PII in the Bitcoin World
PII stands for personally identifiable information. Right now, I see and hear many people talking about just how easy it would be to take and use PII. That it would sell for cents in the dollar.
WELL, WHO CARES!
I mean, honestly, if all you do to manage the security of your finances is hide your head in the sand and leave trust to obscurity, then you deserve all that such an approach brings with it. I may seem uncaring and I may come across as cruel here, but really, it is a simple process to actually protect your information.
The most commonly missed issue in security is WHY. We commonly fail to investigate the cause and need. PII is not about privacy, it is about stopping unauthorised applications and changes to your credit file. In other words, it is all about stopping people doing things such as applying for a credit card or a home loan in your name — the main issue involving a credit card.
As such, the issue is not whether a criminal can buy your information, but rather if they can steal money from you.
So why are we looking at PII as the issue?
The big issue (as is common) is awareness (or rather a lack thereof). There are real controls that stop the problem and which are not ones that can fail catastrophically as obscurity does. We are talking about things such as credit monitoring.
I will first say, I am simply a client of Veda. I pay them money, and they provide a service. I have not been approached to talk about their product. I am plugging it as I use it and like the service. It is a security solution to PII.
I use MyCreditFile, a service by Veda (http://www.mycreditfile.com.au/personal/).
For a dollar a week, I have any changes to my credit file reported to me. I can stop applications cold. I have had three attempts to apply for loans under my name, and I do not hide any information (privacy is dead). Each time I have been notified. I have lost nothing but the time to send an email with a dispute notification.
It is that simple. There are similar agencies in the US, the UK, etc. SO I have to ask, WHY? Why care about PII. Like many security solutions, they address a problem that is a symptom and do not offer solutions at all.
It is about time we address the cause and implement solutions that actually solve the problem. Here, we are talking about a simple solution to PII theft.
I used to use Quicken, and I would load my statements into it and check what I have spent. I scan my receipts, and I reconcile my accounts. Not only is doing so good from a point of view of managing my accounts, I also know when something has occurred, and I can lodge a hold within days.
We only win when we actually find controls that solve the problem and not ones that look at the symptoms.