top of page
sensible security

Handling Secrets

Part of our series on Handling Secrets.


Do you have secrets? I have asked this question hundreds of times. Most say no.


You do.


Your most valuable secrets are not the ones you may think. Most people’s SSN, cell number, and home address are available for a couple bucks apiece if you know where to look. Meanwhile, your childhood street, pet, first car, and honeymoon destination are worth far more because they can be used to take over your accounts and defraud you. Worse, once known, you cannot change the name of your childhood street.

A Facebook challenge to "Create Your Stripper Name! (first name= pet's name/ last name=street name)
A common scam on Facebook designed to harvest secrets from unsuspecting future victims.

Our world is changing


Secrets are confusing because our world is going through a cultural transition. Eighty years ago, personal relationships protected us from fraud—you knew your banker, your vendors, and your customers by sight. You could easily tell if someone tried to impersonate one of them. The world worked on paper: your signature was a meaningful proxy for your identity; forging it would require someone else to study your signature and practice it many times to convince people that it was real. Scams were only a risk from people you didn't know.


Now, you know far fewer of the people you do business with. Important transactions are often handled by calling into a customer service line and talking to someone you have never spoken to before, probably never will again, and will probably be gone in two years. Many transactions can be done through an online portal, where you interact with no one at all.

Paper “evidence” is also cheap to fabricate. Any twelve-year-old can copy and paste a signature onto a document copy with Photoshop. Even originals can be fabricated at low cost. Movies have been made about paper-based fraud, and some businesses are starting to phase out signatures entirely.


There are big benefits to this new style of doing business: credit cards are much easier for everyone to manage than individual lines of credit at your vendors. Online portals allow you to transact anytime and anywhere. It is also cheaper to operate: vendors no longer need to hire someone to take your orders.


Because they no longer know you, businesses must identify you in other ways. Your bank requires a driver’s license, an ATM card, or knowledge of some personal secret to make a withdrawal. Large companies now demand proof from vendors that they are “good for” the products they sell: third-party audits, liability insurance, and even financial solvency. Even check fraud is now mostly detected by these pseudo-secrets.


Businesses now use a variety of tangible indicators to demonstrate authenticity and trust instead of personal relationships. This has benefits, but one important downside: the indicators can be forged or stolen more easily than impersonating someone. Possession of phony indicators allows criminals to insert themselves into those impersonal relationships, leverage the implicit trust, and then steal money or information they can sell.


As fraud continues to rise, new ways to verify authenticity grow and spread. Those ways usually depend on new kinds of information, so we see waves of new personal data effectively become valuable secrets as businesses start using them that way. It can be hard to keep track of these trends.


Simultaneously, business moves faster. Played right, some kinds of information can enable immense profits or immense damage, often within seconds.


There is good news

Sensibly handling secrets and valuable information does not have to be difficult. There are simple ways to prevent criminals from stealing them.

This series will cover secrets and how to store, share, and even avoid them. In the first part, Valuing Secrets, we discuss common types of secrets, their worth on the black market, and the damage they can do to your business. In the second, Protecting Secrets, we describe the easiest ways to prevent their theft.

Comments


Subscribe for more:

  • RSS
  • LinkedIn
  • Twitter
  • YouTube
bottom of page