We treat commerce as some sort of separate entity today, but it is quite simply one element of the integrated society we have built. Money is nothing more than a promise, a contract between people. It only works if we all have trust in the system. Money was created as a way of allowing people to trade goods and services in a consistent way.
Money only works if we all accept it as having value, if we lose trust in money they we all need to start carrying around purses with precious metals and shiny objects, that we could use to negotiate for goods and services.
Decades ago we moved away from using coins and notes to using numbers, but initially we had to have a copy of the numbers on our person to share with those we were trading (credit cards, checks etc).
Now all we have to do is give someone our numbers and they can suck money from our bank accounts or credit cards for us to pay later, or implement more complex contracts such as loans or major purchases. Your employer pays you the same way, numbered accounts in numbers locations is all that is needed to move money around.
Numbers are easy. You go into a restaurant and they suck money out of your credit card account. You take a taxi and the same happens. It’s very easy to move money around.
But what happens when the system breaks? What happens when a criminal gets hold of your numbers. They go to CVS and swipe a copy of your credit card, who checks? What happens when the disillusioned minimum wage worker at a fast food restaurant scans your card when they take your order and sells your information. And what happens when the bank doesn’t have enough security around your personal and private numbers, and they are stolen? What happens when one of the largest consumer credit reporting agencies, which has been collecting vast amounts of your personal and private data, loses it?
Quite simply we rely on a small series of numbers as our personal identity. These numbers are published in public documents, as well as being collected by many different organizations. And we have almost no control over how they are published, stored or used.
Theft of these numbers, our identities can take place across political boundaries, meaning it’s next to impossible to bring criminals down.
When someone collects and stores our personal information, they are taking on a responsibility to each person whose information they collect. If by their actions or inactions, that information reaches a criminal who steals from us, they have an absolute responsibility for the loss.
If a person dies because a car manufacturer installed brakes incorrectly, they are responsible. If a drug company creates a treatment with an adverse effect that wasn’t fully understood, they are responsible. And if you suffer a loss because a bank, a financial institution or a vendor failed to protect their copy of your personal data they should be directly responsible for the loss, and for repairing any damage it causes.
The law must reflect the importance we all place on personal data. Today it does not. There are some “soft” laws that describe how data must be protected, but when a business fails to implement these rules effectively the legal response is almost imperceptible. Let people know you screwed up, and maybe offer them a service to monitor their finances for a period of time, and then it’s business as usual.
Most of the world uses a Chip and pin credit card system. Where you have to both have a physical credit card and know a secret pin number to complete an in-store transaction. And nearly every county in the world mandates that that transaction must be entirely performed by the purchaser. In the US, this is not the case, we have a chip in our credit cards, but no pin number. And virtually every restaurant in the US uses a system where the waiter takes your credit card off of you and takes it to a machine out of your sight. These weaknesses lead to thefts that the rest of the world have already solved.
The US also relies on a social security number as the sole piece of personal data needed to prove your identity. Nowhere else in the world is this considered an acceptable practice.
Why is the US so weak in identify protection? Because the banks and vendors are not held responsible for loss, it’s normally left up to the consumer. If the bank makes a loss, they hike up their rates to cover it, the consumer pays.
We need a solid legal framework to protect the whole system, and that probably means much more infrastructure than a piece of paper issued to every citizen and legal immigrant when they are kids or first get the right to work, with a single nine digit number on it.
It’s time for the law to catch up with the requirement. And this means strict regulations and draconian penalties for non-compliance.
Today we have the technology to encrypt data, capture and use biometrics, spot fraudulent access using advanced artificial intelligence, communicate directly to everyone, anywhere, anytime and validate any number of ways.
But do we have the collective will to change a system that’s working quite well for banks, who have become addicted to social security numbers, credit scores, and acceptable losses without penalty?