Tag Archive for: “Identity Theft

How to Opt Out of Junk Mail to Protect Identity


There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, surfing habits, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase. The problem is, that data, once collected, is often breached by hackers who want to know more about you.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”.  Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers as well as mass marketing databases.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies.  But it is your right to stop the sale of your information.

Fortunately, there are ways for you to “opt-out” of widespread information sharing (see the list of more than 120 ways below).

The Top 4 Opt-Out Opportunities:
  1. www.OptOutPreScreen.com. Remove yourself from the marketing lists sold by the three major credit reporting bureaus, Equifax, Experian and TransUnion. There is not cost for this list.
  2. www.DMAchoice.org. This puts you on a Do Not Mail list for the Direct Marketing Association. This is a free service online ( $1 by mail) and allows you to remove yourself from receiving previously unsolicited catalogs, magazines, “other” mail offers, and provides a link back to OptOutPreScreen for credit offers.
  3. White Pages. That’s right, your old-fashioned printed phone directory is the source for most of the online contact info databases. To remove your directory listing you have to contact your local phone company .
  4. www.Spokeo.com. To opt out, read this blog post about [intlink id=”1752″ type=”post”]removing your info from Spokeo[/intlink]. This is one of the more utilized sites by identity thieves, stalkers and scammers.

There is a slower and more tedious process of opting out of online directories (i.e., you have to visit every one. Some (Spokeo.com)  are more important than others (Whitepages.com) because of the information that they collect. Sites such as Spokeo.com can have as much information as your physical address and pictures of your home, while others may just house your phone number. These sites spend hours upon hours scouring public records such as marriage licenses, birth certificates, and real estate purchases for this type of information.

Since most online directories typically offer a way to opt out of their listings you would think they would make it easy. Not so. They tend to hide this option deep within the site, as they don’t actually want you to leave. Luckily, The Privacy Rights Clearing House has done most of the legwork in their Comprehensive Opt Out List. I suggest starting with a few main sites, 123people.com, spokeo.com, etc. and continuously adding to it over time. Opt out of one a week if you like, and eventually your data will be less exposed. Protecting your privacy and identity is a layering process. It is easy for people to get overwhelmed, especially when it comes to online directories.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Anderson Cooper Targets ID Theft in New Year's Resolution

Anderson Cooper’s 1st show of the year brought a panel of experts to discuss New Year’s resolutions, why we make them and how we can better keep them. Identity theft expert John Sileo closed out the show with 3 Tips for Avoiding Scams in the new year. Click on the video to the left to view the segment. Anderson and John discuss smartphone stupidity, passwords and social networking privacy.
Identity Theft Expert John Sileo Appears on the Anderson Cooper New Year’s Resolution Special.

John Sileo is an award-winning author and speaks internationally on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his keynote or media appearances on Anderson Cooper, 60 Minutes or Fox Business. Contact him on 800.258.8076.

Top Tips to Stop Travel Identity Theft – Sileo on Fox Business

Identity theft increases a great deal when you are on the road. Start protecting yourself with these Top 5 Identity Theft Tips while traveling:
  1. Travel Data Light. If you don’t have to take it with you, increase your safety and leave it at home. This includes checkbooks, debit cards, excess credit cards, Social Security cards and any excess digital gadgets. Simplicity is Security!
  2. Guard Your Devices. Smartphones and tablets are as powerful as laptops. Turn on the auto-lock passcode to keep others out of your information.
  3. Surf Protected. Stop using the free WiFi hotspots in cafes, airports and hotels, as they are constantly sniffed by cyber criminals. Instead, setup tethering between your mobile phone and tablet or laptop so that you are surfing safely.
  4. Privacy Please! Instead of leaving loads of data unprotected in your hotel room (a major source of theft), hang your privacy sign on the door and let house cleaning know that you do not want to be disturbed. Lowering traffic lowers risk.
  5. Mind the Lions at the Watering Hole. Take a minute to watch the video to the left to understand how increasing your awareness in airports, hotels, conferences and restaurants can save you tons of time and money.
Remember, protecting identity on the road isn’t just about you, it’s also about the data you handle in your business every day. It’s one thing to put your own identity at risk, it’s an entirely different affair to jeopardize the security of customer data, employee records or intellectual capital owned by the organization that pays you.
John Sileo is an author and recognized keynote speaker on how identity theft prevention bolsters your bottom line. Learn more about how he can inspire your organization to care about data security, social media privacy, identity management and trust leadership. Contact him directly on 800.258.8076. 

Child Identity Theft (Part II)

If you missed the first part of this series, please visit Child Identity Theft  (Part I).

Child Identity theft is the fastest growing sector of the identity theft “industry,” and the numbers are staggering. Although it’s difficult to estimate exactly how many children lose their identities since the crime can go undetected for years, the FTC states that 5% of identity theft cases target children, which translates into 500,000 kidnapped child identities per year, and growing. The Carnegie Mellon CyLab Report states that in 54% of the cases, the child was under the age of 14.

The identity thief is not always a stranger. In many cases, it’s a relative with bad credit who takes advantage of a child’s pristine credit. Conveniently, these family members generally have access to the information necessary to maximize the fraud with little attention. This seems absurd, but imagine a parent who is strapped for cash, has a bad credit score and needs to buy groceries. In this case, short-term thinking blinds the relative or friend to long-term consequences. In other instances, the child’s future is not taken into consideration at all.

Frankly, it doesn’t take much to get the crime underway; all a criminal needs is the child’s name and Social Security number. These pieces of personal information are exposed in a variety of ways:

  • When registering for daycare, schools and recreational sports
  • On medical, dental and hospital records
  • When joining organizations like the Girl Scouts, Boy Scouts, etc.
  • When the above information is permanently stored and accessed by volunteers or employees
  • When one of the above organizations is breached by a hacker or malicious software
  • When an adult befriends your child on a social networking site (MySpace, Facebook) and eventually socially engineers private information out of them

The Three Basic Types of Child Identity Theft

  1. Financial identity theft occurs when the name and Social Security number is used to establish new lines of credit.
  2. Criminal identity theft happens when the criminal uses the child’s identity to obtain a driver’s license or substitutes the child’s identity if caught in a criminal act.
  3. Identity cloning entails using a child’s identity (via information collection or a black market ‘purchase’ of personal information) for medical, financial, criminal and governmental purposes. The most common form of cloned identity theft is committed on behalf of undocumented workers looking for an identity that will keep them working in this country.

For parents, cleaning up the disaster of identity theft for their children is costly and incredibly time consuming. Getting a new Social Security number is almost impossible, and rarely the best option.

Taking steps right now to protect your child from this horrible crime is one of the greatest investments you will ever make in their financial and emotional future.

Protecting Your Children

Acting now on behalf of your child will protect them from consequences common to child victims:

  • Starting adulthood with a credit rating low enough to scare away the hungriest of loan sharks
  • Being denied a first loan, credit card or apartment rental because of a crime committed 10-15 years earlier (the passage of time makes this crime very hard to clear up)
  • Being denied access to college or a new job
  • Having a warrant out for her arrest for crimes that she didn’t commit

In the same way that you can’t protect your children from every bruise and scrape, you can’t entirely remove the risk of identity theft. You can, however, prevent or soften the fall if it does happen. Take these steps first:

  1. Watch for mail in your child’s name. This is a potential sign that credit has been established using their identity. The most common types of mail that signal identity theft are financial (pre-approved credit cards, etc.).
  2. Consider ordering a free credit report for your child. If you suspect foul play, write to the three credit reporting bureaus (Equifax, Experian and TransUnion) to see if your child has a credit profile (no profile, no chance that it is being used illegally). If they do have an active credit profile, you will need to resolve this with the specific credit bureau. Please note that requesting your child’s credit report repeatedly can actually establish a credit profile in their name. For a more convenient option, use an identity monitoring service for you and your family that alerts you when credit is established in any of your names.
  3. Stop giving out your child’s personal information. Until you are confident that it is absolutely necessary to receive the services desired, withhold their personal information. More than 80% of organizations that ask for your child’s Social Security number don’t actually need it to establish services. If you must give it, ask them how they will use it, how long they will keep it and how it will be protected while they have it.
  4. Protect your child’s identity documents. Birth certificates, passports, bank account information, wills and trusts involving children should all be locked securely in a fire-safe or bank’s safety deposit box. Physical document theft is one of the most prevalent ways kid’s identities are stolen.
  5. If you find evidence of fraudulent activity, contact the police, the source of the fraud and all three credit bureaus. Filing a police report helps to establish your child’s innocence in an official way.Have the credit bureaus FREEZE your child’s credit for maximum protection. Keep detailed records of all correspondence between yourself, the police, the merchant and the credit bureaus. It will come in handy should you ever find yourself in court, as I did.
  6. Educate your children on the importance of protecting their personal information. Teach them about the value of their personal information: their name, address, phone numbers, email address, Social Security Number and any passwords and PIN numbers. Reinforce that they own their private information and that it should not be shared with friends, over the internet or with anyone whom they don’t know or trust.Education is absolutely the best financial gift you will ever give to them.

In the case of child identity theft, an ounce of prevention is worth a lifetime of financial security. Don’t let the center of your universe become just another statistic. Because you love and protect your children as much as I do, start this process immediately.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com.

College Identity Theft Speaker

I’ve got a neighbor who’s going back to college this week and reminds me that this is by far the highest risk group for identify theft and it’s for a couple of reasons.  When these kids are going off to college, it’s the first time they are getting true financial independence, which might never have been trained to handle.  They have access to credit cards, to new bank accounts, and they’re managing it themselves.  That’s a huge red flag that there’s going to be trouble.  Number two, they’re going into an environment where their stuff is not particularly protected.  They’re in a dorm room, they’ve got roommates that may need extra cash; they know they can take advantage of them.  So it’s kind of a high risk environment.  The third reason is because they do so much online.  There’s so much social media interaction and that’s where ton of information is stolen. So you need to take some of these steps that are in this blog post.  Help your students take them.  It will help them out not just this year in college but helping them build their financial future going forward.  Your identity is pretty much everything in terms of your net worth. You got to take care of it now.

John speaks professionally about social media privacy and identity theft to college students.

7 Steps to Secure Profitable Business Data (Part I)

Everybody wants your data. Why? Because it’s profitable, it’s relatively easy to access and the resulting crime is almost impossible to trace. Take, for example, Sony PlayStation Network, Citigroup, Epsilon, RSA, Lockheed and several other businesses that have watched helplessly in the past months as more than 100 million customer records have been breached, ringing up billions in recovery costs and reputation damage. You have so much to lose.

To scammers, your employees’ Facebook profiles are like a user’s manual about how to manipulate their trust and steal your intellectual property. To competitors, your business is one poorly secured smartphone from handing over the recipe to your secret sauce. And to the data spies sitting near you at Starbucks, you are one unencrypted wireless connection away from wishing you had taken the steps in this two-part article.

Every business is under assault by forces that want access to customer databases, employee records, intellectual property, and ultimately, your bottom line. Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach and have no idea of how to stop a repeat performance. Combine this with the average cost to repair data loss, a stunning $7.2 million per incident (both statistics according to the Ponemon Institute), and you have a profit-driven mandate to change the way you protect information inside of your organization. “But the risk inside of my business,” you say, “would be no where near that costly.” Let’s do the math.

A Quick and Dirty Way to Calculate Your Business’s Data Risk

Here is a quick ROI formula for your risk: Add up the total number of customer, employee and vendor database records you collect that contain any of the following pieces of information – name, address, email, credit card number, SSN, Tax ID Number, phone number, address, PIN – and multiply that number by $250 (a conservative average of the per record cost of lost data). So, if you have identifying information on 10,000 individuals, your out-of-pocket expenses (breach recovery, notification, lawsuits, etc.) are estimated at $2.5 million even if you don’t lose a SSN or TIN. And that cost doesn’t necessarily factor in the public relations and stock value damage done when you make headlines in the papers.

In an economy where you already stretch every resource to the limit, you need to do more with less. Certain solutions have a higher return on investment. Start with these 7 Steps to Secure Profitable Business Data.

  1. Start with the humans. One of the costliest data security mistakes I see companies make is to only approach data privacy from the perspective of the company. But this ignores a crucial reality: All privacy is personal. In other words, no one in your organization will care about data security, privacy policies, intellectual property protection or data breach until they understand what it has to do with them.Strategy: Give your people the tools to protect themselves personally from identity theft. In addition to showing them that you care (a good employee retention strategy), you are developing a privacy language and framework that can be easily adapted to business. Once your people understand opting out, encryption and identity monitoring from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them. For an example of how the Department of Homeland Security applied this strategy, take a look at the short video.
  2. Immunize against social engineering. The root cause of most data loss is not technology; it’s a human being who makes a costly miscalculation out of fear, obligation, confusion, bribery or sense of urgency. Social engineering is the craft of manipulating information out of humans by pushing buttons that elicit automatic responses. Data thieves push these buttons for highly profitable ends, including spear-phishing, social networking fraud, unauthorized building access, and computer hacking.Strategy: Immunize your workforce against social engineering. First, when asked for information, they should immediately apply a healthy dose of professional skepticism. Train them to automatically assume that the requestor is a spy of some sort. Second, teach them to take control of the situation. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Finally, during this moment of hesitation, empower them to ask a series of aggressive questions aimed at exposing fraud. When we do this type of training, whether it is for the Department of Defense, a Fortune 50 or a small business, the techniques are the same. You have to make a game out of it, make it interesting, interactive and fun. That’s how people learn. For an example of fraud training in action, visit www.Sileo.com/fun-fraud.

You will notice that the first 2 Steps have nothing to do with technology or what you might traditionally associate with data security. They have everything to do with human behavior. Failing to begin with human factor, with core motivations and risky habits, will almost certainly guarantee that your privacy initiatives will fail. You can’t simply force a regime of privacy on your company. You need to build a coalition; you need to instill a culture of privacy, one security brick at a time.

Once you have acknowledged the supreme importance of obtaining buy-in from your employees and training them as people first, data handlers second, then you can move on to the next 5 Steps to Secure Profitable Business Data.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

Electronic Pickpocketing Hype Banks on Your Fear!

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Are Your Kids Safe Online?

As a parent you are often worried about what your kids are being exposed to on the Internet. Apparently so are Facebook and the PTA. They have teamed up to teach parents and children about responsible Internet use. They plan to cover cyber-bullying, internet safety and security and “citizenship online,” according to a news release.

“Nothing is more important to us than the well-being of the people, especially the many teenagers, who use Facebook,” said Sheryl Sandberg, Facebook’s chief operating officer.

Facebook is the number one social media site with over 500 million users and a minimum age requirement of 13. Even that requirement can be easily fudged because Facebook has no way of verifying a user’s age besides asking for their birth date when they register. Parents are having trouble deciding whether to let their children join Facebook prematurely and what they should be cautious of if they do so.

Learn more on Protecting Your Children Online.

It is important to be educated when dealing with any form of social media or social networking website. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it. You should know the ins and outs, pros and cons, risks and rewards to using these online tools. Because teens and children don’t necessarily have the life experiences to recognize the risks, parents must educate themselves and pass that knowledge on with open and honest discussions on Facebook and Online Safety.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Top 5 Reasons Corporations Educate Employees on Identity Theft

Why do corporations care (and spend money) to educate employees about protecting personal identity?

After all,  most businesses are profit-driven and only have time and resources to concentrate on initiatives that affect their bottom line. In effect, that is the answer to the question…

Businesses educate their employees and even their end customers on identity theft because it positively affects the corporation’s bottom line (by lowering the costs of data theft). Here’s how organizations benefit:

  1. Minimizing employee downtime. Serious individual cases of identity theft can take up to 600 hours in recovery time. Because banks and creditors are generally open when employees are at work, the employees are forced to recover on company time. Even if they only spend 40 hours during work recovering, this is a huge cost to the company. Roughly 10% of households will have to recover from identity theft at least once this year.
  2. Personal privacy leads to professional privacy. How can corporations expect employees to care about the sensitive information they handle every day (customer data, employee records, intellectual capital) if the employees don’t first respect their own private data? As employees discover how much their identity is worth, they are far more likely to protect the data they handle at work as if it were their own. After all, they begin to understand that next time it might be their identity that is stolen from a corporation.
  3. Corporate data breaches are expensive. Smart corporations understand that safe data is profitable data. Just ask TJX, a company that lost somewhere in the neighborhood of 94 million customer identities (far above what they initially reported) and could spend up to $1 billion recovering from the data breach. Not only are they being sued by customers, but by credit card companies and banks whose customer data has been compromised. Add to this the costs of providing a year’s worth of credit monitoring for every affected individual (a maximum of 94 million X $10 per month X 12 months), the damage it has done to their brand (almost everyone has seen this on the news), the hit taken by their stock and the thousands of hours spent in damage control, and you can see why investing in prevention is wildly inexpensive compared to recovering from a corporate data breach. And corporate prevention begins at the personal, employee level.
  4. Safe and happy employees are good employees. I have found that many corporations out there truly care about the quality of their employees’ lives. In addition, many of them hire me simply because they understand that safe and happy employees are more loyal to the corporation, speak well of the company, remain longer in the organization and drive more business. These companies consider their employees’ financial health to be as vital as their physical health, and it pays off over the long run. Identity theft poses the highest risk to their workers’ financial health.
  5. Educated customers cost less. I often speak to the end customers of corporations (e.g., the clients of a bank, the customers of a financial planner) who improve their security dramatically even when the just follow the basic recommendations in my ID Theft Tool Box. When a bank customer knows how to prevent identity theft, they are far less likely to become a victim and therefore less likely to lose money for which the bank is ultimately responsible. When someone steals your identity and drains your bank account, the bank generally covers the cost. If your identity is never stolen in the first place, neither your nor the bank has the expense.

If you feel that your organization would benefit from increased awareness about personal and workplace privacy, learn more about bringing in an Identity Theft and Social Networking Expert. You can also order you employees the Identity Theft Prevention and Recovery Workbook – All Privacy is Personal – Help them protect your company and your bottom line today!

 

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Biometric Identity Theft: Stolen Fingerprints

Identity Theft is a huge and growing problem. According to the recent 2009 Identity Theft Fraud report by Javelin Strategy & Research, victims increased 22% in 2008 to 9.9 million. When businesses are involved, the companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.

The large impact that identity theft has on individuals lives and corporations’ bottom lines has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. The most recent debate is on whether the pros outweigh the cons. (To see some of the materials that influenced this article, please visit George Tillmann’s excellent article in Computerworld).

Biometrics uses physical characteristics, such as fingerprints, DNA, or retinal patterns to positively verify individuals. These biological identifiers are electronically converted to a string of ones and zeros and stored on file in the authenticator database.

The downside or weakness of biometrics is that the risk of data breach remains relatively the same. Just as a credit card number can be stolen, the numbers that make up your biometrics and are stored in a database can be stolen.  It may take longer for thieves to understand how to use these new pieces of information, but they will eventually be used.

Ultimately, this could be more dangerous than having your ATM PIN, credit card number, or Social Security Number stolen, and it will take longer to clear up.  In a worst-case-scenario, someone inside of the biometric database company could attach their fingerprint to your record — and suddenly they are you. The reverse is also true, where they put your fingerprint in their profile so that if they are convicted of a crime, the proof of criminality is attached to your finger.

What will stop thieves from electronically sending your stolen fingerprints to your bank to confirm that you really do want to clean out your bank account through an ATM in Islamabad? Fingerprints, when stored in a database, are nothing more than long strings of numbers. What will you do when your digitized fingerprints wind up on a government No-Fly list? If you think it takes forever to board a plane now, wait until every law enforcement agency in the free world has your fingerprints on file as a suspected thief or, worse, a terrorist.

The reality is that biometrics could be a great alternative to securing one’s identity – and they are quickly becoming a part of every day identification.  But we can’t go forward into the new world of biometrics thinking that it solves all of our problems. Like the “security codes” on the back of our credit cards, like the two forms of authentication required for most banks, like wireless encryption standards – thieves eventually find work-arounds. And so too will they work around biometrics. If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history — and our thumbprint will become just another Social Security Number.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 800.258.8076.

Follow John on: Twitter, YouTube, Facebook.