Identity Theft by xiuliliaofz

VIEWS: 8 PAGES: 20

									Identity Theft
               DEFINITION
Identity theft is the acquisition of an individual’s
  or other entity’s personal information for the
  purpose of posing as that individual, normally
  for illicit reasons.
 Why should a corporation care?
• Identity theft may AFFECT ANYONE. This
  includes corporate executives as well as staff and
  middle management. In 2004 in the USA alone,
  10 million victims of identity theft and that
  number is growing every year.
  – In 2006 in Colorado 4,395 reports of consumer
    fraud alone
  – In 2009, 11 million identity theft victims reported
  Why should a corporation care?
• Identity theft may AFFECT ANYONE. This includes
  corporate executives as well as staff and middle
  management. In 2004 in the USA alone, 10 million
  victims of identity theft.

• IT TAKES TIME – on average, victims spend 330
  hours dealing with damages of identity theft (this ranges
  from 3 to 5840 and may range over more than 7
  months depending on type of theft and severity). THIS
  IS NORMALLY TIME LOST FROM WORK!
 Why should a corporation care?
• IT COSTS MONEY:
  – 40% of businesses lost $15,000 or more per case
  – Aberdeen Group estimates worldwide costs to
    businesses at $221 BILLION.
  – Victims lose on average up to $14,340 in wages and
    spend on average up to $1378 on legal expenses.

  How will this affect employee behavior and perception.
 Why should a corporation care?
• IT COSTS MONEY:
  – 40% of businesses lost $15,000 or more per case
  – Aberdeen Group estimates worldwide costs to
    businesses at $221 BILLION.
  – Victims lose on average up to $14,340 in wages and
    spend on average up to $1378 on legal expenses.


• It will AFFECT WORKER PRODUCTIVITY
  – ID theft causes STRESS
WHY IS ID THEFT
COMMITTED?
              Why ID Theft?
1. Financial crimes
  a.   Check fraud
  b.   Credit card fraud
  c.   Purchase services
  d.   Purchase merchandise
  e.   Banks have a moderately high tolerance
       ($1000-$3000).
              Why ID Theft ?
1. Financial crimes

2. Criminal
  a. Establish a fraudulent identity so that the
     crimes are attributed to the true owner’s
     identity.
  b. Enable working in an industry that requires special
     training or certification.
  c. Regain lost privileges – driver’s license.
              Why ID Theft ?
1. Financial crimes

2. Criminal

3. Medical protection or fraud
  a. Obtain controlled substances
  b. Obtain treatment or diagnosis for socially
     undesirable illness/disease (e.g., AIDS, STDs)
               Why ID Theft ?
1.   Financial crimes
2.   Criminal
3.   Medical protection or fraud
4.   The Internet (and Web specifically)
     makes it EASY.
     a. Unlimited access to large number of
        victims.
     b. Able to use ID worldwide instantaneously.
HOW IS ID THEFT
COMMITTED?
      Historical Perspective
• ID theft is not new to the Internet age.
• Lots of ways to gain/steal information
  – Shoulder surfing
  – Public records
  – Mail theft and mail redirect
  – Dumpster diving (picking through trash)
  – Facebook and website information (see digital
    footprints)
  – Wallet lost or stolen
  – Credit card scanners (small hand held)
          Mail theft for ID theft
• The thief observes mailboxes (or a mailbox) to
  identify patterns in mail delivery and pickup.
  – Rural (cluster of mailboxes along road)
  – Apartments/condominiums (central mail cluster)
• Mail is then stolen and sorted for priority with
  unusable mail returned to mailbox
  –   Credit card applications or statements,
  –   Checks, blank checks, bank statements, etc.
  –   Organizational membership material & applications
  –   Birthday cards, drivers license renewal,
  –   Social Security information, etc.
         Mail theft for ID theft
• Credit card applications and other applications
  are filled out and mailed in your name (you
  never new you applied for so many credit cards)
• Thief then waits for credit cards or drivers
  license or other applied for material to show up
  and takes that. Now they’re in business.
• Using this information and identification it is
  not hard to get other identification to represent
  themselves as you and/or spend your money.
          Credit card scanners
• Credit card numbers and their 3 digit code are
  the easiest to steal.
• Anytime a card leaves your site it may be written
  down or scanned using a handheld scanner (fits
  in the palm of your hand).
  – A server could have one in their pocket and scan
    your card into their private database while walking
    your card to the legitimate card scanner terminal.
  – These devices may also be mounted in front of other
    legitimate terminals such as ATMs , RedBox video
    rental kiosks, etc.
     The Internet makes it easy
• Phishing schemes (coupled with a spoof front
  end or a fraud attack) millions of emails per
  second can be sent to potential victims.
• Besides using stolen identities for the thief’s
  personal purposes, it is also a business
  – Worldwide sale of credit card or other financial
    account information (see Internet News 2004 article
    or IBM Internet Security Systems 2007 whitepaper)
WHAT CAN BE DONE
      What Can Corporations Do?
1. Educate employees
2. Shred documents, using a cross shredder
3. Degauss or destroy old hard disks and other
   storage devices (e.g., USB drives)
4. Standard IS security practices
5. Offer ID theft monitoring & insurance policies
  –   Comparisons at NextAdvisor and Identity theft labs
6. Be careful what type and how much information
   is posted on websites (including corporate
   Facebook and other social media accounts)
     What Can Individuals Do?
• Individuals need to regularly check their credit
  reports and keep an eye out for other suspicious
  activity. (see FTC resources)
• As with the suggestion for corporations, be
  careful what you post online
• Be aware of potential personal information loss
  risks and opportunities.
• Utilize encryption on personal records and other
  privacy tools (e.g., proxy servers)

								
To top