Biometric Identity Theft: Stolen Fingerprints
Identity Theft is a huge and growing problem. According to the recent 2009 Identity Theft Fraud report by Javelin Strategy & Research, victims increased 22% in 2008 to 9.9 million. When businesses are involved, the companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.
The large impact that identity theft has on individuals lives and corporations’ bottom lines has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. The most recent debate is on whether the pros outweigh the cons.
Biometrics uses physical characteristics, such as fingerprints, DNA, or retinal patterns to positively verify individuals. These biological identifiers are electronically converted to a string of ones and zeros and stored on file in the authenticator database.
The downside or weakness of biometrics is that the risk of data breach remains relatively the same. Just as a credit card number can be stolen, the numbers that make up your biometrics and are stored in a database can be stolen. It may take longer for thieves to understand how to use these new pieces of information, but they will eventually be used.
Identity Theft Statistics: Gallup Poll
According to a new Gallup poll of identity theft statistics, 66% of adults worry the most about their identities being stolen.
Gallup trends measuring Americans’ fear of being victims of specific crimes date back several decades, but for each of 10 crimes, the question has been updated annually on Gallup’s Crime survey since 2000. Terrorism was added to the list in 2001, and 2009 marks the first year identity theft has been included. Gallup says the reason for big worries about identity theft might have to do with the high-profile attention lawmakers and identity-protection firms have been placing on it.
Besides identity theft statistics on American’s fear of identity theft, they also polled on the steps they would take to prevent it. Biometrics is the clear winner. Biometrics refers to methods for uniquely recognizing humans based upon one or more built-in physical or behavioral traits (fingerprint, voice pattern, gait pattern, retinal scan, etc.). In particular, biometrics is used as a form of Identity Access Management and it is also used to identify individuals in groups that are under surveillance. According to the Gallup Survey, 58% percent of Americans said they would use biometrics to verify their identities, as long as the biometric data was secured, while 38% said they would not use biometrics. The lack of daily use of these methods causes some Americans to be hesitant at first until they are more familiar.
Fraud Report: SMiShing Identity Theft
Identity Theft Expert John Sileo’s Latest Fraud Report
Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.
According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:
Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.
In many cases, the SMiShing message will show that it came from “5000″ instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.
Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.
Uncovering Business Identity Theft
While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.
Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses. Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.
Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.
Employee Background Checks
CSIdentity SAFE
Great employees are hard to find, but without the right employee background screening process, deceitful candidates are even harder to spot. Hiring dishonest employees puts your sensitive and confidential business information at risk and could cost you millions if stolen or damaged.
According to The Ponemon Institute, an independent research foundation, the average cost of data breach to a victim corporation is $6.75 million. In 2008, the lowest reported cost of data breach was $613,000, while the highest was just under $32 million. Given that the average cost per stolen record is $202, one missing laptop with 2,500 customer or employee records on it would come with a data breach recovery bill for a half a million dollars. And that doesn’t factor in loss of stock value, brand damage or customer defection that results from having your breach in the news.
Data Breach Protection: Laptop Theft Best Practices
Laptop theft and mobile data theft (tape backups, iPhones, BlackBerries, USB drives) account for nearly half of the cases of serious corporate data breach and workplace identity theft. Your corporation’s data breach protection will be significantly improved by educating your staff on the following mobile data best practices:
Before you save sensitive data to any mobile device, it is your responsibility to:
- Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
- Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
- Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
- Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.
Wounded Warrior Gives Life Context
I had an amazing experience last week. I was lucky enough to share the stage with the very energetic Suze Orman (thus the self-promoting image to the left) at Walter Reed Army Medical Center in Washington, D.C. But Suze Orman wasn’t the amazing part, despite being a very dynamic woman. And I wasn’t the amazing part.
Our Warriors in Transition were the amazing part. They are in transition because they’ve sacrificed their limbs and eyesight and hearing and sanity and dignity defending our country in Afghanistan or Iraq. And it was the honor of a lifetime to meet some of them.
Talking with these wounded soldiers changed the way I look at the daily problems I have. To summarize Nando Parrado, one of the “Alive” survivors, comparing his life now to 30 years ago when his rugby team crashed in the Andes, I don’t have problems, I have issues. Surviving 72 winter days at 14,000 feet with no food while those around you are dying from a plane crash, frostbite and starvation? That’s a problem. Returning from a tour of duty with no legs, no job and night terrors? Problems. Facing everyday issues like looming project deadlines, stock declines and even unemployment? Issues, and nothing more.
Identity is a National (Security) Asset
“It lies at the core of a great deal of what we do protecting our financial security, our personal security, and our reputational security,” Chertoff said. “And what I’m referring to is how we manage and protect our personal identities because I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.” – Michael Chertoff
Our Obsession with Strengths
We are obsessed with finding and leveraging our strengths, and it makes us boring.
For example, Marcus Buckingham, an intelligent, dynamic and well-spoken best selling author (with a lot of strengths), tells us to Go Put our Strengths to Work. One of his premises, as discussed in his article What the Happiest and Most Successful Women Do Differntly, is Imbalance. In discussing why more women are less happy than ever, he says it’s because they are too focused on balance:
… when you are balanced, you are stationary, holding your breath, trying not to let any sudden twitch or jerk pull you too far one way of the other. You are at a standstill. Balance is the wrong life goal. Instead, do as these women [the self-proclaimed “happiest” ones in his survey) did, and strive for imbalance. Pinpoint the strong-moments in each aspect of your life and then gradually tilt your life toward them.
In other words, do the things that make you feel good and get rid of the things that don’t. It strikes me that things like growth, risk, failure, mistakes, and heartache add a richness to life that can’t be had by staying permanently transfixed in your comfort zone. I think Marcus needs to get out of his intellectual zip code. Not everyone’s definition of success includes the word MORE or BETTER.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
