1

FPEG

Identity theft & payment fraudpoint 2.2

19 December 2007

2

Identity theft related events/papers• 1. FPEG report on identity theft (October 2007)• 2. Portuguese presidency conference (November 2007)• 3. DG INFSO Conference: « A Digital Europe, delivering a

secure e-environment for mobile European Citizens” (November 2007)

• 4. DG INFSO High Level Seminar Portuguese presidency conference on "Raising security awareness and strengthening the trust of end-users in information society: Policy challenges for the next decade“ (December 2007)

• 5. DG JLS Study on the need for instruments to combat organised crime related to Identity Theft in the EU Member States

The question of trust, and not just the legal questions, seems to be at the very heart of the discussion

3

FPEG Report on identity theft/fraud & payment fraud

• The report was disclosed in October 2007, in advance of the Portuguese presidency conference on identity theft.

• Main conclusions in relation to user trust:– Need to maintain integrity of identity chain. Weak areas are:

customers’ PC + data storage service provicers (including public databases…)

– Caring for victims is important – Educational tools (in relation to the on-line enviroment) for weak

parties (individuals, SMEs) need to be available

• The report is available at the FPEG website. – Feedback

4

FPEG Report: extract

5

Portuguese Presidency Conference

• www.idfraudconference-pt2007.org

• High level conference on identity theft (November 2007)– Focus on identity theft/fraud in general– A presentation on id theft and e-banking

(SIBS) • Interesting messages regarding trust

6

7

8

Portuguese Presidency Conference

• Conclusions similar to those of the Commission’s conference of November 2006 [31 points]– 1. Need for integrated approach to identity

management– 2. Growing phenomenon + 3. transnational issue– 4. Need for statistics– 5. Sharing best practices– 6 + 7. training (law enforcement, cybercrime

investigation)– 11. public private cooperation desirable

9

Portuguese Presidency Conference• Conclusions (continued)

– 12. balance between fundamental rights & security– 13. cooperation among MS–

– 15. timely exchange of information– 16. prospective and planning approach– 17. leadership and political engagement– 18. crime proofing of legislation, products and

processes– 19. product, process, information -> security/safety

10

Portuguese Presidency Conference• Conclusions (continued)

– 21. balance between physical/digital documents– 22. border controls– 23/26. Criminal law

11

Portuguese Presidency Conference• Conclusions (continued)

– 27/30 Cybercrime

12

Portuguese Presidency Conference

• Conclusions (continued)– 31. Follow up

13

DG INFSO - SecurEgov• SecurEgov

– Developing secure Pan-European eGovernment services. – The question of identities and electronic identities - at the heart

of this research action. • Conference on "A Digital Europe. Delivering a secure e-

environment for mobile European Citizens“ (Nov. 2007) – aim of the conference was to identify similarities in how different

but security conscious cross-border systems dealt with challenges

– SEPA developments were presented (ABN Amro)– Unisys presented some research on trust and security. It

developed a security index to support a research action and found that:

• (a) fraudulent credit card user and unauthorized access to information are priority concerns for Europeans, and

• (b) misuse of personal information is another major concern for 81% of the respondents.

14

15

DG INFSO - SecurEgovAmong the conclusions of the conference, some selected ideas:• Security: how to organise it can be left to the market/outsourced, but

not the responsibility!• Trust as a central issue. Trust of the users and trust between the

public authorities in developing common or linked up systems. • Retaining some form of ‘citizen-centricity’ was an important

concern.• The existing data protection framework was felt to be perhaps not

quite appropriate for the delivery of PEGS.• Data protection: A model which combines expert control and

individual control should be sought; which allows the citizen to change inaccurate or out of date information, but also permits the management of this under comprehensive and appropriate policies and procedures.

• Other evolutions to the legal framework could take place, such as the establishment of measures to provide for responsibility amongst all stakeholders for security (e.g. via legal incentives) rather than dealing with the consequences.

16

DG INFSO – Trust of end users in information society

• High Level Seminar on "Raising security awareness and strengthening the trust of end-users in information society: Policy challenges for the next decade“ (Dec. 07)

• Discussion focused on technology, dependence and perception

17

DG INFSO – Trust of end users in information society

18

19

DG INFSO – Trust of end users in information society

20

DG INFSO – Trust of end users in information society

• FPEG &FPAP were present• The main messages of the Conference (financial

services perspective):– Balance between protecting "ignorant people" vs.

leaving it to the market– Awareness and education of the user are more

important than technology; – Responsibility should not be with the user [the

question of liability] • (cf. Article 61 of PSD).

– De minimis safety legislation?Errare humanum est, perseverare diabolicum