Identity Theft - Laptop Security Blog

Identity Theft Aftermath Study

The Identity Theft Resource Center (ITRC) has released their 5th annual Aftermath Study, looking into the impacts of identity theft on its victims. The study is both qualitative and quantitative, involving the experiences of identity theft victims. The study seeks to understand all the impacts, from emotional impacts to the financial loss suffered.

Highlights of the 2007 ITRC Aftermath Study:

Types of identity theft crime: 78% financial, 2% criminal, 2% government (the remaining as combination cases)
57% of victims had their information used to open new lines of credit
For non-financial identity theft, 62% had thieves commit financial crimes that resulted in their names being issued in warrants
Nearly 1/3 of identity theft were started by a person known to the victim (5-yr data)
82% of victims found out about the theft through an adverse action (10% found out from proactive measures by businesses, 8% saw it on their credit report)
Victims spent an average of $550.39 in out-of-pocket expenses for damage done to existing accounts (for new accounts, an average of $1,865.27) and 116 hours to repair the damage (158 for new accounts)
19% of victims indicate it took more than 2 years to resolve their case (70% resolve in up to 12 months)
Credit agencies cause delays in fixing records - 31% of victims complain of negative information being put back, 32% of it not being removed, 22% of SSNs being tied to another person’s file, 19% of a fraud alert being ignored
49% of victims report stressed family life

The ITRC trends indicate that obtaining new credit lines, as an avenue for fraud, may be becoming more difficult. They predict that check fraud and debit card fraud, which are increasing, may see further growth as these trends continue.

Victims of identity theft do suffer greatly, and it takes a great deal of both time and money to resolve the issues. Some issues, according to the report, may continue to linger long after credit reports are cleared. For example, insurance & credit card rates may go up. Others face an inability to get credit (64%) or to have credit agencies still calling. In some cases, victims have difficulty getting jobs or in clearing their criminal records (when their identity is used in a crime).

You can download the full report here [PDF]

Tags: id theft, identity theft, aftermath, breach, financial theft, fraud, id theft victims

Vancouver the Mail Theft Capital of Canada

CTV is running a four-part series looking into the “epidemic of identity theft” in Vancouver, part of which is due to the volume of stolen mail in the city.

Sgt. Ken Athans, who runs the Vancouver Police Department’s identity theft task force, says identity theft is huge business in Vancouver, and only getting bigger.

“It’s high gain and low risk, more people are going to get into it and that’s what’s happening in Vancouver,” Ken Athans said.

Areas like Yaletown and the West End are prime targets for mail thieves, where the affluent lifestyle attracts people to search for credit card applications or bank statements to initiate fraud. Peter Stabler, a crown prosecutor, convicts an identity thief every other business day in the city. That said, there is a high proportion of repeat offenders who view jail time as part of the “job.”

Vancouver is the mail theft capital of Canada, and CTV has learned that Canada Post has delayed the replacement of improperly secured mail boxes for as many as five years. Only about a third of improperly security mailboxes have been replaced, leaving many open to theft by easily forged keys.

Canada Post does not record statistics of stolen mail, only undelivered mail. This makes it difficult to understand the extent of the problem. Once mail is delivered, Canada Post will no longer claim responsibility for it, and it’s up to local law enforcement to investigate the theft of what, at that point, is personal property. You can read some of what Canada Post had to say here.

What do you think about the issue? Does Canada Post have a responsibility to protect the mail, even after its been delivered?

Image: maps.google.com ; Tags: mail theft, vancouver, id theft, identity theft, security, mail security, mail, canada post, ctv

Canadian Government ID Theft Flyer

I opened up my mail this week to see a flyer from the Canadian Conservative Government via our MP Stockwell Day. The front of the flyer is shown above. There is a quote on the back as follows:

“This Government is following through on its commitment to give police the tools they need to better protect Canadians by stopping identity-theft activity before the damage is done.” - Rob Nicholson, Minister of Justice

According to the flip side, the Canadian Conservative Government is putting forward tough new laws to prevent identity theft, to compensate victims, and to put identity thieves behind bars. I am supposed to cut out the bottom half of this flyer and return it with the answer to this question as “Yes” or “No”:

“Do you support the Conservative Government’s tougher laws against identity theft?”

Sounds great - proactive, right? I have a problem with it though. There is no information about what these laws are, what they do, or where I can learn about them. No website, nothing. I have absolutely no idea to which law the flyer refers.

So, if a member of the Conservative Government would like to fill the public in on which of the multiple identity theft bills before Parliament they are referring to, I’d be happy to answer their survey.

Tags: id theft, id theft survey, canada, identity theft, parliament, laws, legal system, conservative government, stockwell day

The Sophistication of the Underground Data Economy

The black market for data is much more sophisticated than most people realize. It’s not a “one price fits all” scenario. There are price points, just like in any advanced market. And, just like the same markets, there are services provided to prospective customers.

Francois Paget of McAfee’s Avert Labs blog has shared a discovery about the prices going on different “quality” levels of data on the black market.

Avert Labs has discovered a “price list” for everything from credit card numbers to bank account logins and other personal data that is sold in the underground economy. A tip led them to a website that was auctioning off data, including bank logons and credit card information, with prices such as:

Washington Mutual (US), balance $14,400 (sell price 600 euros/$924)
Citibank (UK), balance 10,044 pounds/$19,626 (sell price 850 euros/$1,310)

If you buy a bank account login, and the data owner has cancelled the account within 24 hours, they’ll even give you a replacement stolen account.

So, the black market is an organized system with value for quality, and even customer service. The same website sold information in “bundle prices” and offers free data only a daily basis, as “goodies” to entice their sale.

Visit the Avert Labs site for more information and screen shots of the system in question.

Via CNet Tags: black market, data, data resale, underground economy, data breach, personal data, data resale, identity theft, fraud

80% of Americans Worried About Identity Theft

Bankrate’s recent poll about the consumer knowledge of identity theft indicates that 80% of Americans are worried about identity theft.

Gfk Roper America conducted a random survey of American households, compiling results from 1006 adults (524 women, 482 men). According to the survey, respondents who know someone who has been a victim of identity theft (34% of the respondents) are more likely to fear becoming victims of identity theft themselves.

Respondents who are concerned about identity theft are more likely to be taking steps to prevent it. These steps include shredding documents and monitoring credit reports.

Surprisingly, 35% of people who are concerned about identity theft have taken no steps to avoid identity theft. This number shows a great deal more avoidance of the issue than I expected. Indeed, for people not concerned about identity theft, only 19% haven’t made any changes to avoid identity theft. So, the data is indicating that although some people concerned with identity theft go above and beyond to protect themselves, in some cases the knowledge of identity theft leads to an increase in the "head in the sand" approach.

Participants’ Response to ID-Theft (Bankrate - GfK Roper survey - North America - April 2008)	Concerned About ID-Theft	Not Concerned About ID-Theft
More likely to shred documents with sensitive personal data	82%	52%
Use a secure snail-mail mail box (at post office or a locked box at home)	63%	51%
Avoid online banking	54%	55%
Check credit reports regularly	53%	30%
Refuse to shop online	42%	47%
Requested a Security Freeze on their credit reports	23%	6%
Only pay bills online	16%	13%
Haven’t made any changes to avoid identity theft	35%	19%

In terms of defining which avenue of identity theft most scares the respondents, information obtained over the web (45%) and information obtained from a business (25%) dominated the results. The data indicates a strong fear of e-commerce as leading to identity theft, which is largely unsupported by the data breaches happening today.

"Consumers tend to blame security breaches and incidents on the ‘Internet’ and they are more likely to change their online behavior than their behavior in the physical world as a result. This reaction is not based on the facts. The fact is that the large security breaches are happening at brick-and-mortar companies like TJX and Hannaford." - Avivah Litan, VP and Analyst, Gartner

Identity theft is misunderstood by consumers - both how it happens and what the consequences are. Much more consumer education is needed, in addition to safeguards that service providers can put in place to proactively protect consumers.

Via I’ve Been Mugged Tags: identity theft, id theft, id theft prevention, theft prevention, breach, security, online security, internet security, data security

ID Theft Safeguard used to Steal IDs

Even the most carefully laid plans can go awry. Federal prosecutors charged a Southern Californian woman this week with aggravated identity theft after she used a genealogy website to locate people who had recently died and to take over their credit cards.

Tracy June Kirkland was using Rootsweb.com to find the names, Social Security numbers and birth dates of people who had died. She would then call credit card companies randomly to see if "she" had an account, if "she" did, she would request a mailing address change and, in some cases, would add her own name as an authorized user. Ms. Kirkland repeated this scheme at least 100 times between October, 2005 and last month.

Rootsweb.com is a genealogical research site that, amongst other services, reproduces the Social Security Administration’s Death Index, which is a public list of people who have died, along with their birth dates and Social Security Numbers. The government publishes this list with such detail in order that banks can prevent people from applying for credit under any deceased people’s identities. The information is made public by the Freedom of Information Act.

Tracy Kirkland has found a loophole in the system by, instead of applying for new credit, simply co-opting existing credit accounts. This is the first time this exploit has been found, according to a spokesperson for the Social Security Administration.

"The reason the Social Security Administration has it out there is to prevent fraud, and when it’s used to perpetrate fraud it’s because not all the checks and balances were in place on the financial institution’s end."

So, what do you think? Should the Social Security Numbers be reported on the Death Index? Do you think the benefits to the prevention of identity theft outweigh the risks shown here?

You can feel the full court indictment here [PDF]

Via wired ; Logo: Rootsweb, a part of Ancestry.com and MyFamily.com Inc.Tags: rootsweb, identity theft, id theft, death index, breach

Tax Season a Time for Fraud

You know about thieves stealing your credit cards, or even accessing your bank statements. But did you know that your tax refund is also at risk?

The Seattle Post Intelligencer has exposed the story of a woman who found a case of fraudulent tax return under her name - a thief who has filed taxes under her Social Security Number that would result in a refund. It could be that many other people will find themselves the victims of identity theft this tax season.

An unnamed woman sat down at her computer to file her taxes, but they kept being rejected with an error that a tax return had already been filed under her Social Security Number. After calling the Social Security Administration and the IRS, she found that the tax return had been filed under a different address - not hers.

The thief had filed a fraudulent tax return under her name - this tax return would yield a cash refund. And so, the woman now has to file a police report, a complaint with the FTC, put a fraud alert on her credit report, and to go through the process to prove her identity in order to submit her real tax return.

An earlier Seattle PI story painted a dire picture of the process: another tax preparer who found herself a victim of identity theft was unable to receive her tax refund until two months, and many calls, later. And she may have been lucky. Finance Committee Chairman Max Baucus says that it takes a year, on average, for the IRS to sort out the real tax payer and to issue a refund.

According to a new audit [PDF] out from the Treasury Inspector General for Tax Administration, fraudulent tax returns are becoming all too common. Complaints of this type jumped 579% in the five years leading to 2007, with 20,000 complaints in 2007.

Sadly, the report found that the IRS is doing very little to stop or to prosecute those who commit this form of identity theft. Prosecution is only pursued if the identity theft occurs in conjunction with other criminal offenses.

IRS policy is that the actual crime of identity theft will only be investigated by the Criminal Investigation Division if it is committed in conjunction with other criminal offenses having a large tax effect.

Such a lack of prosecution may explain the huge jump in incidents seen over the last few years.

image: penywise via morguefile ; Tags: identity theft, id theft, fraud, tax fraud, identity fraud, irs, government, irs policy, taxes, tax, criminal

Church Pastor is ID Thief

This small piece of news just goes to show you that identity theft can come from anyone, anywhere.

The former pastor of a Grace Fellowship Church in Pennsylvania, Rev. Raymond Clayton, was charged with bank and wire fraud and aggravated identity theft back in October. Last week, Clayton pleaded guilty in federal court to a count of access device fraud.

Clayton has admitted to using parishioners’ personal information to apply for credit cards. He would then use those credit cards to obtain cash advances and make purchases. In a six month period, Clayton defrauded parishioners of $30,000. He had changed the church’s mailing address to a post office box to cover his scheme.

Since the incident came to light, the 25-year old church community has disbanded. Sadly, this shows just how much of an impact fraud and identity theft can have on not just individuals, but also on communities.

hat tip to schneier, via pennlive Tags: identity theft, id theft, fraud, credit card fraud, pastor

House Identity Theft?

Today’s oddball piece of security news: house identity theft! What is ‘house identity theft’? The FBI say it’s the result of combining identity theft with mortgage fraud - the result of which is house stealing. How the criminals do it:

Pick your house to steal
Assume your identity & create fake IDs
Purchase property tranfer forms from any office supply store
Forge your signature and use your IDs to sign YOUR house over to THEM

Scary, isn’t it? It’s that easy.

The FBI say that mortgage fraud is growing, and its combination with identity theft could grow as well.

Via network world Image credit: melodi2 @ morguefile Tags: identity theft, house stealing, house identity theft, fraud, mortgage fraud

100 Guides to protect your information

VirtualHosting has put together a very well-researched and extensive list of resources to keep your personal information safe. The resources explain how you can prevent credit fraud, identity theft, and the myriad of other ways your personal information can be used against you.

In addition to listing articles, the post also lists a number of blogs that specialize in providing information about identity theft and data security. A number of applications are recommended to keep hackers and phishers at bay, a list of public and private organizations related to ID theft is available, and several books are recommended.

The resources cover areas such as:

the importance of shredding documents
what you should know about bank errors
protecting your information online
how to use a credit freeze
how to opt out of offers
what identity theft is, and how it works
protecting your information when online shopping

Visit the site to read more.

Tags: identity theft, id theft, data security, data protection, identity scams, fraud, prevention

Identity Theft Aftermath Study

Vancouver the Mail Theft Capital of Canada

Canadian Government ID Theft Flyer

The Sophistication of the Underground Data Economy

80% of Americans Worried About Identity Theft

ID Theft Safeguard used to Steal IDs

Tax Season a Time for Fraud

Church Pastor is ID Thief

House Identity Theft?

100 Guides to protect your information

Education Newsletter

Corporate Newsletter

Government Newsletter

Healthcare Newsletter

Recent Posts

Recent Comments

Absolute Links

Links

Subscribe

Categories

Search

Archives

Absolute Software News