Current State of Identity Theft (1 of 5)
As a group project for my Project Based Information Systems class at UMass, our group chose to write on the subject of Identity Theft. We’ve tried to show that government and the private sector are struggling to reduce the threat while most of the cost and burden falls on the merchants and individuals. I will be posting each individuals portion and and the final paper here. I had the intro and it is as follows…
Imagine you wake up one morning to a phone call. The person on the other end is the HR manager for the company you just interviewed at. She informs you that they found a problem with your background check. You think to yourself — for sure that ticket last August wouldn’t cause an issue. Only to find out that it shows you’re in a federal prison on a drug trafficking charge. You’re floored and assure her that you are not in prison and certainly not for drug trafficking.
After 40 plus hours of stressful phone calls to people who you can only describe as less than helpful, you feel like you’ve been beaten with a baseball bat. Even so, you think that you’ve gotten you’re name cleared and all the fraudulent charges removed from your credit report. You vow to never be caught in this situation again. You pick up the phone, hopefully for the last time, to call a fraud alert place you’ve read some good reviews about. Finally get on the line with someone helpful.
Over the next few minutes you explain to the person on the other line what’s happened. First someone stole your mail, you didn’t think anything about it — just a slow day at USPS. It turns out that it was a drug addict that used your mail to get a fix. The dealer, with his new identity, proceeded to use your good name to launder his ill gotten gains. He even used your name when he was arrested. The person on the other end knew just what to say and for $210 dollars a year they assure you this will not happen again.
If you think this isn’t common you’re mistaken. Scenarios like this happen every day. People’s mail is stolen, cars broken into, even the retailer up the street who forgot to turn on encryption for their wireless network gets hacked. This happens to 1 out of every 30 Americans. The yearly losses for identity theft range from $48 to $56 million dollars.
Identity theft, defined by Bruce Schneier, is when a criminal collects enough personal data on the victim to impersonate him to financial institutions. Government and the private sector are struggling to reduce the threat while most of the cost and burden falls on the merchants and individuals. Identity theft, fraudulent transactions, and data breaches in the news are becoming the norm. Many financial institutions lobby congress to keep litigation from passing, because having readily available and identifying information on your clients is good for business.
This type of crime involves two issues. One is the privacy of data and the other is the how easy it is for a criminal to use this data. We’ve focused a lot of our efforts on keeping the data private and verifying if someone is who they say they are, but not on authenticating the actual transaction. Some credit card companies are starting to do this. If they see a purchase or multiple purchases that are “out of character” they flag the transactions and alert the card holder.
Many state governments are trying to provide new ways to reduce the likely hood this will happen to an individual. Seventeen states have passed “credit freeze” laws and giving harsher penalties to criminals. While these are good things, people don’t realize how often their credit is used. This can cause a very large inconvenience when you’re trying to switch cell providers for example. There is always a line between security and convenience. Often times we err on the side of convenience and that is where many of these problems arise.
A new trend coming into the public spot light are companies disclosing data breaches. This has made a lot of headway in forcing companies to secure their data. It’s also given way to new standards and regulations like PCI-DSS or Payment Card Industry Data Security Standard. This was developed by major credit card companies and is a guideline for companies. It is a security framework for companies that puts forth requirements for storage, transfer, and deletion of credit card information.
Protection against Identity Theft falls on everyones shoulders. Merchants need to find better ways of verifying people. Financial institutions need to start authenticating transactions and we need to be a little more careful with out own information. What is the final answer? That is yet to be seen, but more can be done that is for sure.
Resources:
Forbes: Solving Identity Theft
NYT: Technology and Easy Credit Give Identity Thieves an Edge
Tags: IdentityTheft, School, Paper
