In "How old are you, are you single?, my friend, Kim Cameron, quotes an article in the post-gazette.com Business News talking about identity verification services. The article, describes the process as:
The Verification Chain
How new identity-verification services work.
- Users sign up for a new account on a classified, social-networking or dating site and are prompted to click through to the site of an identity verifier.
- Verification service prompts users to create profiles with details such as their age, address, and occupation.
- Verification services -- or a separate company -- electronically check data in public-record databases to verify assertions.
At first glance, this verification service looks like a good step forward. However, if you look closely, the process appears to mimic the same procedures that provide the foundation for much of the identity theft that exists to date -- that being the fact that all I need to do to steal your identity is know a few key pieces of information (which will verify correctly).
I would hope that they start to add stronger verification that the person who "knows" this stuff is actually the person who's data is being verified. Things like what Paypal does for bank account verification (deposit two small sums in your account and require you to input the actual deposit values to prove you have access to the account).
We really need to move away from knowledge of basic facts as a verification of identity, especially when many of those facts are published in one form or another.