Inherent human vulnerabilities need to be taken into account when designing security systems/processes, suggests a study that looks at a dozen confidence tricks from the UK TV show The Real Hustle to determine recurring behavioural patterns con artists use to exploit victims.

The study was a collaboration between Frank Stajano of the University of Cambridge Computer Laboratory and Paul Wilson, writer and producer of the aforementioned TV show (Wilson was an IT consultant for twelve years before moving into entertainment).

The seven principles of human behaviour that con artists exploit, according to the article:

  • The distraction principle: While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.
  • The social compliance principle: Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.
  • The herd principle: Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.
  • The dishonesty principle: Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.
  • The deception principle: Thing and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.
  • The need and greed principle: Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.
  • The Time principle: When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards a strategy involving less reasoning.

via Schneier on Security