meaningful, useful and desirable - examples: e-Government, e-Science and e-Learning (but not, of course eBay).
Now the magic prefix letter is "i", hence iPod and ITunes, and now i-Card.
But people, having been fooled before, "won't get fooled again", and also for the reasons listed by previous posters!
I agree with the other posted comments this is just about getting more personal information for an organization such as Equifax given their current business of credit checking individuals. Having the spending/surfing habits of their customers is just going to be a wealth of additional information for their own gain.
No different to supermarkets etc I agree but given their credit scoring business there is something i feel more sinister about the i-Card.
The tossers at Equifax can't even get people's addresses right, claiming that it is impossible for *anyone* to use an address other than exactly as it is stated in Post Office Address database file.
This is total bullshit because countless organisations can and do override such data. Most companies are fully aware of just what an utter piece of inaccurate crap the Post Office Address File is.
If Equifax can't even get something as simple as an address correct, then there's no way I'm trusting them with anything else.
The idea of a card that holds your personal information is not in and of itself bad. What stinks are the current *implementations* of them. Perhaps a more proper scheme would involve the following: 1) The dongle should have a built-in fingerprint reader such that a correct press is the only means to activate it to conduct transactions. 2) All personal information must be encrypted--preferably individually and perhaps using the fingerprint as a key (from here out, any mention of keys implies the use of robust and well-known key systems). 3) It must carry means to prevent "man in the middle" interception of data or simply make it useless after the transaction--transactions keys used on the system must be one-time-only. My thought is that it should include an internal clock that can also be used as an encryption key to facilitate making a one-time-only transaction key. 4) Perhaps as a means to establish two-way trust, transactions should only be conducted between two such keys--businesses should have such a device or the equivalent on their end as well, and that a transaction should involve the seller also exchanging contact information as a means to prove the seller is legitimate. Finally, as an option, small amounts of publicly-valuable information could be available for general dissemination if needed, such as including at least a name and perhaps "Medical Alert" information in case one is in medical need and is in possession of such a thing.
There, I vented my spleen.
This post has been deleted by its author
Their web site says that you can
"Login to websites with a single click"
"It is Your responsibility to review this Agreement prior to each use of Your I-Card"
So, before you click, you have to visit their web site and read many pages of legal mumbo-jumbo. Password headaches sound minor by comparison.
I had need to check my credit history about 18 months ago, so I coughed up a tenner to Equifax for a single peak at my details. Basically they have everything about my credit history since the age of 18 when I left full time education and got my first serious bank account, they even had a record of the only time I ever missed a loan/credit card payment, back in 1992!
You think Wacky-Jaqcui's uber-database is scary, Equifax are truly Orwellian!
KeePass for anybody who isn't using it? It doesn't solve the "problems" that Equifax supposes exist - it simply stores all your usernames and passwords in one encrypted file, and can auto-type them for you.
This means that you can pick ridiculously complicated passwords that are different for each site, so if somebody compromises one site everything else will be safe - the very opposite of the Equifax approach. It's the best program I've discovered in ages.
I should trust Equifax with my personal data? They have difficulties to get my address right. It will be a cold day in hell before I voluntarily rely on them. Needless to mention that they hand out the data they already hold left, center and right without checking whether the company asking for it has any business with you. You think this will change when they get even more data?
I keep looking the "use once and toss" cypher and they keep trying to get one number for me to user over and over and over again. There's a reason I don't sign up for email billing from my credit card companies: I don't want to socially engineer myself to cough up my ID to a phisher.
Biting the hand that feeds IT © 1998–2020