Identity
theft is a growing problem. You can hardly turn on the news without hearing
another story on identity theft or the importance of protecting personal
information. Every day, we are bombarded with ads promising protection from
identity theft if the right paper shredder is used or we subscribe to the
monthly service that will protect our credit scores.
So,
what is the risk from identity theft – is it really so dangerous? Are there
steps that can be taken to protect against this type of crime? The answer to
both is yes.
Let’s
start with a look at the risks. The Federal Trade Commission estimated that
total losses to business and financial institutions due to identity theft were
$48 billion. The average loss to a business from identity theft was $4,800 per
incident. Individuals lost an average of $580 to $800 depending on the type of
fraud or identity theft. It may also take 30 to 60 hours to resolve identity
theft. In some studies, victims have reported spending 175 hours to clear their
names.
Biblical backgrounds
Isaac blessing Jacob in disguise (from WikiCommons) |
Identity
theft is not new. Perhaps the first documented case of identity theft is found
in the bible. Jacob was the younger of twin brothers and wanted the blessing
that his father was going to give to the older brother, Esau. Jacob knew that
his father, Isaac, was nearly blind so Jacob disguised himself to resemble
Esau, approached Isaac and tricked him into giving the blessing to him instead
of Esau.
Wax seals were a form of protection from identity theft. |
Since
that time, kings, popes and other dignitaries have gone to great length to
authenticate important papers with the use of wax seals. The seals were stamped
with the crest or emblem specific to that individual as a mark to guarantee
that the information therein was truly from that individual and to protect the
privacy of the contents.
ID Theft in the 21st Century
Modern
technology has brought about changes on how identity thieves operate. Contemporary
techniques include pharming, phishing and skimming. Pharming involves using the
Internet to redirect a victim from a legitimate website to an alternative site
that is designed to look like the genuine site, but instead is used to collect
personal information. Phishing is more widely known now and involves emails sent
from what appears to be a legitimate business, usually citing a problem and
asking for personal data to correct the problem. A new twist, called vishing,
involves not only emails, but also follow-up phone calls from suspects trying
to obtain personal information. Skimming occurs when a person, such as a
waiter, takes your credit or debit card for payment. The card is swiped in an
electronic reader and the data recorded and later used to create a fake card
with the correct account information. This can be the most difficult to trace
as consumers hand their debit/credit cards to merchants and their employees
routinely.
There
are also the cases in which the potential victim has no direct involvement at
all. Think of recent news stories where databases have been lost or stolen
along with thousands and even millions of individuals’ personal data per
incident. More often than not, the data loss was not the real motive and was
secondary to any actual crime, such as the theft of a laptop. In those cases,
the involved individuals do not become victims of identity theft, but still
have to remain vigilant.
People
no longer use a personal seal to authenticate documents, but instead use
numbers, usually a social security number or even a credit card number. Increasingly,
merchants are requesting combinations of personal information in order to
complete a transaction. For example, many online merchants request a customer
enter a credit card number with the billing address for that card, even if the
item is shipped elsewhere in order to verify that the purchase is legitimate. Some
gas stations are now requesting the billing address zip code for credit card
purchases as well.
The
most common form of identity theft in more than ½ of the cases is simply the
use of stolen credit cards to go on shopping sprees. This type of fraud is also
the easiest to correct. However, about ¼ of the cases involve opening new
accounts in the victim’s name and can be much more devastating and the impact
can last much longer.
Rights and Responsibilities when Recovering from ID Theft
Everyone
should understand their rights and obligations in regards to identity theft
before becoming a victim. In general, victims are only liable for $50 for
fraudulent debt. However, victims do need to notify their bank or credit card
company within 60 days of learning of fraudulent activity. If an ATM or debit
card is lost or stolen, victims need to notify the bank or credit union within
two business days upon learning of the loss. In the case of fraudulent checks,
victims need to notify the bank promptly in order to limit their liability.
Under
Federal laws, everyone can obtain a free credit report once a year from each of
the following three consumer credit-reporting companies: Equifax, Experian and
TransUnion. Check the report for new accounts that you did not open. If you
have been a victim of identity theft, you can place a fraud alert, which
prevents new accounts from being opened in your name.
Many
services offer protection from identity theft for monthly fees. Carefully
evaluate the services offered to see if it is truly worthwhile for your
situation. As noted, various laws limit the amount that a victim can be held
liable for to $50 maximum. Be wary of the sales pitches that provide services
already available free.
So
what happens if you do become a victim of identity theft? The Federal Trade
Commission (FTC) recommends placing a fraud alert with the three consumer
credit reporting agencies and closing any accounts that may have been exposed
to loss or accounts opened fraudulently. In addition, the victim should file a
police report and file a complaint online with the FTC.
Unfortunately,
filing a police report could be more difficult than it sounds. Identity theft
often crosses numerous jurisdictions or is unclear where it exactly occurred. Police
officers may refer victims to other agencies to file their report based on
where part of the crime took place. The United States Department of Justice was
involved in the development, along with several other organizations, of a
national strategy to deal with identity theft. One of the recommendations is
that police reports be filed in the jurisdiction where the victim resides. If a
police agency is reluctant to take a report let them know about the recommendation.
If the officer is still hesitant, ask that an ‘information only’ report be
taken. Be sure to get the police report number for your records. Have an
outline of the identity theft prepared ahead of time with dates, information on
affected accounts, bank addresses and information on any other related police
reports that may have been taken, as well as any suspect information, if
available. This will make the reporting process easier and will help to make
sure that no important information is forgotten or left out of the police
report.
Solving ID Theft
Identity
theft can be confusing and may happen in many different forms. One thing is
clear – identity theft will continue, as the suspects evolve and develop new
techniques to counter the steps used to thwart them. The FTC offers a
wide-range of information on the Internet about identity theft and what to do
if you become a victim. Protect your personal information; monitor your credit
reports and review your account statements for any suspicious activity and you
will minimize your risks.
Eric
Smith, CPP is the leading authority on organizational self-defense. He has
extensive experience in law enforcement as well as security management. Eric is
available for staff education and security awareness training as well as
business coaching to help organizations provide safe workplaces. To learn more
email eric@businesskarate.com.