VoIP for Enterprise TMC

Under an Assumed Name

September 25, 2006
Under an Assumed Name. Check it out:
(Access Control & Security Systems Integration Via Thomson Dialog NewsEdge) The year of 2006 has been a busy one for potential identity theft, including the 26.5 million records contained on a stolen VA laptop, the 21,000 federal direct student borrowers' data exposed on a Department of Education Web site and the missing back-up tape from the California Department of Mental Health that referenced the names, addresses and telephone numbers of nearly 10,000 employees.



The Federal Trade Commission received nearly 700,000 fraud and identity theft complaints in 2005. Consumer Affairs estimates in 2005 that more than 50 million Americans received notification that their personal data had been stolen due to a data security breach. The illegal use of Social Security numbers has also risen sharply from 11,000 reports in 1998 to more than 65,000 cases five years later. Privacy Rights Clearinghouse lists the total number of publicly reported breached records since February 2005 as surpassing 90 million. Even more fearsome is the fact that identity theft is a common practice for terrorists.

Identity theft, a federal crime, happens when someone uses another person's identification such as name, Social Security number, license number or account number to commit fraud. Theft occurs by creating new financial accounts (credit cards, loans, etc.) or by taking over existing accounts such as checking, savings and investment portfolios, as well as committing crimes (DUI, shoplifting, etc.) while using the assumed identity.

While the growing use of technology and the Internet have exacerbated identity theft, it is by no means the root cause. The FTC reported only 3 percent of identity fraud victims cited misuse of their Internet accounts. High-profile identity thieves such as Abraham Abdallah, Philip Cummings and James Rinaldo Jackson routinely relied on publicly available information and pretexting or posing as a legitimate representative to obtain private financial data that allowed them to steal million of dollars from celebrities and business magnates prior to their arrests. During their incarcerations, they continued to perpetuate their crimes via telephone and the U.S. mail.

Terrence DeFranco, CEO of Edentify, providers of identity theft detection and prevention solutions and an associate member of the Association of Certified Fraud Examiners, explains that data is often acquired through low-tech means such as shoulder surfing, stolen laptops and dumpster diving.

Stealing identities is still done in a low-tech fashion, but the way of carrying out the actual crimes afterwards are enabled by technology, DeFranco says. Once the data is in the possession of the fraudster, that is where technology really takes over. What technology has actually done is increase the volume of transactions that can take place.

DeFranco also attributes the rise of identity theft over the last seven years to the fact that identity data has been separated from its owner. He points out that identity verification for online transactions is based upon the validity of presented data, not an actual person. This is where he sees room for improvement.

Besides protecting the data once it has entered their possession, DeFranco believes that financial institutions and government agencies need to better scrutinize the data as it is introduced to their systems. If I steal your data, it shouldn't be so easy for me to walk into JCPenney and get an account in 10 seconds, DeFranco says. Scrutiny of the information when it is presented is just as important as holding on to the information safely.

With the increase in identity theft, vendors are responding with both consumer and enterprise solutions for combating personal data theft.

Gartner reported that in the first five months of 2004, 57 million Americans received phishing emails a popular Internet spoofing scam in which identity thieves masquerade as legitimate business Web pages to gain access to usernames, passwords, and PIN and account numbers. Popular consumer products such as the Zone Alarm by Zone Labs, Redwood City, Calif., and Norton Internet Security by Symantec Corp., Cupertino, Calif., have integrated features to prevent phishing attacks, which have been linked to spam, spyware and malware.

Realizing that a data breach can create both a negative financial impact and damage an organization's reputation, enterprises are responding to the threat of identity theft in an assortment of methods such as two-factor authentication and encrypted sessions. Craig Isaac, president of Neon Software, Lafayette, Calif., developers of intrusion detection and network discovery software, help solve the problems surrounding data theft both internal and external from the network. Seeing network access control as the direction in which organizations are moving, Isaac says, Companies are looking closely at who is getting access to their networks, how they are getting access and where they are connecting to the network.

That level of access control may have stopped 2,000 patrons of the Wichita State University in Kansas from having their credit card numbers stolen due to the unauthorized access of three computers in their College of Fine Arts box office.

In an effort to further curb identity theft, 34 states have enacted data breach legislation requiring organizations to notify those whose private personal information has been compromised. This practice lets individuals be more proactive by placing fraud alerts on their credit reports and by closely monitoring their financial accounts. Unfortunately, the majority of identity theft targets do not realize they have been victimized until it is too late often when making a significant purchase such as a vehicle or a home. House Judiciary Chairman F. James Sensenbrenner, R-Wis., pointed out in an interview after the recent passage of the Identity Theft Penalty Enhancement Act (ITPEA) that it often takes years for identity theft victims to clear fraudulent credit history and criminal charges.

It comes as no surprise that laptop computers are popular targets of thieves. The University of Washington's Medical Center, Ernst & Young and the Metropolitan State College in Denver, Colo., have all had laptops stolen that contained thousands of private personal records.

While policies against storing sensitive data on portable media including laptops, USB drives, CDs and mobile drives such as iPods are gaining, they failed for the VA when a long-time analyst at the Veterans' Administration had their now-famous laptop stolen. In addition to stepping up its cyber security awareness training after the theft, the VA has chosen to begin encrypting all personal data that could be used to commit identity theft, regardless of location.

Two of the most effective measures against identity theft are education and common sense. Organizations that routinely handle personal and financial information are also taking non-technical measures to protect data. Background checks for even low-level customer service representatives and extensive training on how to spot possible fraud are becoming customary.

Additionally, consumer education in regard to both preventing and identifying possible identity theft is on the rise. In the wake of publicized data breaches, the media and the victims flood consumers with advice to regularly check credit reports with major credit bureaus and to call creditors and banks when statements do not arrive on time. Moreover, consumers are advised to shred unsolicited credit applications and to never give out any personal information to unsolicited telephone calls and e-mails.

According to the FTC, the good news is that the dollar amount per instance of identity theft is decreasing, which means both organizations and individuals are beginning to stop fraud from rolling out of control. People are getting educated and looking out for it a lot more actively, DeFranco says. As long as we're doing that, it's a great trend but the numbers [of theft] are still pretty significant. DeFranco also warns that fraudsters are looking for new ways to steal identities.

Despite better education about identity theft, fraudsters are out there reading the same warnings and finding alternative ways to pilfer identities. What is yesterday's phishing is today's pharming or redirecting a legitimate IP request to a bogus Web site. Identity thieves are looking for the least intrusive and least risky way for stealing information, DeFranco says. When so much of it is out there on the Internet being sold in chat rooms and stolen in low-tech ways, it is really discouraging. But preventing people from handing over information by educating them about identity theft seems to be finally taking hold.

ABOUT THE COMPANIES

For information, circle the Reader Service number (listed below) or visit securitysolutions.com

Edentify.75Symantec Corp.76Zone Labs77Neon Software78

Copyright 2006 by Prism Business Information. All rights reserved.www.prismb2b.com


Related Tags: , , , , ,

Listed below are links to sites that reference Under an Assumed Name:

Trackback Pings

TrackBack URL for Under an Assumed Name:
http://blog.tmcnet.com/cgi-bin/mt3/mt-tb.fcgi/27906

Comments to Under an Assumed Name