1 FPEG Identity theft & payment fraud point 2.2 19 December 2007.
Post on 27-Mar-2015
221 Views
Preview:
Transcript
1
FPEG
Identity theft & payment fraudpoint 2.2
19 December 2007
2
Identity theft related events/papers• 1. FPEG report on identity theft (October 2007)• 2. Portuguese presidency conference (November 2007)• 3. DG INFSO Conference: « A Digital Europe, delivering a
secure e-environment for mobile European Citizens” (November 2007)
• 4. DG INFSO High Level Seminar Portuguese presidency conference on "Raising security awareness and strengthening the trust of end-users in information society: Policy challenges for the next decade“ (December 2007)
• 5. DG JLS Study on the need for instruments to combat organised crime related to Identity Theft in the EU Member States
The question of trust, and not just the legal questions, seems to be at the very heart of the discussion
3
FPEG Report on identity theft/fraud & payment fraud
• The report was disclosed in October 2007, in advance of the Portuguese presidency conference on identity theft.
• Main conclusions in relation to user trust:– Need to maintain integrity of identity chain. Weak areas are:
customers’ PC + data storage service provicers (including public databases…)
– Caring for victims is important – Educational tools (in relation to the on-line enviroment) for weak
parties (individuals, SMEs) need to be available
• The report is available at the FPEG website. – Feedback
4
FPEG Report: extract
5
Portuguese Presidency Conference
• www.idfraudconference-pt2007.org
• High level conference on identity theft (November 2007)– Focus on identity theft/fraud in general– A presentation on id theft and e-banking
(SIBS) • Interesting messages regarding trust
6
7
8
Portuguese Presidency Conference
• Conclusions similar to those of the Commission’s conference of November 2006 [31 points]– 1. Need for integrated approach to identity
management– 2. Growing phenomenon + 3. transnational issue– 4. Need for statistics– 5. Sharing best practices– 6 + 7. training (law enforcement, cybercrime
investigation)– 11. public private cooperation desirable
9
Portuguese Presidency Conference• Conclusions (continued)
– 12. balance between fundamental rights & security– 13. cooperation among MS–
– 15. timely exchange of information– 16. prospective and planning approach– 17. leadership and political engagement– 18. crime proofing of legislation, products and
processes– 19. product, process, information -> security/safety
10
Portuguese Presidency Conference• Conclusions (continued)
– 21. balance between physical/digital documents– 22. border controls– 23/26. Criminal law
11
Portuguese Presidency Conference• Conclusions (continued)
– 27/30 Cybercrime
12
Portuguese Presidency Conference
• Conclusions (continued)– 31. Follow up
13
DG INFSO - SecurEgov• SecurEgov
– Developing secure Pan-European eGovernment services. – The question of identities and electronic identities - at the heart
of this research action. • Conference on "A Digital Europe. Delivering a secure e-
environment for mobile European Citizens“ (Nov. 2007) – aim of the conference was to identify similarities in how different
but security conscious cross-border systems dealt with challenges
– SEPA developments were presented (ABN Amro)– Unisys presented some research on trust and security. It
developed a security index to support a research action and found that:
• (a) fraudulent credit card user and unauthorized access to information are priority concerns for Europeans, and
• (b) misuse of personal information is another major concern for 81% of the respondents.
14
15
DG INFSO - SecurEgovAmong the conclusions of the conference, some selected ideas:• Security: how to organise it can be left to the market/outsourced, but
not the responsibility!• Trust as a central issue. Trust of the users and trust between the
public authorities in developing common or linked up systems. • Retaining some form of ‘citizen-centricity’ was an important
concern.• The existing data protection framework was felt to be perhaps not
quite appropriate for the delivery of PEGS.• Data protection: A model which combines expert control and
individual control should be sought; which allows the citizen to change inaccurate or out of date information, but also permits the management of this under comprehensive and appropriate policies and procedures.
• Other evolutions to the legal framework could take place, such as the establishment of measures to provide for responsibility amongst all stakeholders for security (e.g. via legal incentives) rather than dealing with the consequences.
16
DG INFSO – Trust of end users in information society
• High Level Seminar on "Raising security awareness and strengthening the trust of end-users in information society: Policy challenges for the next decade“ (Dec. 07)
• Discussion focused on technology, dependence and perception
17
DG INFSO – Trust of end users in information society
18
19
DG INFSO – Trust of end users in information society
20
DG INFSO – Trust of end users in information society
• FPEG &FPAP were present• The main messages of the Conference (financial
services perspective):– Balance between protecting "ignorant people" vs.
leaving it to the market– Awareness and education of the user are more
important than technology; – Responsibility should not be with the user [the
question of liability] • (cf. Article 61 of PSD).
– De minimis safety legislation?Errare humanum est, perseverare diabolicum
top related