Very interesting times in the world of identity theft. As the victim-community becomes more and more sophisticated, so it becomes less and less ready to accept the actions of the established corporates. Last week, the mass-media caught up with this new, less compliant reality.
To date, the corporate stance has been: shred your statements, hide your pin, and you'll be fine. Meanwhile, take out some identity theft protection.
In our February 2005 ID theft seminar, Glasshouse predicted a forthcoming tipping-point when the volume of experienced victims would be sufficient to overturn this received wisdom. The media in turn would start to reject this stance, and kick back.
Well guess what - on September 5 2005 (5/9/5) things tipped.
Newsweek published a seminal article: Grand Theft Identity.
The premises which underpinned the previous blame game were as follows: 1) ID theft is the fault of the individual 2) Data-holding organisations are doing all they can 3) Technology is powerless to solve the problem. None of these is now accepted as true by sophisticated media.
The market has now reached its next level of evolution. At Glasshouse, we reckon that Identity theft will henceforth begin to be recognised as an issue which the individual is powerless to resist. The cracks in corporate personal information management practices will be be exposed. Instead of ducking the blame, organisations will increasingly need to account for their own practices and in particular, their victim responsiveness.
Smart organisations will start to publicly share their own actions and approaches and reengineer their customer support. Starting victim support groups is an obvious first step.
Some time later - perhaps by mid-2006, the next phase of this cycle will kick in: the realisation that data theft is not the issue, but data exploitation. The hard truth is that this issue can only ultimately be solved downstream - in the personal data marketplace. The balance will shift from offering consumer advice, to exploring and adopting technologies and protocols which manage downstream identity-in-use. Consumer advice will shift to substantive personal information management (PIM) support services - not just insurance products.
At this stage of the cycle, though, levels of ID-security and ID-authentication procedures will become highly stratified, application-specific and ultimately user-accountable.
This right side up phase will usher in the world of the personal knowledge bank; of personal digital identity, and of contextual authentication. It may still be 2-3 years away in its full form, but it's going to be a big, and lucrative deal. Retailers, telcos and financial services companies have a lot to gain by being on the side of the consumer, not against them in this battle for self-protection.