Identity Theft What is it? Growing incidence of high-tech How does it happen? How can I prevent it?
What Is Identity Theft? n : the co-option of another person's personal information (e.g., name, social security number, credit card number, passport) without that person's knowledge and the fraudulent use of such knowledge -- dictionary.com
Federal Identity Theft and Assumption Deterrence Act 18 U.S.C. § 1028(a)(7) Federal law passed in 1998 Prohibits “knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.”
Georgia Statute §16-9-121. Identity Fraud Law “A person commits the offense of identity fraud when without the authorization or permission of a person with the intent unlawfully to appropriate resources of or cause physical harm to that person, or of any other person, to his or her own use or to the use of a third party he or she: (1) Obtains or records identifying information of a person which would assist in accessing the resources of the other person; or (2) Accesses or attempts to access the resources of the other person through the use of identifying information.”
Identifying Information (Partial List) Names (current or former) Social Security numbers Driver’s license numbers Bank account/credit card numbers Birth dates Tax identification numbers Medical identifications
Statistics Source: Federal Trade Commission Identity Theft Data Clearinghouse report Over 674,300 consumer identity theft & fraud complaints received in 2006 36% classified as identity theft, 64% as other fraud. Reported losses of over $1.1 billion (up from $547 million two years earlier).
Statistics (cont.) Georgia's statistics 8,084 cases reported to FTC in 2006 Sixth-highest in nation
ID Theft in Atlanta -- 2006 Atlanta-Sandy Springs-Marietta, GA Metropolitan Statistical Area Theft Type Complaints Percentage Credit Card Fraud1,39824.5 % Bank Fraud1,14220.0 % Phone or Utilities Fraud 91316.0 % Government Documents or Benefits Fraud 76713.4 % Employment-Related Fraud 467 8.2 % Loan Fraud 292 5.1 % Other Identity Theft1,40424.6 % Attempted Identity Theft 339 5.9 % Total:5,710
Statistics (cont.) Losses to banks and final institutions Estimated $48 billion in 2003 Average loss per business victim $10,200 Average loss to individual victims $1,180 175 or more hours resolving problems over two or more years
Who Commits Identity Theft? Professional thieves Strangers Employees of businesses Family members and relatives Friends/acquaintances
How Does Identity Theft Occur? Non-technological methods still used “Dumpster diving” Dishonest employees Mail theft/interception Masquerading and “Social hacking” “Shoulder surfers” Telemarketing scams
How Does Identity Theft Occur? (cont.) Technologically-based theft is growing exponentially Wireless invasion/interception Malicious software “Phishing” and “Pharming” schemes
Wireless Invasion/ Interception Unsecured wi-fi networks Public, “open private” or poorly secured Unsecured computers Missing password protection “Clear data” transmissions Failure to use encryption techniques Failure to use secure sites
Malicious Software Keyloggers and screenloggers monitor data as user inputs it, send data to remote servers for exploitation Email/IM redirectors intercept legitimate communications, relay copies to unintended destinations Session hijackers and web trojans mimic legitimate websites but aren't
Malicious Software (cont.) System reconfiguration attacks modify network settings on user's computer “Pharming” -- redirection to a fake website
Data Characteristics Used in conjunction with malicious software Certain programs store data in known locations Many types of data follow specific patterns
How Can I Prevent It? Total prevention is impossible! Minimize risks as much as possible Use common sense!!!
Protect Your Information Do not give out information unless you must! Ask why a piece of information is needed You can refuse to give information, but you may not receive the service in return Do not use your Social Security number as an identification number Needed by IRS, SSA
Protect Your Information (cont.) Make sure you know who is requesting the information Are they legitimate? Do not give out personal information unless you initiate the call/email/web site visit
Protect Your Information (cont.) Be especially cautious with the “big three”: Social Security number Passport number Bank/credit account numbers
Protect Your Technology Control access to computers and networks Passwords Minimize visibility Minimize storage of sensitive data on insecure systems If you must, encrypt it!
Protect Your Technology (cont.) Keep safeguards up to date Operating system updates Security program updates Schedule regular system maintenance Scan at least weekly
Protect Your Data Never send important data to unsecure sites Look for https: as the start of the web address When using public computers Always close programs you've used Always log out properly Always clear cache and other private data
Further Reading GetNetWise http://getnetwise.org/ Protecting Your Identity in the Virtual World http://www.bbbonline.org/idtheft/virtual.asp The Crimeware Landscape http://antiphishing.org/reports/APWG_Crime wareReport.pdf http://antiphishing.org/reports/APWG_Crime wareReport.pdf
Resources -- Federal Agencies Federal Trade Commission http://www.consumer.gov/idtheft/ Department of Justice http://www.usdoj.gov/criminal/fraud/idtheft.html Social Security Administration http://www.ssa.gov/pubs/idtheft.htm U.S. Postal Inspection Service http://www.usps.com/postalinspectors/welcome2.htm
Resources -- Nonprofit Organizations Better Business Bureau http://www.bbbonline.org/IDTheft/ Identity Theft Resource Center http://www.idtheftcenter.org/index.shtml Privacy Rights Clearinghouse http://www.privacyrights.org/identity.htm
Opt-Out Resources http://www.dmaconsumers. org/offemaillist.html Email marketing http://www.the-dma.org/ consumers/offmailinglist.htm Direct mail marketing http://www.donotcall.gov/Telemarketing offers Write each credit bureau individually Credit Bureau marketing lists 1-888-5-OPTOUTPre-screened credit offers
In Closing This presentation is available online at http://www.gpc.edu/~jbenson/presentations/idtheftgaae.ppt http://www.gpc.edu/~jbenson/presentations/idtheftgaae.ppt