Low-tech Methods Still Used for Identity Theft

With all of the news of data breaches and identity theft committed by hackers, many are concerned with electronic security, and they are right to do so. However, while we seek to protect ourselves online and companies seek to protect their employee and customer information, we must not forget that there are identity theft methods that require little or no access to a computer or the Internet.

According to a study from the University of Ithaca's Center for Identity Management and Information Protection (CIMIP) on closed ID theft cases, identity thieves still rely on low-tech old-school methods such as dumpster diving and mail theft. Thieves also gained information on potential victims through public records. The Internet or technological devices were only used in about half of the examined identity theft cases. In fact, the Internet was the sole method used in less than 10 percent of the cases. Granted these numbers are a few years old (2001 to 2004), and the use of technological methods has probably risen. Also, this data relies on the cases of identity theft that were reported and closed, and many cases go unreported either because they are undetected until the thief is long gone or because the victim knew the thief and decided not to report a friend or family member.

While this study obviously cannot tell the whole story, it can serve as a reminder that identity theft can be committed in many ways. While you want to protect your electronic data, you want to protect yourself on other fronts as well. These low-tech methods will continue to be used to commit identity theft because they do not require knowledge or access to hi-tech devices.

NFCC to Lauch Protect Your Identity Week

With everything that is being done to punish identity thieves, identity theft is still a major problem. While companies and governments can take precautions to protect consumers, we all need to be doing our part to protect our own identities. The best way to do so is education regarding how identity thieves work and how we can keep our information out the hands of those who will us it fraudulently. The National Foundation for Credit Counseling (NFCC) is looking to provide the resources and education to increase consumer awareness of identity theft.

The NFCC is launching the Protect Your Identity Week October 19-25, 2008. Member agencies across the U.S. will be offering credit report reviews, shredding events, and identity theft workshops as well as other education focusing on preventions of ID theft. All events will be free and open to the public.

The NFCC has also launched a new Web site to tell you about PYIW events near you and provide information about protection and recovery for identity theft victims. Education is the best way to let people know what they may be doing on a daily basis to make themselves more vulnerable to identity theft. Making it national week will definitely help, but this education and protection should be available. I've added the web site to my list of resources. Hopefully they will expand it with more information that consumers can use all year round.

Update for Identity Theft Enforcement and Restitution Act

As a brief update, according to this article from The Washington Post, President Bush did, in fact, sign the Identity Theft Enforcement and Restitution Act. This will make it easier for prosecutors to go after cyber criminals. It will also allow identity theft victims to not only be compensated for their direct losses from identity theft, but also their indirect losses (like time spent restoring credit or possible job denials as a result of ID theft) once their identity thieves are brought to justice.

Keep in mind the victim is only compensated for the indirect losses caused by identity theft if those responsible are brought to justice. Most identity thieves are never caught, so this will not help many identity theft victims.

Identity Theft in a Sluggish Economy

So what is the reason for the spike in identity theft and data breaches in 2008? We can offer any number of reasons. After all, ID theft has been on the rise for years, but it seems like every time we turn around we're hearing about a major data breach or identity theft case (like the TJX case back in August). Part of the reason is the obvious fact that ID theft is getting easier to commit as technology advances, and we need to make sure our security measures are equal to the task of protecting private data. Certain agencies posting private consumer data on the Internet doesn't help either.

But what is motivating people to do this? A press release by MyPrivateCredit has offered at least one possible indirect cause. The sluggish U.S. economy of 2008 may be at least part of the cause of the rise in identity theft and data theft. When economic conditions decline with people either out of work or the paycheck not going as far, many will seek additional sources of income. And not all of these income sources will be legal. Identity theft might seem like an easy answer for those who are capable of pulling it off. After all, ID theft is profitable. Even if someone isn't actually using the data they steal, they can sell it to those who will.

While this press release definitely offers some interesting points, it by no means tells the whole story. Yes, the sluggish economy may inspire some to turn to fraudulent income streams, but that doesn't explain why identity theft has been steadily on the rise even when the economy was not in such a sad state. As identity theft becomes easier, we need to become more cautious about protecting our private data, and companies need to increase their security as well, including the human element.

Read over the link I provided above. After all, it does raise some interesting points, and by all means, protect your identifying data, especially if the temptation some to commit identity theft is looming larger than usual.

Business Identity Theft

Most of the posts on this blog deal with data breaches that may lead to ID theft and scams leading to personal/individual identity theft. However, this is by no means the limit in regards to identity theft. A business can have its “identity” stolen just like an individual can. In fact, for the identity thief, targeting a company rather than an individual can be much more profitable. After all, a business will have a higher credit limit since a company will need to make more large purchases than one consumer would. Needless to say, identity thieves sophisticated enough to pull it off will be targeting this bigger payoff.

Scammers are more likely to target small businesses that will not have the budget or resources to protect its accounts and sensitive customer information that a larger company will. But since even a small company will have a high enough credit limit to be worth a thief's time, fraudulent charges will be more likely to blend in with other company purchases, especially if the scammer is purchasing software or other products that would not look unusual to an accounting department. A scammer can also steal a business's identity by posing as that company and ripping off customers.

Like individual ID theft, business identity theft can be devastating to a company as well, but for different reasons. Obviously, identity theft will affect the business financially, but it can also do major damage to the company's reputation, especially when the fraud is being committed in the company's name. Recovering from identity theft is a difficult process, whether you are an individual consumer or a company.

Ohio Joins Other States in Embracing the Credit Freeze

Many states are embracing the credit freeze as a way for people to protect themselves from identity theft. This time Ohio is joining the states that allow residents to freeze their credit beginning Labor Day 2008. For $5 per credit bureau, Ohio residents can purchase a credit freeze to keep their credit reports from being viewed without them making the reports available by "thawing" them.

While no method of identity theft protection is completely fool proof, a credit freeze is definitely a helpful tool in protecting yourself from financial ID theft. What the credit freeze does is locks your credit report from anyone trying to extend credit to you. No potential creditor can view you credit report without you "thawing" it for them (something you would do if you apply for a loan or a credit card). So if an identity thief applies for credit in your name, he or she will be turned down since the company will not be able to view your credit report.

What can a credit freeze not prevent? As I said, there is no perfect identity theft prevention service. It doesn't protect your existing accounts. Current bank and credit card accounts will still need to be reviewed carefully and regularly. Also, some service accounts can be opened without a credit check, like phone and other utilities. Finally, it won't prevent unauthorized use of medical insurance (medical identity theft) or someone giving your name during an arrest (criminal identity theft).

Yes, it's limited, but unlike many so-called identity theft protection services, a credit freeze can actually protect you rather than just monitor your credit and alert you to unauthorized activity. I don't usually don't encourage people to purchase services, but for Ohio residents, this could be the best $15 you spend in a while.

Honesty Online Can Increase Identity Theft Risk

I'm sure you've heard it before, even from me, "Be careful what you divulge online." Whether you're conversing on a niche forum, frequenting your favorite chat room, writing personal blog posts, or maintaining your MySpace page, you need to be careful how honest you are with your personal information. Even sharing your birth date, which seems fairly innocent, can come back to haunt you if the information falls into the wrong hands. Remember that fraudsters don't need much information to make you an identity theft victim. Why make ID theft any easier than it already is?

Yes, you've heard all of this before I'm sure. However, what about your online banking security? Obviously, you don't want to have a password that is easy to guess, but you also have your bank's security questions to answer in case you forget your password. Do you answer those questions honestly? It might help if the bank's security questions couldn't be answered by information that is public record or easily guessed, but they do want you to be able to answer them if you forget your password. However, this PC World blog points out just how easy it can be to access someone else's online banking information. Your father's middle name and the city where you were born can be found fairly easily by anyone willing to do a bit of footwork. So you may not want to answer those questions honestly. It may come back to bite you in the form of identity theft. You may not want to give your pet's name when asked for it. You may not want to supply a "name" at all, or if you do, include some numbers or other characters in the mix. If your cat's name is Fred, don't simply type in "Fred." Try something like "2f7r1e!d&" or something more complex than simply a name. Yeah, it's obnoxious but you get the point.

There are times when you have to be honest online (like with online purchases, that is if you actually want to receive what you are ordering), but other times your honesty can hurt you. You can avoid being an identity theft victim by knowing what to hide and what to tell.