The Issue of Identity Theft - Essay Example

Identity theft Order No. 345030 December ‘09 Identity theft Identity theft is a term used to describe all types of crimes where one wrongfully obtains and uses the personal data of another person for fraudulent purposes. This is done mainly for economic gain. According to The Federal Trade Commission (FTC) identity theft is "when someone uses your personally identifying information, like your name, Social Security number or credit card number, without your permission, to commit fraud or other crimes." Today Identity theft in the US is quite widespread causing huge problems for individuals. The FTC has estimated that each year about 9 million Americans have their identities stolen. Personal data like Social security number, credit card number, bank account, etc. are not unique like for instance fingerprints and can be misused when they fall into the wrong hands. In the United States many people have suffered huge losses on account of unauthorized persons withdrawing funds from their bank or financial accounts and very often these persons who have stolen the identity have committed crimes and run huge debts using the victim’s identity. In short a criminal can use an individual’s identity to commit a wide range of crimes such as fraudulent withdrawal of money from banks, apply for credit cards and loans, fraudulent use of telephone calling cards, or buy goods or services which might not have been possible if the criminal had used his name The Internet recently has become the source for criminals to gather identification data, like passwords or banking information. Many people while exploring the Internet in a hurry respond to "spam" ­ or unsolicited email ­ that request identifying data in the pretext of offering some benefits. Here people do not realize that in many of such cases the person who has requested for personal information has no intention of passing on any benefit to them. However Internet is not the only source. Misplaced or stolen wallets containing credit cards or other personal information, stolen laptops again containing personal data can prove easy targets for identity thefts. To prevent any kind of fraudulent use of one’s identity one must have a security policy and certain guidelines in place about what personal information should not be given to third parties especially through electronic means like the email. The guidelines to be followed are: 1) There should be no personal or financial details in any of the emails sent. 2) Open only those mails that have come from known persons or trusted parties. 3) All suspicious mails should be reported to the concerned authorities. 4) Online passwords must be changed frequently and passwords that can be easily be hacked, such as those related to birthdays and anniversaries must be avoided. 5) All credit cards containing personal information must be shredded before throwing them into garbage. 6) Credit cards that have been stolen or its information breached must be frozen immediately. 7) Personal information asked by phishing sites must never be given through email, regular mail or phone. 8) Software like firewall, spy ware and virus software must be used and updated regularly, in order to protect the computer. . There is lot of media attention on identity theft these days. But in most of the cases the attention is on individuals who have become victims. There is not much focus on the fact that businesses too can become targets. It is not that identity theft occurs for individual only. Identity theft is quite common in the business world too. According to a Forbes.com report the numbers of data breaches during the first 11 months of 2009, reported by government agencies and businesses was 435. The report highlighted two major breaches that of Heartland Payment Systems and the National Archive and Records Administration. Fraudsters who indulge in identity theft in recent times have successfully stolen entire corporate identities. Such a scam in the business world is known as company hijacking’. This kind of fraud involves changing the registered address of a business, changing the company director or appointing new directors. If such changes are effected, they can have terrible consequences for businesses. For instance the new directors appointed fraudulently can open new bank accounts and organize goods to be sent to the new address. This can damage the credit rating of the business. If a criminal is able to get enough information concerning a business, it is possible for him to apply for and obtain a corporate credit or debit card and then use it for his personal benefits. When business information is stolen and unauthorized purchases are charged to a company’s account it ruins the credit history of a business. The latest form of identity theft is of medical insurance information. In this case fraudsters are able to obtain medical benefits using some other person’s name. According to some, recession has caused a rise in medical identity theft. These days health records are mostly online making it possible for identity thieves to obtain them. However most of the fraud is carried out by healthcare workers who sell information. In most cases of identity theft in businesses the theft is carried out by corrupt and dishonest employees, as in the case of a certain bank when some eight employees sold account numbers of customers to an unlicensed collection agency supposedly owned by a convicted criminal. Sometimes former employees hack into the networks of their previous company using a known password old job. They also have inside knowledge of the company. Then there are professionals and also amateurs who spend long hours on the Internet looking for computers that are not protected. When they do find one they try to hack it and get whatever personal or customer they can and pass it on to people who may need them. These days there are so many sites on hacking that one can learn the art of hacking free of charge. Computer systems of small businesses are more vulnerable to identity theft. Here one can have easy access to things like credit card records or payroll records since they are usually unguarded. Also most of the small businesses do not keep access logs and therefore when information gets stolen, they are probably not even aware of it. It is through computer hacking that most of the frauds are carried. But there are many more ways in which it is done. Some routine things like misdirected mails, lost laptops, human error or disclosure of information by accident may cause identity theft. Sometimes identity thieves forge letterheads of a company and with it pose as business partners of larger business houses and gain trust before they engage in fraudulent activities. Another form of business ID theft occurs when payroll checks are forged. Sometimes persons who want passwords of companies that have been given by Companies House so that they can file documents electronically, phone business houses and ask for verification of their passwords to get these passwords. Hence businesses should never disclose the passwords over the phone as Companies House does not ask for such information over the phone. Once one comes to know that one’s business has been subjected to a scam or fraud, one needs to take immediate action. The first step is to stop the fraud from continuing further, assess the extent of the damage and clear up the damage. The next course of reaction is : 1)To inform the Police, 2) To check bank statements for unexplained transactions 3) To carry out a credit check of the business so that any changes in the credit conditions can be detected 4) To ensure that payment is being made for goods and services actually received 5) To hire an IT Security Specialist to carry out investigations and make corrections in the system if it is found that the IT system has been breached and that the fraud has been perpetrated through the system. Another step that can be taken when one realizes that identity theft has taken place one is to approach companies that specialize in protecting people from identity theft and deal with the consequences of fraudulent activity. There are many companies that help in protecting data and many companies that have solutions that deal with the aftermath of stolen data. Such companies have products that make it possible for clients to freeze their credit, receive credit reports, and monitor use of credit card. They also provide companies which are victims of data theft a response plan for the crisis. The loss because of identity theft is quite enormous. It may take a lot of time to clear up the consequences of an identity theft and even the viability of a business may come under threat. Some companies especially small businesses fail to take appropriate security measures. This is probably because they are not aware of the consequences of identity theft. They are probably not aware that an Identity thief can gain access to a business account, create new business accounts, get credit in the name of the business from which the identity has been stolen, steal information about clients or employees for fraudulent purposes, sell this information, do business in company’s name and sometimes even change the name of the business. All this can lead to lowering of business credit ratings of the business and unauthorized purchases when made with stolen identity can ruin credibility. Identity thieves can also raise and get into illegal business deals. Small business may entirely lose their business. Also the recently enacted Fair and Accurate Credit Transactions Act (FACTA) can make business owners legally responsible and sue and fine them and can even try them as defendants in lawsuits if an employee’s or customer’s identity is compromised because of the identity theft. Identity theft issues can even be tried in criminal courts for negligence in securing sensitive information. However many companies these days are increasingly becoming aware of the risks of identity theft and are actively seeking solutions and forming strategies to overcome the problem of identity theft. They have realized that prevention is better than cure. Although there is no hundred percent foolproof method for protecting data there are many ways by which companies can keep information safe. Most of the major businesses use secure storage, data encryption, data access authorization, firewalls and network and PC monitoring to protect their sensitive information. John R. Vacca, has suggested that a multi pronged approach is necessary to prevent this crime. According to him businesses should limit the number of employees who have access to sensitive information, outsourcing companies should be screened thoroughly, and thirdly sensitive data must be encrypted in the computer network. It has become absolutely necessary for companies to constantly look for unauthorized transaction in their network and monitor individual computers too for suspicious activities in them. Any sensitive information needs to be encrypted when it has to be stored or transported. Before sharing information companies should scrutinize who they are sharing information with. All employees have to be trained for securing information. One has to protect important information that includes name, address and social security number. When such risks and consequences a mentioned above are associated with identity theft and the stakes running high protecting businesses from identity thefts must be high on the priority list of things to be done to run a business successfully. Business should formulate a strategy to overcome this problem and here it is necessary that the strategy should include the following things: 1. All unnecessary documents that contain sensitive information should be shredded. Papers containing important information should not be left in places where anyone can have access to them. "The more paper you have, the more your company is at risk for fraud," says Johnny May. Shredding can be done by shredders or if the amount of paper to be shredded is too large service providers who specialize in this may be hired. 2. Only certain employees of an organization should be allowed access to sensitive personal information and the background of such employees must be checked regularly. They should be trained to recognize people who are imposters and might trick them into voluntarily disclosing personal information. 3. Conduct regular security checks of systems for breaches 4. Computer having sensitive information must be protected by security software such as firewalls and encryption that prevent computers from being hacked 5. There should be regular credit checks of social security number and employer identification number to detect suspicious activities and to detect whether anyone else is obtaining credit. 6. It is advisable to use online banking and payroll services. Research has shown that use of these two services has prevented one million cases of identity thefts per year. Online services prevent papers containing sensitive information from falling into wrong hands. 7. Secure the premises of the business with locks, alarms and guards so that thieves do not break in and steal sensitive information 8. Put business records in locked drawers so that only authorized persons have access to them. Do not be careless with records. It has been reported that a certain bank packed records containing financial secrets of many customers and sent it through an UPS truck. The box could not be traced. Sometimes information stored in laptops is left here and there waiting to be stolen. 9. Do not reveal information over phones 10. Access to computers should be limited and password protected so that outsiders do not have access to computers. 11. Disconnect the computers of ex-employees immediately as many times it is the ex-employee who divulges details to competitors 12. If a business has a website the information put on it must not contain sensitive data like financials or customer bases. In addition to all this it is absolutely necessary to formulate a security policy that will educate employees on identity theft and data protection. There should be guidelines about use of email, email filters and what should be done with suspicious email. The policy should have guidelines about the safe ways of using internet and include such things as browser security settings and disconnection of internet after every use. It should also have guidelines how to protect customer information. In conclusion it can be said that people in the US today have a new kind of theft they have to fear and that is the theft of their identity. Someone can get hold of a person’s credit card information or Social security number or bank account information or any other personal data and with this commit crimes ranging from purchasing goods with a stolen credit card to opening of bank accounts to issuing checks under another name causing immense monetary loss to the victim. Therefore the FTC encourages people to scrutinize bills and bank statements closely for fraudulent activity, and to dispute unauthorized transactions immediately and even file a police complaint when there a problem.Today it is easy for criminals to obtain personal data without breaking into homes. In the past thieves used to search in mailboxes, or in snatched purses or garbage bins for bank statements or credit card receipts. But now it is mainly the Internet that is being used to obtain sensitive information. Identity theft has reached such alarming proportions that government also considers identity theft a serious threat and new laws are being enacted to protect people from becoming victims. Businesses are also taking extra precautionary measures to get rid of the problem of identity theft as it has affected them too enormously. For a business to put a strategy in place may involve time and expenses. But with identity thefts on the rise taking these necessary steps is absolutely essential to protect the business. Companies have to strike a balance between making profit and implementing strategies to secure their business and prevent identity theft. References 1. Federal Trade Commission (FTC), http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html 2. Forbes.com, http://www.forbes.com/2009/11/24/security-hackers-data-technology-cio-network-breaches.html 3. May Johnny, Quote retrieved from http://findarticles.com/p/articles/mi_m0DTI/is_4_31/ai_99388252/ on 11/12/09 4. Vacca R. Quite retrieved from findarticles.com/p/articles/mi_m0DTI/is_4.../ai_99388252/ on 11/12/09 Read More