'

ID theft: The next IT industry boom?

Identity theft is evolving and will become a big industry, according to an IBM expert

As e-business grows, online fraud will evolve from stealing credit card numbers to corporate identity theft, having profound implications on companies' bottom lines and employee behaviour, according to IBM's Stacy Cannady.

Cannady, from IBM's client security product management, told ZDNet that corporate ID theft would allow criminals to order goods on company accounts or conduct industrial sabotage. For the victim, this could result in regulatory violation, legal compromise or competitive disaster.

"Identity theft is the fastest growing form of white-collar crime," said Cannady. "It has to do with credit card fraud now, but as e-business grows and spreads it will grow with it. The theft of digital identities will become an industry."

According to Cannady, companies are realising this and are looking for insurance against the possibility. However, insurance companies -- already hit hard by rising litigation payouts -- are quoting rates dependant on the level of security a company has in place.

Whilst most organisations install digital certificates onto computers to identify who they're talking to, Leif Gamertsfelder, head of e-security at national law firm Deacons, said that does not guarantee accuracy.

"It depends on how digital certificate technology is implemented," he said. "There are very poor and very robust ways of doing it. The fact that you're using a digital certificate in itself doesn't make it safe. Any certificate that is not housed on hardware such as a smart card is very easy to hijack." He indicated this could lead to a range of legal problems.

IBM believes that even smart cards don't go far enough, and touts the embedded security chip in its NetVista and ThinkPad range as the ultimate in security. The added benefit comes from the increased space on the chip for security programs and the inability to scan them externally, which is how smart cards are cracked.

Despite this, a recent US survey commissioned by e-commerce solutions provider eFund Corporation found that 60 percent of people were not concerned about the possibility of identity theft.

"Many people seem to think the average person isn't a target of identity theft... but they couldn't be more wrong," Ray Whiteside, eFunds International Asia Pacific MD, said in a statement.

"If the US experience is any guide, this is a problem that is growing at an alarming rate and hitting people in all walks of life, but most people don't realise how it can affect them."

In Australia, an investigation by the House of Representatives Standing Committee on Economics, Finance and Public Administration found the issue to be of growing concern. It pointed out that 25 percent of fraud cases reported to the Australian Federal Police involved the assumption of false identities.

"The move to greater use of electronic commerce is likely to further increase the level of identity fraud and the difficulty of uncovering the perpetrators," the committee said.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.