cyber stealingThe news today is full of the latest hacking caper, which has breached the US Internal Revenue Service and stolen the tax return information of more than 100,000 US citizens.  And the best part: It has been determined that the culprits are Russians, which means that even if they could be identified, they are beyond our government’s ability to exact any punishment or retribution.  Next year, thousands of people are likely to try to submit tax refund requests, only to find out their refunds have already been sent to a fake overseas account, never to be seen again.

The US is increasingly coming under cyber attack from foreign nationals, stealing our money and credit, and remaining outside of US law.  It’s a clear indication of our lax and outdated security systems, and how vulnerable we are to cyber theft.

Americans are notoriously slack when it comes to some things… but they usually play a different tune when you hit ’em in their wallets.  Which is why we might see some changes to security, and we may see them soon.

Americans also have a habit of accepting things that may not be the best idea, if it gives them convenience—or, more to the point in this case, if it takes away a serious inconvenience.  And the idea of losing money, as well as the prospect of having to tighten security measures to protect that money, will likely be enough to force us to change the way we handle security, online and in person.

If you use online banking or other financial sites, you may have noticed how some of them are trying to beef up security with multiple secret questions, the presence of familiar images, and much more robust passwords that must be manually entered.  The thing about these new systems is, they can often be beat by just a little light research, or things like keystroke recorders (which can work through walls, people) or a nice, simple hidden camera.  And computers have gotten powerful enough to burn through the most obscure one-word passwords in minutes… even seconds.

So where does this take us?  To the one form of secure identification that cannot be beat by simple keystrokes or cameras: Biometrics.  (God, I hope you knew I was going here.)

vein scan
Scanning the veins and blood flow in your hand is the future of biometric security.

Biometric identification has gotten much more sophisticated and robust than the old fingerprint reader you might have seen on some computers or in the current spy thrillers.  The latest reading systems can not only identify body biometrics like fingerprints or retinas with much greater accuracy… but they can scan into the body, pulling a live 3-D image of the veins in your hand or eye, defeating simple photo mimicry.  They can even detect the subtle motion of blood through those veins, certifying that the identifying print isn’t coming from a limb severed by a criminal to access your accounts.

These biometric systems can provide a much stronger level of protection to our accounts, our credit, our information, and our money.  And they will be much more convenient to use than remembering 3 or 4 pseudo-secret questions and a complex password.  Given greater convenience and the protection of our money, it’s hard to imagine any sane people not going for this.

On the other hand, to quote Tommy Lee Jones in Men in Black:

A person is smart. People are dumb, panicky dangerous animals and you know it.

And those people believe biometric systems will prompt muggers to cut off fingers to access the nearest ATM, and that secret government organizations will use those eye scans to scan their minds from orbiting satellites and find out what color underwear they’re wearing (and who it really belongs to).  So we can’t depend on reasoning with the people to get them to adopt biometric security.

It’s going to have to hit them in their wallet… and be convenient.

Companies will have to roll out systems on their own, not depend on people to go out and get them.  Companies will have to offer significant incentives for using the new systems, like sizeable discounts on goods and services (or the avoidance of paying some sort of “security tax” to insure their transactions).  Systems will have to be dead-easy to install and use, quite literally plug-and-play for the consumer.  And once it’s in, it must be fast and easy to use, no hoops to jump through for every transaction (or even to set up a new account with biometric protection).

All of this, and reinforcing how much money we are saving, and how much more secure we are by using biometric systems, is what will do the trick.

Until and unless we do this, we can count on continuing to be robbed by hackers out of our reach to stop or punish, and watching our money siphoning into offshore accounts.  It’s completely up to us to protect ourselves and our property.