Business news from the Fredericksburg region.

RSS feed of this blog

Column: Identity theft is on the rise

A concern for many Americans is the ever-present and growing threat of identity theft.

According to the Office for Victims of Crime, in 2007, “7.9 million households, or about 6.6 percent of all households in the United States, discovered that at least one member had been a victim of one or more types of identity theft.”

This was indicative of a growing trend from the previous five years. Indeed, the increase in identity theft between 2005 and 2007 was 23 percent.

What is ironic is that the very mechanism that people use to gather information to avoid this problem, the Internet, is also a direct cause for the dramatic increase in this crime. Personal data stored in national databases, online banking and bill pay, and social networks all lead consumers towards increased risk. Every year, more information about you is available online.

One information aggregator website is People are often shocked at the detailed personal information available on this openly available site. The author of this article searched for himself and was presented with his age, address (with a handy map), house value and family members. A paid upgrade would yield personal income, location history, phone number, social networks and occupation.

Of course, it would be difficult to commit financial fraud with the information provided on these information aggregator websites. With a little bit of ingenuity, though, somebody could take additional steps to

attempt such fraud. With enough information about a particular person, a criminal could utilize some social engineering to access their financial information.

Social engineering refers to psychological manipulation of people into performing actions or divulging confidential information. If a criminal were to contact a financial institution with enough information about a target, it is possible that they could gain access to their financial information.

A more common attack vector for personal targeted financial fraud is to utilize the most common single identifier: the Social Security number. Most people are wary enough to be careful with their SSN, but, unfortunately, the weakness lies more with organizations than with individuals.

Any organization that stores your SSN (banks, educational organizations, medical organizations, etc.) is a target for cyber criminals. One example is the March 20, 2010, hacking of Education Credit Management’s servers. Data on 3.3 million student loan borrowers was stolen with SSN being one of the pieces of data.

Consumers are targets even after they die. According to a report in 2012 from CNN, for $10 identity thieves can access the full name, Social Security number and other personal information of a dead person. This is retrieved through a list of millions of deceased Americans, known as the Death Master File.

The Social Security Administration created the file to help financial institutions and businesses prevent identity theft, by using the file to cross-reference applicants or customers to make sure they are not using a deceased person’s identity. Of course, an unintended consequence is that dead people’s SSNs and other identifying information is being stolen and utilized

by cybercriminals.

The question that any readers would have at this point is “How do I protect myself from this threat?” It would seem a daunting task given the myriad of threat vectors that consumers face. They could fall victim to a targeted attack or an organization they are affiliated with could be attacked. There are some simple tasks that consumers can do to greatly minimize the risk though.

The following steps can help minimize one’s security risk:

Don’t leave personal or financial information lying around your house. Often-times, the identity thief is someone the victim knows. Try not to make it easy for them. Shred all mail, especially credit card offers and bank statements. Identity thieves will sometimes go “Dumpster diving” and dig through your trash for identifiable information.

Review your bank and credit card statements rigorously and regularly. Most financial fraud goes unnoticed by consumers. Utilize the freely available credit reports (annualcreditreport .com), which you can access once every 12 months.

Consider placing a fraud alert on your credit file to force new credit granters to take extra precautions before granting credit.

Secure your home computer with a virus scanner and firewall. Use robust passwords for all sensitive websites such as bank sites, credit card sites, and medical sites.

If you are one of the unfortunate people who fall victim to identity theft, there are some steps you should take:

First, notify the credit bureaus and at least put a fraud alert on your credit file.

If you have a particularly aggressive identity thief, you should freeze your credit. This disallows any further credit lines and insulates you from further damage.

Change all of your account numbers and login information with your bank and credit cards.

Call the police to report the crime.

As house burglars generally go for the easiest prey, cyber criminals also grab at the lowest hanging fruit. If you take the steps outlined to minimize your security risk, you greatly reduce the chance that you will become a victim of identity theft.

This is one in a series of columns by University of Mary Washington College of Business faculty on various aspects of finance and economics as they affect our readers. Mike Lapke is an assistant professor of management information systems at the University of Mary Washington. He also does research in health care privacy, information auditing, and organizational power.

Post tags: