Huh. I've had credit card companies call me proactively when they thought something was wrong, before I caught any stray purchases. They refunded the money before I knew my card was stolen. So that was nice.
But then I've also heard pure horror stories about stolen identities, and I am genuinely sorry you faced any of that.
So what's going on here...
I think this is due to one aspect of their model that is ultimately an improvement, even though it still completely breaks at moments.
+ + Your card number is not your account. + +
Ie, if your CCN is compromised, it's disposable without starting your relationship with the company entirely from scratch.
Your "identity" though is not disposable. Your identity controls your relationship with the company and is not disposable. That causes major problems when hijacked, as it did for you. And that's not fixable (or at least not easy to fix at all).
So while we might not be able to solve the problem with identity, we can create firebreaks -- disposable parts of the infrastructure that attract some thefts because they allow quick wins. Ie, CCNs provide access to money. That funnels a lot of theft towards something that is easy to monitor and patch.
The identity theft remains an issue, but hopefully hits fewer people.
One thing that makes Google struggle is that they combine all of these interactions together. Nothing is revocable without resetting your entire relationship.
Given that they started as an email service, I have no idea if it's even fixable from where they are.
But then I've also heard pure horror stories about stolen identities, and I am genuinely sorry you faced any of that.
So what's going on here...
I think this is due to one aspect of their model that is ultimately an improvement, even though it still completely breaks at moments.
+ + Your card number is not your account. + +
Ie, if your CCN is compromised, it's disposable without starting your relationship with the company entirely from scratch.
Your "identity" though is not disposable. Your identity controls your relationship with the company and is not disposable. That causes major problems when hijacked, as it did for you. And that's not fixable (or at least not easy to fix at all).
So while we might not be able to solve the problem with identity, we can create firebreaks -- disposable parts of the infrastructure that attract some thefts because they allow quick wins. Ie, CCNs provide access to money. That funnels a lot of theft towards something that is easy to monitor and patch.
The identity theft remains an issue, but hopefully hits fewer people.
One thing that makes Google struggle is that they combine all of these interactions together. Nothing is revocable without resetting your entire relationship.
Given that they started as an email service, I have no idea if it's even fixable from where they are.