Security executives should realize how widespread these techniques have become and how harmful identity theft can be to the business.

Chief security officers and security directors are well aware that primitive methods, such as dumpster diving, intercepted mail, and stolen records are effective tools for identity theft. But what many security officials don’t realize is how widespread these techniques have become.

It turns out ID theft is not, as commonly believed, largely the domain of sophisticated cyber criminals using online tools to hack computer systems. Half the cases don’t involve the Internet or other technologies in the commission of the crime.

That’s according to the first study of U.S. Secret Service identity theft data, recently published by the Center for Identity Management and Information Protection (CIMIP). The study was funded by the Department of Justice.


This insight should be a wake-up call for businesses and the security professionals who protect them. Even the most hardened IT systems remain vulnerable to simple schemes that anyone with a criminal bent can implement.

Fortunately, a new solution, dubbed “identity theft protection,” promises to close the gap. It flags stolen identities early, putting the brakes on fraudsters who are using them. Then it speeds victim’s ID recovery, which includes recovering losses and compensating recovery costs.

Here are the four dimensions that comprise a worthwhile identity theft protection solution.
  1. Total ID Monitoring. Basic credit monitoring finds only 34 percent of identity breaches. Total identity monitoring will flag the other 66 percent by tracking utilities, DMV records, medical records, bank records, and other relevant databases that use employee or customer Social Security numbers. For an extra layer of protection, some service providers also provide a Web site that lets participants self-check their data, and contact the service if they suspect a problem.

  2. Fully-Managed ID Recovery. Identity theft benefit programs will offer one of four approaches to recovery: assisted, limited event, semi-managed, or fully managed. Only fully managed recovery plans provide a professional advisor who, through limited power of attorney, works on victims’ behalf to recover their identity. The advisor, not the employee or customer, will handle the recovery process from beginning to end, including all research, phone calls, letter writing, documentation, and follow-through. Recovery is expedited, while victims’ stress is greatly reduced because they know the process is being professionally handled.

  3. Expense Reimbursement. High, out-of-pocket expenses and time off from work can cost victims up to $16,000 in lost income, according to the Identity Theft Resource Center. The best expense reimbursement insurance plans provide ample coverage for damages. But pay close attention to deductibles, reimbursement amounts, and premiums. Compare these factors in a spreadsheet or grid. Many plans offer low coverage at high premiums, or carry outrageous deductibles. Lastly, look for a policy that has few if any exclusions -- ideally, one that covers all financial losses associated with the ID theft and recovery. This includes legal expenses, lost wages, loan application fees, long distance telephone bills, mailing and postage, notarization fees, credit reports, and so on.

  4. Risk Mitigation. Look for a service provider who builds education into their program, and teaches participants how to get the most out of the ID protection program. Educational programs will include one or more features, such as newsletters, Web sites, Webinars, conference calls, and on-site live seminars. Ideally, the vendor will be able to custom-tailor an educational program to meet a company’s needs.
An identity theft prevention program that supports these elements will help even the most secure organization strengthen its defenses, and better protect its people and assets.