Presentation on theme: "1 FPEG Identity theft & payment fraud point 2.2 19 December 2007."— Presentation transcript:
1 FPEG Identity theft & payment fraud point December 2007
2 Identity theft related events/papers 1. FPEG report on identity theft (October 2007) 2. Portuguese presidency conference (November 2007) 3. DG INFSO Conference: « A Digital Europe, delivering a secure e-environment for mobile European Citizens (November 2007) 4. DG INFSO High Level Seminar Portuguese presidency conference on "Raising security awareness and strengthening the trust of end-users in information society: Policy challenges for the next decade (December 2007) 5. DG JLS Study on the need for instruments to combat organised crime related to Identity Theft in the EU Member States The question of trust, and not just the legal questions, seems to be at the very heart of the discussion
3 FPEG Report on identity theft/fraud & payment fraud The report was disclosed in October 2007, in advance of the Portuguese presidency conference on identity theft. Main conclusions in relation to user trust: –Need to maintain integrity of identity chain. Weak areas are: customers PC + data storage service provicers (including public databases…) –Caring for victims is important –Educational tools (in relation to the on-line enviroment) for weak parties (individuals, SMEs) need to be available The report is available at the FPEG website. –Feedback
4 FPEG Report: extract
5 Portuguese Presidency Conference High level conference on identity theft (November 2007) –Focus on identity theft/fraud in general –A presentation on id theft and e-banking (SIBS) Interesting messages regarding trust
8 Portuguese Presidency Conference Conclusions similar to those of the Commissions conference of November 2006 [31 points] –1. Need for integrated approach to identity management –2. Growing phenomenon + 3. transnational issue –4. Need for statistics –5. Sharing best practices – training (law enforcement, cybercrime investigation) –11. public private cooperation desirable
9 Portuguese Presidency Conference Conclusions (continued) –12. balance between fundamental rights & security –13. cooperation among MS – –15. timely exchange of information –16. prospective and planning approach –17. leadership and political engagement –18. crime proofing of legislation, products and processes –19. product, process, information -> security/safety
10 Portuguese Presidency Conference Conclusions (continued) –21. balance between physical/digital documents –22. border controls –23/26. Criminal law
12 Portuguese Presidency Conference Conclusions (continued) –31. Follow up
13 DG INFSO - SecurEgov SecurEgov –Developing secure Pan-European eGovernment services. –The question of identities and electronic identities - at the heart of this research action. Conference on "A Digital Europe. Delivering a secure e- environment for mobile European Citizens (Nov. 2007) –aim of the conference was to identify similarities in how different but security conscious cross-border systems dealt with challenges –SEPA developments were presented (ABN Amro) –Unisys presented some research on trust and security. It developed a security index to support a research action and found that: (a) fraudulent credit card user and unauthorized access to information are priority concerns for Europeans, and (b) misuse of personal information is another major concern for 81% of the respondents.
15 DG INFSO - SecurEgov Among the conclusions of the conference, some selected ideas: Security: how to organise it can be left to the market/outsourced, but not the responsibility! Trust as a central issue. Trust of the users and trust between the public authorities in developing common or linked up systems. Retaining some form of citizen-centricity was an important concern. The existing data protection framework was felt to be perhaps not quite appropriate for the delivery of PEGS. Data protection: A model which combines expert control and individual control should be sought; which allows the citizen to change inaccurate or out of date information, but also permits the management of this under comprehensive and appropriate policies and procedures. Other evolutions to the legal framework could take place, such as the establishment of measures to provide for responsibility amongst all stakeholders for security (e.g. via legal incentives) rather than dealing with the consequences.
16 DG INFSO – Trust of end users in information society High Level Seminar on "Raising security awareness and strengthening the trust of end-users in information society: Policy challenges for the next decade (Dec. 07) Discussion focused on technology, dependence and perception
17 DG INFSO – Trust of end users in information society
19 DG INFSO – Trust of end users in information society
20 DG INFSO – Trust of end users in information society FPEG &FPAP were present The main messages of the Conference (financial services perspective): –Balance between protecting "ignorant people" vs. leaving it to the market –Awareness and education of the user are more important than technology; –Responsibility should not be with the user [the question of liability] (cf. Article 61 of PSD). –De minimis safety legislation? Errare humanum est, perseverare diabolicum