With great power comes great responsibility.
It’s a line that has become so widely known that it’s now almost a catchphrase – or cliche. And this is thanks to its modern iteration which, I learn, began in a Spiderman strip cartoon in 1962, before being used more recently in the immensely popular Marvel film franchise around the same character.
But its origins as a philosophical position apparently go back to at least Cicero and Ancient Rome, possibly beyond – because the idea that power must be balanced by moral authority is at least 2,000 years old.
And, although it’s perhaps a stretch to describe what I do as wielding great power – I’m probably more of a geek than a superhero, truth be told – I do think that the Spiderman philosophical position does have some relevance in describing a crucial aspect of what we do.
And that is around the question of access to data that underpins everything that TMT ID does – in terms of verifying and authenticating legitimate customers or users, identifying and weeding out rogue ones – and protecting the integrity of the platforms hosting them.
In order to do this, it’s crucial that we have as much access as possible – but equally not one iota more than we are legally allowed. And we only ever have access to what customers have okayed us to see, for example, via those terms and conditions box ticks and so on.
We must never abuse this power. That is a big responsibility.
There are serious reasons why we have to be super careful around this whole area.
Firstly, data use is very heavily regulated.
In the UK, where TMT ID’s HQ is, there is the Information Commissioner’s Office (ICO) – and there are equivalent regulatory organisations in pretty much every country in which we operate. Each will have their own small variant rules so it pays to be both well-informed, very careful and, as a safety net, to err on the side of caution.
Because these regulators will come down heavily on anyone seen to be misusing data access. And fines can be enormous: the ICO, for example, is empowered to fine as much as £17.5 million or 4% of annual global turnover, whichever is higher.
But even without this scary financial disincentive, there’s an even more compelling reason to ensure rigid compliance: trust.
Trust is a commodity that takes a long time to accrue and just a moment to lose.
And yet without it, we’d simply disappear. Because commercial enterprises that have become known for being reckless around personal data don’t tend to stick around.
One thinks of the Cambridge Analytica scandal. (In the 2010s, this company was harvesting personal data from social media users and using it for targeted political advertising – until they were exposed). Where are they now? Quite.
And the whole sector of device-based security, from mobile phone networks to authentication services like ourselves, represents a global circle of trust. They need us to make sure they’re not being scammed, and nor are their customers, while we need them to be able to check.
And so on. We all need to be trustworthy and to be able to trust each other.
We also need to be hyper-vigilant.
Because data breaches can happen in the most unlikely places. Rather than some flashy City fringes fintech or crypto outfit, the victim of the most serious hack in London in the last year or two was…The British Library. They’re still trying to repair the damage after all their user data was accessed by rogue agents.
Or you can be hacked via the virtual backdoor: the biggest international hacking scandal of the year involved the discovery of a maliciously introduced so-called backdoor in Linux’s xz programme. A presumed Chinese hacker using the name Jia Tan was discovered in March to have been weeks away from having potential access to millions of systems worldwide when the plot was uncovered.
This is scary stuff – but the lesson is to fear the worst. And prepare for it.
I can’t reveal the nuts and bolts of how we do what we do because it is necessarily confidential. We don’t want to give the hackers any insight that may help them in any way at all. But we are aware that they are out there and that informs everything we do.
The customer information we are checking could be invaluable in numerous scams, and the fraudsters would love to be able to access it.
So our first protection against them doing so is not to see it ourselves: checks are digital rather than personal, and our systems see to that. And we use encryption at every level for any data transaction, with access codes changing constantly. Our systems are set up so that many pairs of eyes can see these processes – transparency is very important here – but none have the power to alter anything.
Finally, we need to be constantly alert.
We must assume that people are untrustworthy rather than relying on them not to be. That guy whose leaving drinks you just went to? Make sure that none of the passwords or codes he used are still live – right now.
Ensure that anyone walking the digital corridors of your business still needs the keys to get into any room.
And those who are on the side of good in all this will share information on what fraudsters are doing now, and what the next scam is. So that’s where we are: in a circle of trust. This careful cooperation can help legitimate trade, and help defeat fraud.
So – again, without wishing to sound too superheroic – we are, in a sense, a power for good. Perhaps not quite Spiderman but we are doing our bit.
Last updated on September 27, 2024
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >