Somebody tried to use my credit card last week, twice. I learned about it when the fraud squad of a well-known financial institution left a message on my mobile asking me to call them urgently. They left a number. Well, I thought, you say you’re the fraud squad but you could be anybody. So I phoned a different number, the one embossed on my credit card, and asked to be put through to the fraud squad. This was clearly an unusual route to go down and I had to negotiate so many menus and make so many digital choices that it all melded from the absurd to the farcical to the surreal to the fantastical. But I eventually got there. Only to be met by a robotic voice. Did I recognise the following four transactions? If so, say “Yes”, if not, press 1 to speak to a human being. I recognised two out of four. I pressed 1.
My circuitous route was prompted by another telephonic experience I had a few months ago when a representative of the self-same institution, a financial adviser, called me on my mobile and asked if it was a convenient time to conduct a consultation about my financial affairs. I must have been in an unusually benign mood that day because I said yes. “Superb.” (You’d think he’d just won the lottery.) “Just a few security questions before we begin. Is that okay?” Fine. “Perfect.” (If you want to recreate his voice, think of the voice of Martin Patience, the (actually superb) BBC foreign correspondent who reports from some of the world’s most troubled regions. It is a particular West of Scotland voice, that of a man who might go to rugby practice at Hughenden in the west end of Glasgow on a Thursday night and have a few jars with the guys.)
“Now you must understand that we will never ask you for your passwords in full, so I’m only going to ask you…” You know the sort of thing. What is the second letter of your mother’s maiden name? What is the ninth letter of your password? I supplied the info. And then we got on with it. It was a perfectly amicable conversation. I won’t say it was productive, as I had no agenda. But he seemed a nice enough guy. We chatted about this and that.
It was only later that it occurred to me, in a slow-witted way, that while he had taken pains to establish my identity, I had not taken pains to establish his. Maybe he was a scammer who had just hacked his way into my account, and was now about to clear it with a series of extravagant purchases. With that thought on mind, I went on line and researched him. (Fortunately I had remembered his name.) Yes, he was a financial adviser with said financial institution. But I could hardly be reassured. My caller might have borrowed this particular identity just as, I feared, he was about to borrow mine.
So I contacted said financial institution by another route, and ascertained that he was, insofar as I could tell, who he had said he was.
But I was far from reassured. I think at this point my worry about the situation had slightly altered focus. I was less concerned by the idea that I had been scammed, and more concerned by the idea that I might have been scammed. I was ashamed by the idea that I might have been gullible. I should have said to the guy, “Well you say that’s who you are, but how do I know?” Maybe I should have been armed with a series of security questions to ask him.
So I phoned said financial institution back and said that I thought their modus operandi was suboptimal. No, not suboptimal, dammit: inadequate. I was advised that if I had that concern, the next time I was contacted, I should hang up and re-contact the institution by a number I knew to be valid. This advice was delivered as if, so to say, if you want to be that pernickety, here is a solution that might suit you. There wasn’t a recognition that the fault might not lie in my paranoia, but in their complacency.
Anyway, to return to last week, we established that two of my credit card transactions were valid, and two were bogus. My credit card was cancelled and a replacement with a new number sent to me.
Small beer, I hear you say. And indeed, I wasn’t that much exercised myself. Scams on the telephone and on the internet have become commonplace. But I think we have to put this sort of episode into a wider picture. I venture to suggest that if we think cyber-crime is bad now, we ain’t seen nothing yet. There are obvious reasons why cyber-crime is bound to expand. The criminal doesn’t need to visit the scene of the crime. He can be on another continent and he doesn’t need to rise from his armchair. He won’t leave his fingerprints or his DNA. If somebody gets on his trail, he can shut himself down. He can, essentially, cease to exist. He can reincarnate himself as another persona. He can be a thief, or a slanderer, or a stalker; he can drive people to suicide.
And yet our society is besotted with the digital world. In every walk of life, politics, social services, education, health, law and order, vast sums of money are spent on sophisticated computer systems which often prove unfit for purpose. They frequently break down or, worse, malfunction as if out of control in the hands of a sorcerer’s apprentice. The systems are not secure. They are easily compromised. They are porous. Confidentiality can never be guaranteed. They are vulnerable to hostile and malignant imported malware. I think of my own field, medicine. I have a suspicion that in medicine, the devotion to IT comes in inverse proportion to the appreciation of the invaluable commodity that is human kindness. Of course computerised technology has a place. You can’t run a CT or an MRI scanner without it. And yet it so easy for people to forget that far and away the most powerful tool in medicine is the kindly and experienced doctor, or nurse, who closes out the mad clamour of the world, sits down in a safe sanctuary with the patient, asks: what is it that is troubling you? – and then listens.
Robots can’t do that.
jamescalumcampbell 