In fact, data breaches in the U.S. over the last two years have exposed information from well over 220 million records, equal to the number of people over the age of 18 in the U.S. Virtually every adult in the U.S. has personal information that has been exposed and is open for possible fraud.
Identity is much more than just credit. A person’s identity includes many parts--vital personal information such as Social Security Numbers, Driver’s License number, Date of Birth, Address, Email Password, and ATM information--that are exchanged constantly in everyday life, well outside the boundaries of the credit system. Millions of personal data records are traded for profit on the internet by persons who will use these records for suspicious or illegal activities.
There are two factors that are key in the growth of identity theft. First is simply the consumer’s lack of understanding about identity theft. Many consumers think that they are only at risk through their credit cards, and have a false sense of safety because of liability on cards that limits costs/exposure if an identity is compromised. The consumer often doesn’t take the steps needed to protect themselves because of the false sense of security. Second is the sheer number of places that identity information is digitally stored. Stored personal information is at risk from dozens of sources—from retailer cards to doctor’s patient files.
The techniques, methodologies and impact of identity theft are all increasing exponentially, as are the numbers of victims impacted. In fact, a recent study published by Gartner, reported that there were more than 15 million identity theft victims for 2006. This means that during this timeframe that every minute more than 28 people became a new victim of the crime of identity theft, equating to a new victim every 2 seconds. In just a year, these rates have continued to increase.
Identity theft itself is nothing new--it has been going on for decades. The practice of stealing money or getting other benefits by pretending to be another person is very old.
What’s new is the way in which identities are being stolen today. Just as Internet technology has evolved to Web 2.0 the same can be said for identity theft in that it has reached a new threshold of Identity Theft 2.0.
Tactics for identity theft have changed over the years and increasingly people’s data is at risk. The old ways of obtaining personal information are still all in use—like dumpster diving, stealing from mailboxes, physical theft, and credit card receipt copying. New tactics include disparate techniques of phishing, email fraud, data mining, spam, key-logging and an array of other technological processes. The Internet has made it drastically easier for thieves to steal and sell information in cyberspace by implementing countless numbers of phishing scams, email scams etc.
However, the risk is not just to those that are using the Internet for communication or purchases. As more and more places have access to personal information like Social Security Numbers, Date of Birth, and other identifying factors, the higher the risk that some of your personal data will be exposed. You could equally be at risk from the information stored for your Sears credit card, your doctor’s office files, or your undergrad school loans. The likelihood that the data will be exposed; be it through malice or an unexpected technical error is magnified with each new source that is holding personal data. Simply put; the more places your information exists, the higher the chance to be breeched.
Unfortunately, the current consumers’ approach to identity protection has not evolved to the next level and is one of the primary reasons that consumers continue to become victims of identity theft.
In a study conducted by IdentityTruth in 2007, 8,500 consumers were questioned on the issue of identity protection. The survey found that 85 percent of the respondents believe that they are taking some measures to protect their identities by shredding documents, securing sensitive information at home and using caution when responding to emails requesting information. The survey also discovered that 75 percent of those respondents are most concerned with credit card fraud. Yet in 2006, over 13 million consumer identities were misused. The survey further indicates that while many people are concerned about security, there is a certain level of inertia that has not been overcome. Proven methodologies are available to increase security procedures and they are not being implemented by a majority of consumers.
What we see is that most consumers are confused about how to protect identity and private information, or worse yet, have come to expect the possibility of identity theft. The approach of today’s consumers to identity protection needs to change. Consumers need to become more proactive in the management of privacy and identity. Like an annual physical to check health, identity information needs to be examined on a regular basis.
Information is the key to control in the case of identity management. Complete identity theft prevention is an illusion, the best approach to prevent it is simply by understanding what data is at risk and learning how to mitigate the potential for identity theft.
The single strongest protection against identity theft would be to not give out any personal information, which is virtually impossible and completely unrealistic in today’s society.
Most people simply focus on protecting information by getting copies of their credit reports. Monitoring your credit data is only one small aspect of understanding your identity footprint and personal information. It is a purely informational service and does not ultimately prevent identity misuse. It only tells you that credit was requested on your behalf, issued or denied and often not until after the credit fraud has already happened. Even alerts pertaining to opening new accounts can be delayed up to 7 days. This credit alert is minimal protection as the Federal Trade Commission (FTC) estimates that only 12 percent of last year’s identity fraud was “new account credit” related.
Timeliness in gathering this information is also very important. The National ID Theft Resource Center surveys victims of identity theft annually. In 2004, 37.5 percent of those surveyed reported that they found out within three months, down from 48 percent in 2003. Of those responding in 2004, 18 percent said that it took them four years or more to discover that their identities had been misused, doubling the 9 percent from the 2003 sample. Ultimately, the earlier the consumer can find out what information is at risk or has been compromised, the resolution of fraud is exponentially easier to remediate.
With no government or financial organization monitoring the various pieces of a consumer’s identity, it falls to the consumer to get a picture of his/her own digital identity footprint. Technological services are on the rise that can help consumers with the analysis of this information and as the threat grows, so will the opportunity for new ways to combat identity theft and fraudulent behavior.
There are many services available that can give consumers the overview of their risk and assist with the remediation of any issues with the consumer’s identity health, but not all services are alike. Users should do their due diligence to make sure they sign up for a service that provides insight on compromised information immediately to give them the greatest level of protection possible.
Steven D. Domenikos is the founder and CEO of IdentityTruth, Inc., a service designed to help consumers safeguard their privacy and identity by offering advance notification of potential misuses of their identities.