ID Insurance

Crossing the Chasm: Deterrence to Defeat

• By Reginald Ball
• Oct 02, 2008

In this age of widespread easy access to personal information, identity theft has become the fastest growing and most lucrative crime in America. Everyone is vulnerable. Identity theft protection is rapidly becoming a necessary form of coverage, much like auto, home and life insurance. Numerous companies, from insurance providers to pure identity theft protection services, offer Americans preventive controls and credit recovery services. But who is going after the root cause -- the criminal? If you don't stop the criminal, you cannot stop the crime.

How Far We've Come
To our good fortune, most are recognizing identity theft as a serious security problem in our country. Many identity theft fraud monitoring services have come to market adopted by consumers -- an indication that consumers are taking action and are aware of the need to protect themselves. The Federal Trade Commission (FTC) has organized several solid, focused initiatives, targeted at better understanding perpetrators' theft patterns in the hopes of uncovering and alerting consumers to basic theft tactics.

Earlier this year, the FTC surveyed recent identity theft victims to learn how to improve enforcement efforts and consumer education. The survey also aimed to uncover the degree of individual success in using available legal remedies to respond to the incident. (According to this report, total consumer fraud losses totaled $1.2 billion in 2007, with the average monetary loss for an individual at $349.) In 2006, President Bush issued an executive order to enact a strategic plan to make the government's efforts more effective and efficient in the areas of identity theft awareness, prevention, detection and prosecution.

Keeping with this trend in growing awareness of the identity theft problem, Congress has taken action as well. In January, Sen. Wayne Allard (R-Colo.) submitted a bill to help stop identity theft by illegal aliens, linking identity theft to a high-profile national issue. Additionally, large organizations like the Northwest Federal Credit Union are investing in identity theft protection services for thousands of employees, illustrating the earned trust of identity theft protection services on the forefront of today's progressive businesses. Cumulatively, these facts are indicators that identity theft is a current, serious security concern.

A Necessary Evil
Recently, the Justice Department charged 11 people with stealing and selling more than 40 million credit and debit card numbers. This news was labeled the largest hacking and identity theft case ever prosecuted; it quickly got America's attention and has kept our eyes and ears on identity theft news since. People are wondering how to protect themselves in a world where frequent swiping of debit and credit cards is not only an everyday occurrence, but for many consumers, it is a necessity.

Simply, we exchange our personal information to survive -- be it bank account numbers to buy groceries or a social security number (SSN) to receive medical services. We entrust our employers with all of our personal information for payroll, 401Ks and insurance. Whether we like it or not, our personal information will always be required in order for us to operate effectively in society.

As security professionals know, while there are certainly measures one can take to be "street-smart" about sharing personal information, identity thieves are growing in number and in ability. Rather than focus on how society got here, the question we must ask ourselves is how can we protect ourselves should we become victimized? Sadly, if identity theft hasn't touched us yet, statistically speaking, it probably will.

You Cannot Prevent the Crime Unless You Stop the Criminal
An identity thief will use a victim's stolen information an average of 30 times. Today, an American becomes a victim of identity theft every three seconds. And according to the FTC, on average, each of these victims spends 600 hours trying to resolve the complications that arise from being victimized. Still, some never fully recover. Consequences might translate to a depletion of your savings. Your credit card rating could be tarnished. Someone might "become" you with your SSN and date of birth to purchase a home or car in your name.

In dire scenarios, someone might develop a criminal record in your name. The impact of identity theft is severe and affects not only the actual victim, but his or her employers and families as well.

So the question is clearly a priority: If one is a victim of identity theft, how does one go about cleaning up a record for crimes not committed and/or purchases not made in order to start over with a financial clean slate?

Unfortunately for many victims, finding a clean slate isn't possible without resources to locate the perpetrator. Locating and trying the perpetrator in the criminal court system is the only way to clear a victim's record. By proving, in the court's eyes, that the perpetrator is not the identity of the victim, and that the identity thief is in fact a thief, a victim is then, and only then, cleared of the emotional, financial and legal burdens they have carried since the moment their identity was stolen.

To compound these challenges, victims often feel alone in their struggle to restore their name, records and finances. The federal government is over-tasked protecting the country from physical attacks in a post-9/11 world. Local governments and law enforcement are over tasked with the day-to-day of apprehending everyday criminals and keeping the "peace" within communities.

Although the awareness is widening and initiatives are being put in place to help curb identity theft, a large gap in resources continues and identity thieves remain on the prowl. To date, history has proven they often "get away" with these crimes since it can be so difficult to track them down and prove their misconduct. And doing so requires so much time, skill, experience and know-how. Most task forces simply aren't equipped to handle the thousands of reports they receive each year.

Security for All
Security professionals understand the importance of targeted and careful action. Although no one is completely immune to potential identity theft, some groups of people have proven to be steady targets. For example, the FTC estimates that 31 percent of identity-theft victims are in the 18-29 age group. Other statistics on profiling come from the Identity Theft Resource Center (ITRC), a nonprofit that helps victims of identity theft. It reported that in the first three months of 2008, the number of data breaches more than doubled over the same period last year. The center also noted a rise in insider thefts, particularly within the business community.

Despite privacy regulations, data breaches are not only becoming more common within the medical community, but hospitals and medical centers are slow to report the breaches to patients. The ITRC Breach Report sub-divides all breaches into five categories. To date, the 2008 ITRC Breach Stats Report indicates the following: 17 percent from government/military agencies, 21.3 percent from educational institutions, 36.8 percent from general businesses, 14.9 percent from health care facilities and companies and 10 percent from banking, credit and financial services entities.

As a security professional, it should seem obvious that the best protection is preparation. Be defensive and plan ahead, by investing in an identity theft insurance program. However, as a security manager, the lingering question remains -- when does identity theft become a corporate issue rather than a personal issue? The answer is simple. By offering an identity theft prevention and/or insurance program for employees, you are ensuring long term peace of mind and protection for each individual. Providing a reliable, trustworthy, confidence-inspiring solution is one of the great value-added services that a company can offer its employee base. And offering such as service highlights your organization as caring about its customers and employees and their personal safety, while reducing your organization's internal fraud expenses.

Identity Theft Insurance as Important as Life Insurance?
Insurance is something we hope we never have to use. We take out policies on our most valuable assets -- our cars, children, spouses, homes and own lives. What about our identity? Isn't our identity what continues to ensure our well being, our good fortune and our financial stability? Many things in life have an intangible risk, or a risk that is so against the odds of occurring to us that we never give it a second thought. Unfortunately, identity theft is not one of them. By arming ourselves with a ready-made defense and plan of attack to regain our identity should we be victimized, we can ensure we recover our financial stability, our non-existent criminal record, our ability to leverage a clean credit record to purchase a home or fund an education. An identity theft insurance policy swings into action if the policy holder is victimized and ensures the perpetrator will be brought to justice and their identity regained. It can truly be a life saver -- in another sense of the word.

Companies that provide these insurance packages help identity theft victims by locating the criminals and working with the local jurisdiction to process them through the judicial system. With proof of crime, the victim's name can be cleared. Some companies offer identity theft insurance packages that employers can extend to their employees or participating customers / members.

For a monthly service fee, policyholders who become victims of identity theft have a team of experienced professionals on the case to restore his or her good name. A victim's name and financial record, which could also include a criminal record depending on the extent of identity theft damage, can only be cleared once the criminal has been apprehended and charged. Often there will be financial restitution from the courts once this occurs.

Deter, Detect, Defeat
Preventing and deterring identity theft is critical for Americans today. We are moving into an ever-progressive era where identity perpetrators leverage the Internet, global rings of thievery are on the prowl and the identity theft know-how strengthens among criminals. As security professionals, we must band together and educate ourselves on the best means available for protection. I encourage security industry leaders to read up on identity theft news on a weekly basis to see just how often this crisis is touching Americans' lives. I promote frequently issued "smart steps" in prevention by being an aware and vigilant consumer, such as:

• Don't give out personal information on the phone, through the mail or over the Internet unless you are comfortable with the source.

• Keep your personal information in a safe place at home, away from visitors, roommates or outside help working in your home.

• Be aware of the information security procedures at your place of employment and other places that request personal information (a doctor's office for example), and verify that your data is handled securely.

• Keep an inventory of everything in your wallet and PDA with account numbers or personal information.

But ultimately, as a security manager, I urge you to promote a reliable, trustworthy, confidence-inspiring solution for your employees, which is one of the great value-added services you can offer. And as an employee, I recommend you inquire on an identity theft insurance policy that your employer may consider offering you in the future -- or research ways to purchase a policy independently.

Ultimately, without a good defense system in place to solely deter, detect and defeat identity theft rings, and without the resources to track them down and bring them to justice, identity theft will not cease. This is an area in our lives where a good sense of awareness, self-motivation and preparation will have big rewards.