|Invasion of the data snatchers|
|Written by Maggie BiggsHits : 1219|
|Wednesday, 30 April 2003 19:00|
Did you know that a thief could steal your identity, fraudulently use your personal information to wreak havoc, cost you plenty in time and money sorting the mess out, and then only end up serving a one-year jail term for his or her actions? Perhaps that is the reason why identity theft is one of the fastest growing crimes against consumers today.
So just what is identity theft? Simply put, identity theft is carried out when someone uses your name or personal information (such as credit card number or driver's license number) in a fraudulent manner and without your consent. Identity thieves can use your personal information to charge purchases against your existing credit card accounts, open new credit accounts, access your bank accounts, open telephone accounts, take out loans, and much more. In the process, these criminals can ruin your credit rating, affect your employment prospects, and even cause a warrant to be issued for your arrest should they use your identity during their arrest and then skip out on bail.
By many estimates, identity theft strikes millions of people every year. Most of these victims are unsuspecting persons who are just a little too free with their private information. Just as petty burglars are looking for unlocked doors, identity thieves are looking for easy targets. It stands to reason that you can protect yourself by simply following a few steps that aren't more complicated than putting a deadbolt on your back door. And if you do find yourself the unfortunate victim of identity fraud, there are ways to recover and emerge relatively unscathed.
How does identity theft happen?
The most common way for thieves to steal your identity is through something called business records theft. Stealing employee or customer data for the purpose of unauthorized use is, in reality, very easy to do for someone inside the company or out. Consumers and employees should demand to know what steps businesses are taking to protect their private information. Thankfully, now that the issue has received wider attention, the majority of companies are taking steps to reduce the likelihood of business records theft.
Another method used to gather personal information is a tactic known as Dumpster diving. You make out bills, balance your checkbook, and throw out the paper copies left over at the end of the process. Thieves can comb your trash and locate your name, address, account numbers, available credit limits, and more.
Thieves can also steal the mail in your mailbox if it is not protected. They frequently look for bank statements and credit card offers. By filing a change of address form with the post office, thieves may also divert your mail for a period of time until they have enough information to become you.
Of course, one of the more traditional ways that thieves get your data is to steal your wallet or purse. Thieves can also pose as potential employers to gain access to your credit report, and hackers can often easily intercept personal information while you are online, either through Web site entry or through phony e-mails in which they disguise themselves as legitimate entities that you might do business with.
What's being done about ID theft?
The Federal Trade Commission (FTC) has begun to take a very active role in guarding consumer privacy. The FTC has implemented a toll-free hotline (1-877-IDTHEFT, or 1-877-438-4338) by which consumers can report identity theft and receive advice from phone counselors on what steps to take to repair the damage.
Jodie Bernstein, director of the FTC's Bureau of Consumer Protection, told a Senate Judiciary Subcommittee that "the FTC has taken the lead in coordinating the efforts of government agencies and organizations to develop and disseminate comprehensive consumer education material for the victims of identity theft, and those concerned with preventing identity theft." Aside from its toll-free hotline, the FTC offers several free publications that are useful for people who want to know more about identity theft ("Identity Crisis... What to Do If Your Identity is Stolen" and "ID Theft: When Bad Things Happen To Your Good Name").
While research firm Celent and the FTC estimate that identity theft will likely reach 1.7 million cases by 2005, the statistics gathered by the FTC to date suggest that credit card fraud will likely be the most common type of theft carried out by identity thieves. The FTC also indicates no link between identity theft and age; victim reporting shows identity theft spread equally across all age ranges with the exception of the very young and the elderly.
Location may have a little more impact on the likelihood of having your identity stolen. The FTC notes that of all the reports of identity theft received from all 50 states, the majority of the reports come from New York, Texas, Florida, and California. Large cities also seem to be high on the list of identity thieves, with consumers in New York, Chicago, Houston, Los Angeles, and Miami reporting the most instances of identity theft.
In the private sector, technology firms and businesses that need to ensure consumer privacy in order to grow their businesses are focusing on the construction of federated systems to simplify the management of private consumer data. Two of the better-known efforts in this area are the Liberty Alliance Project and Microsoft's Passport.
The Liberty Alliance Project is an effort by more than 150 member companies, including Bank of America, General Motors, Sony, and Sun Microsystems. The group is working together to define technical specifications that will help protect consumer data. In addition, the project's vision is to provide a way for consumers to interact with multiple entities using a single-sign-on method that federates authentication across multiple independently operated systems. The project is intended for both commercial and noncommercial use, but the Liberty Alliance Project is early in its implementation lifecycle.
By contrast, Microsoft's Passport is an online service that enables the consumer to use an e-mail address and a password to sign on to any site that is participating in the Passport service. However, the consumer must register with Microsoft and store his personal data on Microsoft's centralized systems.
The Passport program is not without concern or controversy. The FTC took Microsoft to task over Passport and reached an agreement whereby Microsoft would make changes to the service. According to Brad Smith, senior vice president and general counsel for Microsoft, "The FTC's complaint asserts that we should have taken additional security steps earlier in the operation of the Passport service."
Under the agreement with the FTC, Microsoft is taking steps to correct the issues outlined in the complaint. Smith noted, "The order lasts for 20 years, but we plan to continue third-party audits of the Passport service indefinitely."
The European Union has also reached an agreement whereby Microsoft will make substantial changes to its Passport service to avoid fines for breaking EU data protection laws.
Clearly, technology has a way to go before consumers can feel comfortable that their personal data will remain private and not the target of thieves. But, believe it or not, the amount of online identity theft is currently small (roughly 10 percent) compared to identity theft that takes place offline. But researchers expect online identity theft to increase significantly over the next few years. For tips on how to protect yourself while online, see our Security Advisor column "Send in Reinforcements".
How to protect yourself
No matter how thieves try to obtain your information, there are steps you can take to reduce your risk.
-- For starters, order a copy of your credit report from all three major credit bureaus (Equifax, Experian, and TransUnion) at least quarterly and check it for accuracy.
-- If you don't have a lot of time to devote to credit report inspection, you might consider subscribing to a service, such as TRW's Credentials. Credit reporting services typically let you pull credit reports anytime for an annual fee. In addition, these services usually can alert you to a change in your credit report.
-- Use uncommon passwords (in place of, say, your mother's maiden name) on bank, credit card, and phone accounts. You'll need to contact each institution to make this change.
-- Obtain information from your employer and from companies you do business with about how they protect your personal information. Are the records maintained in a secure way and how are they disposed of?
-- If you share your home with others or have frequent visitors, secure all personal data. You might even wish to consider installing a safe for this reason.
-- Don't give out personal information on the phone, in person, through the mail, or online, unless you initiated the communication and can verify whom you are communicating with.
-- Get in the shredding habit. For less than $20, you can purchase a shredding machine from an office supply store. Practice shredding liberally on receipts, bank statements, bills, credit card offers, junk mail, etc. Most thieves will be deterred by all those small strips in your trash and will move on.
-- Don't give out your Social Security number and don't carry your Social Security card in your wallet. Many states allow you to use your driver's license number instead of Social Security number for many transactions. Also, only carry the minimum amount of information you must have in your wallet or purse and secure your wallet or purse at the office. In particular, do not carry medical or student ID cards, as these cards frequently contain your Social Security number.
-- Carefully inspect all monthly bills and statements for unauthorized transactions and notify your bank or credit card company promptly if you do not receive a statement.
What to do if you do become a victim
If you discover that someone has assumed your identity for one or more unauthorized transactions, there are three initial steps that you should take. First, contact the fraud departments of all of the three major credit bureaus. Ask that a "fraud alert" flag be placed on your credit file as well as a victim comment that requests creditors to phone you before opening new accounts or changing account information.
Second, obtain copies of your credit report from all the bureaus and inspect all the data closely. Promptly close any accounts that have unauthorized transactions or new accounts that have been set up without your permission.
Third, file a police report with your local police or in the city where the theft took place. Obtain a copy of the police report and make copies of it. Creditors frequently require such a report to validate your claim of identity theft.
You might also consider phoning the FTC hotline (1-877-IDTHEFT, or 1-877-438-4338) to obtain advice on additional steps you can take to correct the damage as quickly as possible.
Wild, wild west
When it comes to identity theft, unfortunately, we are still in a place where thieves can steal as easily as during the early days of westward expansion in the United States. Consumers and businesses must remain vigilant regarding information protection to prevent identity theft. Hopefully, over time, legislation and technology will improve to a point where identity theft is not as attractive to criminals as it is today.
Protect yourself while online:
-- Purchase only from companies you know and feel you can trust.
-- Provide minimal information on Web site input forms.
-- Check your browser for secure transmission of private information.
-- Practice virus-defense strategies.
-- Proactively monitor all statements for unauthorized transactions.
-- Protect your Internet connectivity (dial up, broadband).
-- Change passwords frequently and use passwords that are not easy to guess.
-- Use e-mail encryption for all e-mail that contains sensitive information.
-- Manage cookies on your computer and delete all but the ones you really need.
-- Utilize mail cleansing tools to rid your inbox of spam.
-- Consider an anonymous re-mailer of you wish to mask your identity.
Legislation in the works
The FTC isn't the only part of government taking action on preventing identity theft. U.S. Congresswoman Darlene Hooley (D-Ore.), together with Congressman Steve Latourette (R-Ohio) and 12 other co-sponsors, originated House Resolution 4311 (known as The Hooley Identity Theft Prevention Act of 2000). According to Congresswoman Hooley, "Victims of identity theft never realize they are victims until they receive a bill in the mail, or even worse, a notice from a collection agency for a purchase they never made on a credit card in their name that they don't even own."
The legislation protects consumers as follows:
-- When a credit card company receives a change of address form, under the bill, they must send a confirmation both to the old address and new address within 10 days.
-- If a card issuer receives a request for additional cards for an existing account 30 days after receiving a change of address form, the bill requires the issuer to notify consumer at both addresses.
-- The bill requires credit-reporting agencies to notify card issuers if the reporting agency notices that a card application differs from a current address on file.
-- The law requires a credit-reporting agency to include a "fraud alert" in the file of the consumer at the consumer's request.
-- The legislation requires fraud alerts to be applied to credit scores as well.
-- The bill also requires consumer credit reporting agencies to investigate discrepancies between personal or identifying information contained in the file maintained by the agency with respect to a consumer, and in personal and identifying information supplied to the agency by the user of the consumer report.
-- The law entitles consumers to one free credit report annually.
-- The legislation restricts the type of information a credit bureau can sell to marketers to just your name and address.
-- The bill allows a consumer to find out what information an individual reference service has on file for them.
"This legislation [HR 4311] would not only empower consumers with protections," Hooley said, "it also would demand creditors and credit bureaus do their part to combat fraud."