Identity Theft: A New Security Challenge

Starting in the early 1990s, a new type of criminal has emerged - the identity thief. There is nothing more crippling than having one's own identity taken away. What can security managers do to thwart this new threat?

"Someone used my Social Security number to get credit in my name. This has caused a lot of problems. I have been turned downed for jobs, credit and refinancing offers. This is stressful and embarrassing. I want to open my own business, but it may be impossible with this unresolved problem hanging over my head."

"My elderly parents are victims of credit fraud. We don't know what to do. Someone applied for credit cards in their name and charged nearly $20,000. Two of the card companies have cleared my parents' name, but the third has turned the account over to a collection agency. The agency doesn't believe Mom and Dad didn't authorize the account. What can we do to stop the debt collector?"

"Someone is using my name and Social Security number to open credit card accounts. All the accounts are in collections. I had no idea this was happening until I applied for a mortgage. Because these 'bad' accounts showed up on my credit report, I didn't get the mortgage."

The above are three actual complaints recently received by the Federal Trade Commission (FTC) regarding the fast growing crime of "identity theft."

Starting in the 1990's, a new type of criminal has emerged called identity thieves. Simply put, an identity thief obtains some piece of your personal information (such as your bank and credit card numbers, your Social Security number, and your name and address) and appropriates it, without your knowledge, to commit a crime of fraud or theft.

The FTC has become one of the leading agencies in the battle against identity theft. The FTC's booklet, "ID Theft: When Bad Things Happen To Your Good Name" is the definitive document on the subject of identify theft and its prevention. The information contained in this booklet, briefly summarized below, holds the keys for security professionals to understand this new type of crime.

First of all, how do the identity thieves obtain your personal data?

Actually, they use a variety of methods, both simple and high-tech, to get your vital information. These methods include:

Stolen wallets and purses that contain your ID and credit cards;
Stolen mail including your bank and credit card statements;
By completing a "change of address form" to divert your mail to another location.
"Dumpster diving" through your garbage;
By fraudulently obtaining your credit report by posing as a landlord or employer;
By getting your business or personnel resords at work;
By finding personal information in your home;
By using any personal information you share on the Internet; and
By buying your personal information from "inside" sources.

Once the identity thief obtains your personal information, they have many criminal uses for it such as:

They call your credit card company and, pretending to be you, ask to change the mailing address on your account. The impostor then runs up charges on your account. Since your statements are being mailed to a new address, it may take some time before you realize there is a problem;

They open a new credit card account, using your name, date of birth and Social Security number. When the impostor uses the credit card and does not pay the bills, this delinquents account is reported on your credit report.

The impostor establishes phone or wireless service in your name;

They open a bank account in your name and write bad checks on that account;

The identity thief files for bankruptcy under your name to avoid paying debts that have incurred under your name, or to avoid eviction.

They counterfeit checks or debit cards, and drain your bank account; and

The impostor buys cars by taking out auto loans in your name.

Now that you know the foundation of identity theft, what can you do to minimize your risk? The key to reducing your risk for identity theft is learning to manage your personal information wisely, including utilizing the following:

Before you reveal any personal information, find out how it will be used and whether it will be shared with others. Also, ask if you have a choice about the use of your information (i.e. can you choose to have it kept confidential);

Pay attention to your billing cycles. Follow up with creditors if your bills do not arrive on time. Remember a missing bill could mean an identity thief has taken over your credit card account and changed your bill address to cover his tracks;

Guard your mail from theft. Deposit outgoing mail in post office collection boxes or at your local post office. Promptly remove mail from your mailbox after it has been delivered;

Put passwords on your credit card, bank and phone accounts. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your Social Security number or your telephone number, or a series of consecutive numbers;

Minimize the identification information and the number of cards you carry to what you will actually need;

Do not give out personal information on the telephone, through the mail over the Internet unless you have initiated the contact or know who you are dealing with. Please note that identity thieves may pose as representatives of banks, Internet service providers, and even government agencies to get you to reveal your Social Security number, mother's maiden names, as well as other identifying information. Legitimate organizations, with whom you do business, have the information they need and will not ask you for it.

Keep items with personal information in a safe place. To thwart an identity thief who may pick through your trash to capture your personal information, tear or shred your charge receipts, copies of credit applications, insurance forms, bank checks and statements that you are discarding, expired charge cards and credit offers you get in the mail;

Be cautious where you leave personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home;

Find out who has access to your personal information at work and verify that the records are kept in a secure location;

Give your Social Security number only when absolutely necessary. Ask use other types of identifiers when possible; and

Do not carry your Social Security card - leave it in a secure place.

Order a copy of your credit report from each of the major credit card porting agencies (Equifax, Experian and Trans Union) every year. Make sure it is accurate and includes only those activities you have authorized. Remember that checking your credit reports on a regular basis can help you catch mistakes and fraud before that wreak havoc on your personal finances.

What if you are a victim of an identity thief?

The exact procedures you should take to protect yourself may vary depending on your circumstances, however these three basic steps are appropriate in almost every case of identity theft:

First, contact the fraud department of each of the major credit bureaus, and tell them you are a victim of identity theft. Request that a "fraud alert" be placed in your file, as well as a victim's statement asking that creditors call you before opening any new accounts or changing your existing accounts. This can help prevent an identity thief from opening any additional accounts in your name;

Second, contact the creditors for any accounts that have been tampered with or opened fraudulently. It is particularly important to notify credit card companies in writing because that is the consumer protection procedure the law, the Fair Credit Billing Act, spells out for resolving errors on credit card statements; and

Third, file a report with your local police or the police in the community where the identity theft took place. Be sure to get a copy of the police report in case the bank, credit card company or others need proof of the crime.

The above information is a very brief and generic review of the issue of identity theft. All security professionals should contact the Federal Trade Commission at www.ftc.gov for further details on this quickly expanding area of criminal activity.

Like any other type of crime - education, prevention and awareness are the keys to stopping identity theft in its tracks. I urge all my fellow security professionals to join me in this formidable, but critical, challenge.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Identity Theft: A New Security Challenge

Recent Articles by Bruce Mandelblit

A Must Have For Your Business Emergency Kit

What Is Suspicious?

A Hurricane of Emergency Lighting

Spotting the Suspicious

A Real-Life RoboCop?

Security Magazine

2020 November

Identity Theft: A New Security Challenge

Recent Articles by Bruce Mandelblit

Related Articles

Report Abusive Comment