Skip to Content

Asian Tribune is published by World Institute For Asian Studies|Powered by WIAS Vol. 12 No. 2611

Identity Theft: will it make users weary of online trade?

Hemantha Abeywardena writes from London…

In the age of convenience, the growth curve of our daily anxieties does not seem to be heading downwards against time, despite the glowing progress made on the technological front, which our forefathers couldn’t even dream of.

It is not just the list of potential calamities that frightens us to the core, but the scale of individual damage: the probability of being hit by a giant meteorite; a sudden outbreak of pandemic that is resistant to known antibiotics; extra-terrestrials who steal our aeroplanes, pilots, crew, and the passengers with technical background - or in the worst case scenario, abduct our lovely women for their ovaries; kids losing their ability to write their own name with a pen or pencil in our lifetime, thanks to excessive tendency of copying and pasting becoming a convenient substitute for traditional writing as we know it, to name but a few.

An element of the list of anxieties, which up until recently attracted a mediocre attention, suddenly came to prominence this week, but for all the wrong reasons – identity theft.

The news that the online retail giant eBay had been hacked, made the online users very jittery this week for more than one reason: firstly, it happened three months ago and the news grabbed the headlines just this week; eBay confirmed that the personal details of all of its 230 million customers worldwide had been stolen, which include me and in all probability, those of you who read this peace at the moment.

eBay, which accounts for over $200 billion online global sales, has metamorphosed from a mere auction site into a retail giant in little more than a decade. The customers hoped that the company would take care of their personal data, exactly the same way they took care of customer care while minimizing the room for fraud, if not completely eliminated.

In this context, the time taken by eBay to discover the breach of security and then disclose what actually had happened, to its loyal customers has come under intense criticism; it may not just end there. There may even be investigations at government level, as the scale of the problem is too serious to be swept under the carpet.

eBay admitted what have been stolen and the list doesn’t make pleasant reading: email addresses, phone numbers, names, date of birth etc. eBay urged customers to change their passwords; many in the internet security realm, however, believe that the damage is already done, because some of the things in the stolen list cannot be changed – name and date of birth, for instance.

Since many customers tend to use the same password for multiple sites for obvious reasons, the loss of data for such a user creates multiple threats. The matters may even get further complicated due to the close connection between PayPal, the payment provider, and eBay, even if eBay says that credit card details are still safe. Moreover, customers use their date of birth as a form of password to access online bank accounts.

PayPal, meanwhile, issued a statement saying that their databases have not been compromised.

Identity theft, by definition, is a way of stealing someone’s identity by pretending to be someone else.

The hacking, according to eBay, has been done by hackers while using the credentials of an employee – the login name and password. They manage to access eBay servers via this gateway to download the vital personal information of its customers.

eBay has gone into damage limitation mode by saying that the passwords are encrypted and therefore, hackers may not be able to decipher them. The retail giant, however, cannot say the same about the date of birth and names, as they are not encrypted.

The security experts beg to differ with top eBay managers, despite the assurance given by the company; they say that the time lag between the actual hacking and the discovery is long enough for hackers to decipher the details of the stolen data.

During the past few weeks, there have been multiple instances when users were urged to change their passwords, which resulted in not only endless anxieties, but also sheer inconvenience.

It is not easy for any user to remember the passwords that he or she uses for several sites. In this context, it is understandable why he or she prefers a single password to multiple passwords: in the event of forgetting one of them, he or she is subjected to a hugely cumbersome process to recover it or in the worst case scenario, denying the access to the sites in question for long time.

Of course, the customer will not desert eBay en masse due to the failure of its security mechanisms. There are, however, plenty of reasons for them to be weary of feeble nature of some of the so-called smart security tools that the big players often boast about.

The silence maintained by eBay on this occasion, in the long run, is damaging, not only for the retail giant, but also for online trading, in general. The company should never embrace the notion that it is too big to fail.

In 2011, Sony’s PlayStation network was hacked and the personal details of 77 million customers were stolen. In 2013, the company was found guilty of the security lapses that resulted in the breach and fined almost $400, 000. The catalogue of events did very little to deviate the electronic giant from its downward spiral.

The recent security threats and our collective vulnerability to identity theft coincide with the startling declaration made by Symantec, a pioneer of antivirus software, that antivirus was dead, although, it was not a revelation to those in the security industry – something they knew for a long time.

The recent outbreak of Cold War, the widening gap between the East and the West and the maritime disputes between the nations in the South East Asia provide the determined hackers with a clear agenda, a perfect cover for their clandestine activities and hold the entire online community to ransom.

Of course, the security experts may come with a solution to the most recent attack. That, however, will not stop the inverted ingenuity of hackers in their tracks. The two developments – threats and temporary solutions - will alternate while emulating the corresponding changes in the defence establishments.

History tells us that the euphoria of man who invented spear – and then boasted about it – was truly short-lived; because, it did not take long for his rivals to come up with a shield to counter the threat.

Judging by what we experience on daily basis, identity theft and the mechanisms to counter it, will follow the same pattern – much to our dismay, of course, which is very unfortunate.

- Asian Tribune -

Identity Theft: will it make users weary of online trade?
diconary view
Share this