THE ENTERPRISE
Have you ever had your identity stolen? I certainly hope not, but the news I have for you this week is not good news. CSI Miami's special segment tonight revolved around a murder that grew out of an identity theft. When identity theft becomes a story line on a highly-rated TV crime show, you know it's hit big time. I was notified last year by a company I bought from that their customer records had been "hacked." I immediately cancelled the credit card and had a new one issued. That got my attention.
Then, seven short months ago, the US Attorney's office announced a guilty plea in "the largest identity theft case in the country's history--a scheme to steal up to 30,000 identities!" As the saying goes, "that was then, this is now." In February, just a few months later, data aggregator ChoicePoint admitted that thieves had stolen vital info on 145,000 people. Two weeks later, Bank of America confessed that tapes containing the records of 1.2 MILLION credit card holders were missing--lost in transit--with no tracking or security precautions to fall back on. DSW shoe stores revealed (to the US Secret Service) that (at first) 100,000 credit card records were missing, then upped the number to 1.4 MILLION. Sooner or later, everyone's luck will run out!
I had an exchange of email with a contact of mine who is an expert in this field (having founded and run a company in the field). He cautioned me: "One of the scariest aspects of this recent rash of reported identity thefts has been that they have all been of large numbers of identities stolen en mass from databases. Another scary aspect is that they have been stolen from a wide range of repositories of personal data: blood banks, medical practices, universities, merchants, financial institutions as well as conventional data aggregators."
After the DSW report, there were 180,000 Polo/Ralph Lauren and HSBC credit cards that had been accessed. Ameritrade's shipping vendor lost a tape with personal information on 200,000 clients. One estimate (by Privacy Rights Clearinghouse) is that 4 MILLION people's identities have been compromised. I bet they are low!
This doesn't mean someone is using your charge cards, or applying for new loans using your credit record--and hopefully, no one has tried to steal your identity totally--which is a truly frightening reality for some people. BUT THERE MIGHT BE SOMEONE WORKING ON IT RIGHT NOW. Frankly, corporate America is finally admitting the truth--it cannot safeguard some of its (and your) most valuable information very well at all.
The way my friend the identity security expert puts it would be humorous if it weren't so scarily true: "So far the reaction of lawmakers to the problem is not encouraging. It is akin to a lawmaker coming to the aid of a farmer who has discovered his horse stolen and the lawmaker has joined the farmer outside the empty stall yelling, “I’ve been robbed!” Lawmakers are behind the curve on this one--badly.
As I continued our dialogue, he reminded me of something I had recently realized (I moved last year and had to update far more records than I ever imagined.) He says, "First, most consumers really aren’t aware of how many places their identity information is stored and the conditions under which it is maintained. Second, security for much personal information is inadequate. Third, when whole databases are compromised it is not only personal information that is compromised, but also authenticating information, such as PINs and passwords are compromised as well."
There was nothing at all comforting in his words, and as he went on, it wasn't any better. "Armed with hundreds of thousands or even millions of stolen identities and a computer the digital con artist can attempt thousands of crimes at once. His failure rate can be 99.999% and he will still be successful."
One of the richest market for stolen identity information is the need of illegal aliens to obtain credentials and legitimate-looking documents. Credit card fraud is what we worry most about, and even though it is on the upswing, it has not yet reached the epidemic proportions that the thefts have. This sounds a lot like a "ticking time bomb" to me.
His final concern was what brought me to write about this subject in THE ENTERPRISE. While he (and his company) didn't want to be named, he agreed that I could use his words or at least the essence of his message. Think about this one: An identity thief armed with all of a consumer's personal information and (most likely) authenticating information as well, financial institutions, employers, government, airlines can't tell when identity information is being used by a thief or terrorist. They also can’t tell when it is being used by the rightful consumer-owner.
So now what? I'm not an expert in this field, but several conclusions are emerging that seem obvious:
--Identity theft will hinder or harm businesses of all kinds in the near future; perhaps electronic transaction-based businesses will get hurt the worst, but these days, that's most businesses.
--It is time to be particularly vigilant for anything suspicious. The greatest loss of personal information still comes from "phishing" or "social engineering" where someone "cons" the owner into giving up personal information with a mass-mailed or a spam/e-mailed inquiry. The best of them look so legitimate; but they aren't. Don't respond and DON'T GIVE THEM YOUR PRIVATE INFORMATION, either via email or on the phone.
--Shred documents containing personal information before disposing of them...and for me, that means even those unsolicited credit card offers. Dumpster diving is still a simple way to steal private information.
--Change/vary passwords and PINs often and don't use obvious combinations like your birthday, or simple numeric combinations like 1234 or 1111. Include mixtures of alpha and numeric characters in passwords.
--Don't give out your Social Security Number (or any private number) except in instances where there is no other option. The fewer places those numbers are stored, the fewer targets there are for thieves.
--Whenever you see something suspicious in the statements your receive, or have something odd happen, check it out right away by making an independent contact with the institution involved. If it turns out to be some form of identity theft or fraud, document your case, facts and concerns to the business/institution in writing so you'll have a "paper trail".
We live in an electronic, information age. So many daily activities are simplified by this technology, we forget the "dark side" of it. If this "heads up" only saves one person the grief of an indentity theft, it will have been worth it. Caveat emptor (buyer beware)--in more ways than one.
Best, John
Comments