Hacker News new | ask | show | jobs
by falcolas 3191 days ago
Well, something did happen to your identity - someone else associated a bunch of fraudulent purchases with it.

Whether it's your fault or not, whether banks assume all fault or not, it is still ultimately your identity (your credit score, your bank accounts, your home) which ends up troubled.

Consider for a moment the tech alternative. If someone hacks their way into my Google mail account and uses it to send out a ton of spam, who is going to suffer the consequences for it? Google, for using insecure sms messages for 2fa and not requiring 2fa for all accounts, or me when my account is closed?
2 comments
zAy0LfpBZLC8mAC 3191 days ago
> Well, something did happen to your identity - someone else associated a bunch of fraudulent purchases with it.

Still, nothing happened to your identity. Your identity is who you are. You still are you.

> Whether it's your fault or not, whether banks assume all fault or not, it is still ultimately your identity (your credit score, your bank accounts, your home) which ends up troubled.

Apart from the fact that none of that is your identity, but rather your reputation, your contract, and your property: No, you actually have it all backwards.

There is no law of nature that implies that if a third party impersonates you to a bank, say, that therefore the bank has to start fraudulently telling people that you don't pay your loans, or harrass you to pay the loan they gave to that third party. Yes, that is a correct description of what banks actually do nowadaya, but the whole point of this discussion is that that should be illegal. The bank should be liable for reputational damage they cause by incorrectly attributing a third party's actions to you, and you'd be surprised how little your "identity" ends up troubled next time the bank is defrauded.

> Consider for a moment the tech alternative. If someone hacks their way into my Google mail account and uses it to send out a ton of spam, who is going to suffer the consequences for it? Google, for using insecure sms messages for 2fa and not requiring 2fa for all accounts, or me when my account is closed?

Are we talking about what google would do, or about what google should be held accountable for?

link
kiriakasis 3191 days ago
I cannot understand the lack of linguistic empathy in this kind of reply; many commenters are clearly using the term "identity theft" with a precise meaning, basically to descibe when somebody else is able to impersonate you. answering by a dictionary lookup of the words definition is entirely offtopic in my opinion.

And calling for a name to be changed is different from criticizing people who use it, some concept need to be expressed and sometimes the only way to meaningfully express them is with an improper term.

link
zAy0LfpBZLC8mAC 3191 days ago
Well, except that this (sub-)thread was about how "identity" is a misleading word to use in this context, which is why I read falcolas' comment as a justification for why it is actually not misleading, which is why I focused on how that justification falls short.

If that comment was not meant as a justification, the only interpretation I can come up with is that it's a description of what empirically happens nowadays when something commonly called "identity theft" occurs, in which case I agree it could charitably be read as a reasonably accurate description ... however then it seems like a completely pointless comment, as that is essentially just the premise of the whole discussion, restated in a context where it has no specific relevance whatsoever.

Did I miss something?

Though I also think that criticizing people who use misleading language is legitimate as well, even if the meaning of what they are saying is perfectly clear, as long as you don't confuse the criticism of the form with criticism of the content.

link
marnett 3191 days ago
this whole thread is about the cognitive implications caused by the linguistics behind the term 'identity theft.' The GP is really digging deep into the real essence of this issue. Changing what it is called shows that the onus of responsibility to remediate the issue should be entirely on the credit issuing corporations.
link
vkou 3191 days ago
Someone getting a credit card from Wells Fargo under my name has nothing to do with me.

All it is is fraud. Someone defrauded a credit issuer. That they opened an account in my name has nothing to do with it - they could just as well had defrauded the bank by claiming to be John Doe. Will the bank blame me for them leaving the barn door open, and the milk out, too?

link
falcolas 3191 days ago
If they can.

See "Verified by Visa", where if used you (the CC holder) are liable for fraud that occurs within that transaction.

link
TheCoelacanth 3191 days ago
That is if someone uses a credit card account that you opened without your permission.

What the parent comment is describing is if they open a completely new credit card account under your name.

You are only liable in the first scenario if you used Verified by Visa and someone got your Verified by Visa credentials and used them.

In the second scenario you are not liable under any circumstances, because the fraudster created the Verified by Visa account, not you, so you never had the credentials for the account.

link