Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Theft CPEs for CPAs Program Georgia Perimeter College December 9, 2005.

Similar presentations


Presentation on theme: "Identity Theft CPEs for CPAs Program Georgia Perimeter College December 9, 2005."— Presentation transcript:

1 Identity Theft CPEs for CPAs Program Georgia Perimeter College December 9, 2005

2 Could You Be at Risk?

3 Identity Theft What is it? Who commits it? How does it happen? What are the possible consequences? How can I prevent it? What must I do if it happens to me?

4 What Is Identity Theft? n : the co-option of another person's personal information (e.g., name, social security number, credit card number, passport) without that person's knowledge and the fraudulent use of such knowledge -- dictionary.com

5 Federal Identity Theft and Assumption Deterrence Act 18 U.S.C. § 1028(a)(7) Federal law passed in 1998 Prohibits “knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.”

6 Other Related Federal Statutes 18 U.S.C. § 1028 – identification fraud 18 U.S.C. § 1029 – credit card fraud 18 U.S.C. § 1030 – computer fraud 18 U.S.C. § 1341 – mail fraud 18 U.S.C. § 1343 – wire fraud 18 U.S.C. § 1344 – financial institution fraud

7 Georgia Statute § Identity Fraud Law “A person commits the offense of identity fraud when without the authorization or permission of a person with the intent unlawfully to appropriate resources of or cause physical harm to that person, or of any other person, to his or her own use or to the use of a third party he or she: (1) Obtains or records identifying information of a person which would assist in accessing the resources of the other person; or (2) Accesses or attempts to access the resources of the other person through the use of identifying information.”

8 Identifying Information Names (current or former) Social Security numbers Driver’s license numbers Bank account/credit card numbers Birth dates Tax identification numbers Medical identifications Many other data items

9 Statistics Source: Federal Trade Commission Identity Theft Data Clearinghouse report Over 635,000 consumer identity theft & fraud complaints received in % classified as fraud, 39% identity theft. Up 50% since Reported losses of over $547 million. 27,300,000 million victims in past 5 years

10 Statistics (cont.) RankID Fraud TypeNo. of VictimsPercentage 1Credit Card Fraud2,06828% 2Bank Fraud1,60922% 3Phone or Utilities Fraud1,31718% 4Government Documents or Benefits Fraud 75410% 5Employment-Related Fraud5567% 6Loan Fraud4446% Other1,72323% Attempted Identity Fraud4726%

11 Statistics (cont.) Source: GA Stop ID Theft Network 2,592 victims reported in Georgia in 2001 Seventh-highest in nation Atlanta was 11 th among major cities for reported identity theft in 2004 according to FTC

12 Statistics (cont.) Source: ChoicePoint Data Disclosures Report, 2005 As of Nov. 15, 125 data disclosure incidents this year 57 million people potentially affected

13 Note: Actual number of identity theft cases is surely higher Many other identity theft cases may be reported as other forms of crime

14 Statistics (cont.) Losses to banks and final institutions Estimated $48 billion in 2003 Average loss per business victim $10,200 Average loss to individual victims $1, or more hours resolving problems over two or more years

15 Who Commits Identity Theft? Professional thieves Strangers Employees of businesses Family members and relatives Friends/acquaintances

16 Who Commits Identity Theft? An estimated nine percent of ID theft cases involve family Another ten percent of ID theft cases involve someone with another form of personal relationship (friend/ acquaintance, co-worker, etc.)

17 Who Commits Identity Theft? Phillip Cummings Employee of a New York technology company Illegally downloaded thousands of credit reports and sold information overseas Over 30,000 people victimized Federal Bureau of Investigation website

18 Who Becomes a Victim of Identity Theft? Michelle Brown Identity stolen by a receptionist from a rental application The Michelle Brown Story, Lifetime Channel The Michelle Brown Story, Lifetime Channel

19 Who Becomes a Victim of Identity Theft? Abigail Kelly Identity stolen by her sister Lost her job as a result of arrest warrant for unpaid bills Obtained civil judgement against sister 60 Minutes story, September 12, 2004

20 Who Becomes a Victim of Identity Theft? Bryonn Bain Harvard Law School graduate, poet, adjunct professor at NYU Arrested in NYC in 1999 for a crime that he and friends witnessed someone else commit Charges were dismissed five months later after four court appearances

21 Who Becomes a Victim of Identity Theft? Byronn Bain (cont.) Identity stolen at least seven times after initial arrest Arrested on three outstanding warrants in November, 2002 Released only after court appearance where assistant DA recognized him as a law school classmate

22 How Does Identity Theft Occur? Many non-technological methods “Dumpster diving” Dishonest employees Mail theft/interception Masquerading and “Social hacking” “Shoulder surfers” Telemarketing scams

23 How Does Identity Theft Occur? (cont.) Technological methods Wireless communication interception Cell phones Wireless networks Camera phones Software Viruses/Hijacking Spyware

24 How Does Identity Theft Occur? (cont.) More technological methods Credit card “skimming” Spy cameras in ATMs “Phishing” and “Pharming”

25 Example of “Phishing” received 12/7/2004 Supposedly from Suntrust Bank Indicates possible fraudulent use of my account

26 Example of “Phishing” (cont.)

27 Please click the link below to reactivate your account: https://www.suntrust.com/internetBanking/RequestRouter?requestCmdId=Reactivate Sincerely, SunTrust Security Department

28 Potential Consequences to Victims Financial Civil Criminal

29 Financial Consequences Direct monetary losses Often least of victim’s problems Usually limited if fraud reported in timely fashion

30 Financial Consequences Credit cards No liability if reported before misuse $50 per credit card if reported after misuse

31 Financial Consequences ATM/Debit cards No liability if reported before misuse $50 per card if reported within two business days $500 per card if reported within 60 days of statement showing unauthorized transaction

32 Financial Consequences Checks Bank is liable for losses from forged checks, IF you notify them in timely manner

33 Financial Consequences (cont.) Indirect monetary losses Lost time/wages Costs of photocopying/mailing Attorney’s fees Credit Denial of credit based on erroneous information Increased rates for loans/mortgages

34 Civil Consequences Lawsuits Loss of current job Failure to be hired for new job

35 Criminal Consequences Approximately 15% of victims obtain a criminal record due to identity theft Almost impossible to completely remove criminal record once it is in law enforcement databases

36 How Can I Prevent It? Total prevention is impossible! Minimize risks as much as possible Protect four primary areas Information Property Documents Technology

37 Protect Your Information Do not give out information unnecessarily! Ask why a piece of information is needed You can refuse to give information, but you may not receive the service in return Do not use your Social Security number as an identification number Needed by IRS, SSA

38 Protect Your Information (cont.) Make sure you know who is requesting the information Are they legitimate? Do not give out personal information unless you initiate the call/

39 Protect Your Information (cont.) Do not give out personal information over a cell phone

40 Protect Your Information (cont.) Be especially cautious with Social Security number Passport number Bank/credit account numbers These are the most dangerous items in the wrong hands

41 Protect Your Information (cont.) Check your credit reports regularly Federal law allows you one free copy of each bureau’s credit report annually See for informationhttp://www.annualcreditreport.com/ Georgia law allows you TWO free copies of each credit report annually Must contact each credit bureau separately

42 Protecting Your Information (cont.) Optimal method for checking credit reports Per Clark Howard’s suggestion Every four months, request one credit report

43 Protect Your Information (cont.) Why check all three credit reports? Not all creditors report to all credit reporting agencies Information on one report may be inaccurate even if it is correct on the other reports Incorrect information must be cleared up on each report separately

44 Protect Your Information (cont.) Should you use a credit monitoring service? In most cases, no Exception is if you are already a victim of identity fraud Note: credit bureaus will try to sell you credit monitoring when you request free reports. Be aware!

45 Protect Your Information (cont.) Run a public records search annually Available free from ChoicePointChoicePoint Allows you to check publicly available data about yourself for accuracy Can provide clues that identity fraud has occurred

46 Protect Your Information (cont.) Guard PINs and other identifiers from spying Consider using electronic bill delivery/ bill paying services Removes possibility of mail theft Allows earlier detection of unauthorized activity Encourages more careful monitoring of financial activity

47 Protect Your Information (cont.) Keep a record of all bank/credit account numbers along with phone numbers Keep a photocopy of your wallet contents and passport in a safe place

48 Protect Your Information (cont.) Opt out of sharing personal information Pre-screened credit offers Call OPTOUT Credit Bureau marketing lists Write each credit bureau Telemarketing offers Registration good for five years

49 Protect Your Information (cont.) More opt-out options Direct mail marketing Registration good for five years marketing Regustration good for one year

50 Protect Your Information (cont.) Omit personal identifying information from resumes and job applications You will eventually have to provide this if hired Should not be needed until late in hiring process If demanded early, do you really want to work there?

51 Protect Your Property Keep property secured at all times Purses/briefcases/wallets Electronics

52 Special Considerations for Mail Use a locked mailbox, or pick up mail promptly Place all outgoing mail in secured mailbox Keep track of billing cycles Make sure all expected mail is actually received

53 Protect Your Property (cont.) Carry only necessary items in purse/wallet Minimize number of credit cards Do not routinely carry Social Security card, passport or birth certificate Only carry if you need it that day

54 Protect Your Property (cont.) Do not carry checkbook unless absolutely necessary Includes deposit slips and carbons as well Documents contain bank routing information With this, thieves can easily completely loot your bank account

55 Protect Your Documents Store identifying documents in a safe, locked place Home: locked cabinet Especially important if you do not trust other occupants or have outsiders in the home

56 Protect Your Documents Business: locked filing cabinet with limited key access Critical because of business liability Georgia law – up to $10,000 fine PLUS unlimited civil liability

57 Protect Your Documents (cont.) Shred personal documents before throwing away Credit card statements/receipts “Courtesy” checks Credit offers Old cancelled checks Expired credit cards Any document with identifying information

58 Protect Your Documents (cont.) Shred business documents before throwing away Client/customer information Outdated files Any document with identifying information

59 Protect Your Technology Technology protection is a complex issue! Mixture of safeguards required to handle different types of problems

60 Protect Your Technology (cont.) Physical security Control access to computers Minimize storage of sensitive data on laptop computers

61 Protect Your Technology (cont.) Keep safeguards up to date Operating system updates Security program updates New types of attacks arise weekly Schedule automatic updates and use them

62 Personal Electronics Password protection is a minimum level Inconvenience of entering password outweighed by security Set up a password on PDAs Entry required when powered on

63 Personal Electronics (cont.) Set up login password on ALL computers Do not allow “guest” accounts on computers With Windows, accounts can be bypassed Never allow automatic login

64 Personal Electronics (cont.) If possible, set up BIOS password on laptops Cannot start up laptop without entering password Caution: if you forget this password, NO ONE can get into your computer

65 Password Choices Choose passwords that are Combinations of letters, numbers, and symbols Do not contain any identifying data Birth dates Family members’ names/variations Are at least eight to ten characters long

66 Password Security Do not write down passwords or PINs Especially don’t keep written passwords or PINs with the item using them! Do NOT give ANYONE your password or PIN

67 Changing Passwords Do not use the same password for everything Change your passwords regularly However, it’s better to use a “good” password badly than to use “bad” passwords well

68 Data Files Do not make sensitive files accessible through network Disable file sharing If files must be shared, password-protect them

69 Data Files (cont.) Simply deleting a file is not enough! Files remain in the Recycle/Trash bin after deletion Recovery from here is simple Must either specifically delete files from Recycle Bin or empty Recycle Bin

70 Additional Protection for Companies Authenticate all access to sensitive electronic data Require ID and password for access Disable network access of terminated employees IMMEDIATELY

71 Additional Protection for Companies (cont.) Limit physical and logical access to company databases Create, implement, and enforce a specific data access policy “need to know” basis for data access

72 Discarding Computer Equipment Computer hard drives Data can be recovered even after formatting Only safe way to ensure removal is to use a data wiping utility Darik’s Boot and Nuke claims to wipe drives to DOD standards

73 Discarding Data Disks Removeable data disks can be recovered and read Physically destroy disks before discarding Shred if possible CDs can be microwaved for no more than three seconds to destroy data

74 World Wide Web Security Make sure the web site you are using is the one you think you are using Don’t click on links in s unless you can be sure you are going to that site Manually type in URL into your browser If the URL indicates a numeric address instead of a domain name, BEWARE

75 World Wide Web Security (cont.) Make sure you are using Secure Socket technology if sending personal information to a trusted web site Indicated by Lock icon at bottom of browser window https:// prefix on site URL (not

76 I’m a Victim – What Do I Do Now? Some measures apply to all cases Others only for certain situations

77 Record-keeping Send all correspondence Certified mail Return receipt requested Keep EXCELLENT documentation Log all phone contacts Company name, contact name, date, time Keep copies of all correspondence you send File ANYTHING you receive that MAY relate to the situation

78 For All Cases Immediate steps Within 30 days Long-term steps Over next several months/years

79 File a Police Report Contact local law enforcement Georgia law requires that Law enforcement must take report Report must be forwarded to Governor’s Office of Consumer Affairs Consumer Affairs will forward to Georgia Crime Information Center

80 File a Police Report (cont.) Get copies of the law enforcement report Keep for your records Send copies to creditors when reporting fraudulent activity

81 Notify Credit Bureaus All three credit bureaus should be alerted Equifax – Experian – TransUnion –

82 Notify Credit Bureaus Call first, follow up in writing Certified mail, return receipt Request fraud alerts on your files Normal duration of fraud alert is 90 – 180 days Request, in writing, extension for seven years

83 Notify Creditors Call first, follow up in writing Notify ALL creditors Banks Credit card companies Other lenders Phone companies Utilities ISPs and other service providers

84 Notify Creditors Existing creditors Report fraudulent activity immediately Cancel existing account Request replacement cards with new account numbers

85 Notify Creditors Fraudulently obtained accounts Take action as soon as you discover existence of account State that you never requested account Provide with copy of police report and fraud affadavit Request that account be closed Get confirmation in writing

86 Get Credit Reports Should be automatically sent at no charge when fraud alert is filed Review carefully for inaccurate information Remember that some inaccurate information may predate the crime Dispute all inaccurate information in writing

87 Report the Crime Federal Trade Commission Fill out FTC’s ID Theft Affidavit Many companies will accept as documentation Others insist on their own paperwork

88 Report the Crime U.S. State Department (passport agency) Notify whether or not you have a passport Social Security Administration If Social Security number is compromised

89 Report the Crime (cont.) U.S. Postal Inspection Service/ local Post Office If mail fraud or change of address is involved Also consider renting a locked post office box

90 Report the Crime (cont.) Department of Motor Vehicles If a motor vehicle is involved Internal Revenue Service/ Georgia Department of Revenue If fraudulent tax returns are involved

91 Special Steps Bank accounts If checks are stolen or misused, contact ALL check approval agencies CheckRite: (800) Chexsystems: (800) CheckCenter/CrossCheck: (800) Certigy/Equifax: (800) International Check Services: (800) SCAN: (800) TeleCheck: (800)

92 When Criminal Activity is Involved In addition to the above, you MUST take additional steps Failure to do this could result in Arrest Jail time Significant expense to repeatedly clear your record

93 When Criminal Activity is Involved (cont.) Have local law enforcement confirm your identity Fingerprints Photograph Copies of identifying information Have them send information to other jurisdictions involved as well

94 When Criminal Activity is Involved (cont.) Request a “key name switch” in databases Entry should be under impostor’s actual name If not known, as “John/Jane Doe” Make sure your name is listed as an alias, not as real name Include local, state, federal databases

95 When Criminal Activity is Involved (cont.) Obtain a clearance document Called by different names: Clearance letter – Mis ID Certificate of release Make multiple copies of this document Carry a copy with you at ALL times Make sure a trusted friend/family member has a copy

96 When Criminal Activity is Involved (cont.) If all else fails, hire a criminal defense attorney with experience in this area If the perpetrator is caught, you can ask for this (and other) expenses as restitution

97 Long-Term Damage Control Do NOT pay any fraudulent charges/bills/ checks Use Fair Credit Reporting Act provisions to your advantage Continue to get credit reports regularly (at least every six months) Carefully monitor all financial activity

98 Long-Term Damage Control (cont.) Carefully monitor mail Do NOT change your Social Security number Causes many more problems than it solves

99 Resources -- Federal Agencies Federal Trade Commission Department of Justice Social Security Administration U.S. Postal Inspection Service

100 Resources – State Agencies Georgia Stop Identity Theft Network

101 Resources -- Nonprofit Organizations Better Business Bureau Identity Theft Resource Center Privacy Rights Clearinghouse

102 Acknowledgements Andrew Sledge, Desktop Technician, OIT, Georgia Perimeter College Spyware and computer security information Hunter Eidson, System Administrator, Georgia Perimeter College Computer security information

103 In Closing This presentation is available online at


Download ppt "Identity Theft CPEs for CPAs Program Georgia Perimeter College December 9, 2005."

Similar presentations


Ads by Google