• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 35,000 monthly views (unique) and 208,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

How ID Verification Laws Are Fueling the Next Wave of Data Breaches

johny899

New Member
Content Writer
Messages
742
Reaction score
3
Points
23
Balance
$915.8USD
Have you ever thought about why companies and apps are now requesting a passport or driver's license just to sign-up or confirm your age? It seems small right? Well… the issue is these ID identification requirements give rise to new risk for accidental disclosure of data.

Governments want companies to truly confirm who each person account keeps as user accounts as a means to prevent fraud and keep kids safe online. Fair enough… until the hackers get your ID card credentials. The minute companies start keeping millions of ID cards, it's a treasure trove that opens them up to risk of identity theft because it can be all used to hack a person, simply.

The issue in all this?​

To the extent that computer programs collect your ID information makes them all that more of a target to hackers because they need your ID to create havoc. They love this stuff because an ID has everything they will need — first and last name, address, birthdate, and even a photo.

Here is why that is terrible:
  • They’re now keeping massive stores of sensitive data.
  • Sometimes they are hiring third-party services that may or may not be secure enough.
  • More than a password gets stolen if a hacker successfully gains access — in fact, the whole identity can be stolen.
A couple of years ago, I read a story of a company who had no idea hackers were in their ID database, until months later. By that time, it was too late.

Who is getting hit?​

This is not an industry-specific problem. It's everywhere - health care, banking, social media, shopping, etc. Anywhere that you need to "verify your identity" can catch you in the fray.

When bad actors get access:
  • The company loses trust and is financially penalized.
  • Users get scared and stop using their service.
  • Teams lose weeks repairing the breach.
All because a law forced them to collect more data than they could secure.

Why "collect less" doesn't work anymore​

For years, we told our customers and clients, "Only collect what you need.” However, some laws now force companies to collect more.

That’s the same as saying “Keep everyone safe, but please be sure to make sure you have everyone’s ID in one big folder to access, which is conveniently easy to hack.” That does not make sense, right?

In essence, businesses now have additional risk because they are complying.

What can be done​

If you’re a business:
  • Only collect what’s necessary.
  • Cross-check your security if you are using a third-party to verify someone’s ID.
  • Encrypt & monitor all ID data – don’t treat it as standard file.
  • Be transparent with your users on why you’re collecting – and storing - for ID.
If you’re a user:
  • Ask yourself “Do I trust this site with my ID?”
  • Only upload documents if you need too.

Final thoughts​

These ID verification laws are well-intentioned, but are generating more risk. Every time someone scans a photo ID or uploads some document their ID could potentially be breached.
 
You must log in or register to reply here.
Menu
Log in
Register