Citizen Consumer Beware, Gov’t and Institutions Leak Most

The latest news on cybercrime and ID theft is grim. Several recent reports suggest that criminal financial activity is growing faster than ever. The perpetrators are rarely caught but the damage they do accounts for billions of dollars a year. Many people think the criminals are found mostly online however, a story by published Monday in CanWest newspapers suggests that the majority of ID theft comes from poorly managed government sources.
According to a report by Symantec Corporation as much as 25% of the personal data stolen by ID thieves comes from computers in government offices. The health care industry and educational institutions come in second and third with 20% and 14% respectively. That means that over half of the personally identifying data used to usurp and exploit another person’s credit comes from off-line sources. It simply walks out their doors. Surprisingly, on 14% of the personally identifying information traded among cyber-criminals actually comes from hacking.
The executive editor of the Symantec report Dean Turner says, “The major cause is theft or loss — stealing hard drives out of machines. Governments have a wealth of information on various groups and individuals.” Thieves use micro storage devices such as thumb drives, data sticks and MP3 players to transport electronic information.
To make matters even scarier, there are different laws covering the responsibility to report data theft for government and private businesses. There are also differing regulations between national jurisdictions with the United States having far stricter reporting and monitoring rules than Canada or European nations. Canadian consumers are especially vulnerable.
In a high profile case from February of this year, the Canadian discount clothing store chain Winners reported a series of data thefts dating back to 2005! Though they had been aware of the issue for some months, there was no law requiring parent company TJX Co. to report it. In all, tens of thousands of Canadian consumers did not know their credit card information had been exposed for several months, in some cases, almost two years.
According to Visa Canada, credit card fraud accounts for over $300million in loses annually. That’s only in Canada, a nation with less than one tenth the population of the United States.
According to a recent US Federal Trade Commission report, there were 246,035 complaints of ID theft in 2006 making it, by far, the most reported type of fraud for a seventh year in a row.
Laptop computers stolen from US Veterans Administration facilities as recently as January of this year are said to have contained personal data on over 26-million current and former armed forces personnel. One theft in May compromised social security data on literally every service-person since 1975!
On the Internet, Symantec warns of malicious code added to some websites that can access information as it is entered by individual computer users. Saying this type of fraud is on the increase, Symantec warns online consumers to make personal security their priority. In an interview with Erika Morphy at TechNewsWorld, Symantec Security VP Alfred Huger said, “The trend has always been there — hackers have always been interested in financial gain. Now, though, it seems that every piece of malicious code on the Internet somehow ties back to data theft.”
Online fraud has always been around but now the focus seems to be on the theft of personal data. Huger said the trend became a solid underground economy in 2006. There are chat-rooms in which your personal information is sold. Credit card numbers can go for as little as $1! The glut of personal information available online has pushed the price of enough personal information to construct a believable ID down to about $14 - $18 per identity.
ID theft has a long history, one that is difficult to stop.
Jim Wilkins got off easily the first time. As reported last week by seMissourian.com, Mr. Wilkins was a victim of ID theft in 1996. He does not yet know the extent of the damage done when a series of preauthorized checks sent to him from California by the Bank of America were somehow intercepted and stolen in Texas. He does know that the BofA is taking responsibility for the $9200 in fraudulent checks written against his account.
Unfortunately, the Bank of America can’t help him recover issues dating back to a fraudulent student loan taken out against his name in 1986 or the $38,500 in child support payments someone using his ID owed the Seattle Child Support Enforcement Agency. Now age 59, Mr. Wilkens was first stung by ID thieves twenty one years ago. The damage to his credit rating has followed him ever since.
Imagine how it can affect young citizen consumers if their ID is stolen early. Getting the credit reporting agencies to alter records adulterated by fraud is extremely difficult, expensive and time consuming.
It can get even more complicated when private third party businesses hired by government agencies fail to provide adequate protection. In 2005, LexisNexis announced that the personal data of 32,000 users was stolen from a company it had acquired a year before, Seisint. Estimates of the number of consumers affected quickly grew to over 310,000 during the subsequent investigation. Seisint produced the Multistate Anti-Terrorism Information Exchange, better known as the MATRIX. Consumer citizens beware…
Protective Measures
There is very little one can do to protect themselves from government or institutional carelessness. Bits of your personal information are held by hundreds of civic, state, federal, religious, educational and financial agencies. In some cases, the theft is committed by employees. In others, it is committed by hackers.
Your first line of protection has to come from the government itself. Everyone has civic, state and federal representatives. Use them. Make their offices aware of the problem and, with the assistance of consumer rights groups in your area, lobby for stricter accountability from public institutions.
The next line of defense is your personal financial institution. Get to know your bank manager personally. Get his or her card and make sure they know your name. Your bank manager is a powerful ally to have on your side if you fall victim to ID theft. If you only bank online, this might be more difficult. There is something to be said for doing things the old-fashion way from time to time.
You are ultimately responsible for keeping your own financial records in order. Know the state of your accounts at all times. Keep receipts and records. When it comes time to prove you are victim of ID theft, you will be asked to provide your version of a financial history. If you can, you have a far better and easier chance of regaining control of your credit rating.
The Federal Trade Commission has a resource page for American consumers who fall victim to ID theft. On it is a sample FTC ID Theft Affidavit that outlines much of the evidence individuals will need to provide to retake control of their ID.
For Canadian consumers, the federal government publishes a lengthy FAQ that covers virtually all forms of ID theft at safecanada.ca/identitytheft_e.asp.
You are also responsible for keeping your personal information secure on your electronic devices. The Internet is as convenient for criminals as it is for you or I. Be absolutely certain your computer is clean at all times. This will cost you money. Putting your trust in free anti-virus, spyware or malware detectors is absurd. Remember nothing really comes for free online. Spend the money. Hopefully you’ll never know it was worth every cent.

--------
By Jim Hedger