Wednesday, August 20, 2008

Chapter Two, data use

In my last post I attempted to point out some of the sources of data that identity thieves can use to gain access to personal and sensitive information. As I mentioned in closing there are as many sources for stolen data as there are sources of data. Now I would like to take a moment to sketch out some of the things they do with it after they get it.

Sadly, another form of identity theft is at home, or more specifically by family members. Family passions can run high sometimes and retribution can take many forms. One of those forms is stealing personal information of someone in the family and using it as a weapon to cash in on their bank accounts, medical insurance, or to commit criminal acts. This is happening at an alarming rate, and often goes unreported since people are usually reluctant to prosecute family members. Once again, for as long as the data has value it will be stolen for a number of reasons. Now, on to the subject of this column.

In contrast to all the overwhelming statistics on the subject the majority still believes that this is a financial crime and that somehow identity theft is inextricably tied to their credit report. Although this is not true it is a good place to start.

Often thieves are a local ring, petty opportunists, and increasingly drug users who need a constant supply of cash. They figure that they can get away with raiding a victims' bank accounts and credit accounts rapidly and moving on to other victims before they are caught. Far less than 10% of them are ever caught making it a pretty safe bet that they will get away with it. About half of those criminals also use the information they steal to perpetrate other acts such as filing false insurance claims for example, or receiving medical treatments using the victim's insurance information. As to the financial side of this type of theft you can see just how important it is to look closely at bank statements immediately and to report anything that looks out of place or unknown charges to the bank or credit card companies. Consumer protections in place can limit your liability.

There are approximately 10 million victims of identity theft in this country each year and according to FTC complaint records less then 30% of them are related to banking or credit issues. The vast majority relate to all the other forms of illegal data use I mentioned previously.
This brings me to the ubiquitous international crime rings that work in various ways to traffic in data theft and resale. Most often they are not the end users but mostly broker data for profit. The end users run the gamut from immigrants to terrorists and scam artists. Once your information is in their hands it is sold and resold and re aggregated so that your social security number might be used by hundreds of immigrants while your drivers license might be forged by 20 different criminals. There can be an exponential spread of your information that once it is out there and used, will no longer be recognizable as yours until you discover that you are wanted by police or that the IRS is receiving notices from a hundred companies that you have applied for work. I should point out that the lack of international agreements on the trade of stolen personal information makes the capture and prosecution of these identity thieves nearly impossible. There was a story very recently of a soldier who upon returning from the war zone in the Middle East found that he had been victimized criminally, financially, was wanted by police to pay child support, and a myriad of cell phone contracts that had been opened in his name, all while he was away on assignment. All of this was the result of identity theft.

Another group are the data miners who, after quietly depositing routines in your computer, can record your computer usage from anywhere in the world. From that information not only can they monitor what you do but also gather enough information to scam you into giving them more by posing as legitimate online businesses. Once that information is gathered up it is sold on another black market that deals in "cyber crime". A classic example of that are the infamous Nigerian scams who solicited capitol by posing as attorneys who ask your help to regain fortunes lost in a civil war or some other similar story.

Also, as I wrote in my last column a lot of theft happens in the workplace. Employees who have access to information can be solicited by thieves to trade data for cash. This is especially lucrative for drug addicts who can quickly convert information into cash by draining credit and bank accounts, and opening new accounts in the name of their victim. There have also been many cases of people who get (mostly temp) jobs specifically to steal data from their employers. Others simply steal for their own use.

As you can see not only can your information be stolen from almost any source, it can also be used for any number of reasons. My mantra has become, "As long as your information has value it will be stolen". Again the graphic Data Based You at the bottom of this column will give you an idea of how many sources there are for getting to our personal information.