%%USERNAME%%    %%ACCWORDS%% %%ONOFF%% |
 |
Opinion and views on what is and what is not being reported on... |
Timely, Ageless Wisdom Again Proves, “It’s not the victim’s fault.” Protecting Financial Information: More Can Be Done My father said that a person could steal more with a pencil than with a gun. He made this statement many years before the invention of the Internet, fax machines, and cell phones. Not that long ago, thieves were basically misfits, and outcasts in society, and the scopes of their crimes were limited to their immediate geographical location. Technology, and globalization are breeding, redefining, and expanding the capabilities and opportunities of thieves more than any other time throughout history. My father also said, "locks only keep honest people honest." Of course, he said that when about the only way for someone to steal your money was to physically steal your purse of wallet; even then all a thief managed to steal was the amount of money a person was actually carrying. It is now commonplace for a thief to be able to rob hundreds of thousands of people with little more than a computer, and a social security number. Stealing a person’s money no longer requires face-to-face confrontation, and is seems less personal, and far less violent. The new reality faced by victims of identity theft today is that the victimization can continue for years, and even after a person thinks that the resulting credit problems have been resolved the cycle of identity theft can begin anew. It appears the most successful thieves are well educated, employed, well dressed, interact well with employers and coworkers, and remain undetectable in society. Thieves are gaining access to others financial information by way of their own employment. My father also said locks keep honest people honest. He said that back when about the only way for someone to steal your money was to physically steal your purse or wallet. Has the electronic age of global banking, shopping, and bill payment outpaced its own industries ability to police itself? The Spielberg movie, Catch Me If You Can, with Tom Hanks and Leo DiCaprio, depicts the true-life crimes of Frank Abagnale, Jr., and so far the movie has earned over 200 million dollars. Frank Abagnale’s crimes took advantage of the relative low technology of the 1960’s; as opposed to the way today’s criminals exploit the most sophisticated technology in existence. The interesting, unmentioned similarities between Abagnale’s crimes in the 60’s, and the crimes committed today, in the 21st century, are the criminals commit these crimes with another person’s banking and credit card information. Even in Abagnale’s time, as now, the crime of defrauding people and businesses does not occur in a vacuum. Today’s crimes of identity theft involve unimaginable large numbers of victims. The crimes certainly require the assistance, and cooperation of many other individuals that use their employment to access the information that allows all to profit. Do the people committing such crimes possess some sense of special entitlement? To date, it appears that the responsibility and cost of identity theft is clearly being placed on the shoulders of the consumers, while the thefts are, in reality, being committed against the Corporations that are maintaining data bases filled with their consumers and customers personal financial information. The Corporations have distanced their services and products from the criminal act of Identity theft. Corporation losses are much easier to write off as the cost of doing business, and are tax deductible, more so than it is for individual consumers. Instead of spending corporate profits to tighten security, Corporations are spending relatively little money, compared to their profits, to publish, and distribute information on how individuals can protect themselves from identity theft. It shouldn’t take more than a simple phone call to notify banking institutions and credit card companies in the event a person loses, or has their purse or wallet stolen. Sadly, reporting a loss or theft of financial information does little to protect a person from identity theft. The best possible scenario is that your lost wallet is returned, never found, or the thief is an unsophisticated thug. Until consumers hold the companies, and corporations that have databases filled with individual financial information responsible for the theft of their personal data, little, if any, headway will be made in preventing identity theft. Opportunistic criminals are pilfering corporation’s databases, but it is the consumers’ money that is actually being stolen. Crime and Punishment In 1998, the Senate and House of Representatives of the United States of America in Congress assembled to create what became, The Identity Theft and Assumption Deterrence Act of 1998 (18 U.S.C. 1028). The full text is available on the Internet at: http://www.ftc.gov/os/statutes/itada/itadact.htm#004 The full text of sentencing guidelines referred to in The Identity Theft and Assumption Deterrence Act of 1998 is available at the following link: http://straylight.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003553----00... Reading the laws, and sentencing guidelines will demonstrate that the lawmakers are attempting to find a solution to the crime of Identity Theft. After the recognition of Identity Theft as a crime by the full Congress, the Senators and Congressmen returned to their home States to enact State legislation. As did Senator William A. Clay, Jr. did in 1999. He sponsored State legislation that creates the crime of identity theft in Missouri. The legislation made the crime of Identity Theft punishable by up to six months in jail for the first offense; up to one year for the second offense; and one to five years for the third, or subsequent offense. In Missouri, the courts may also impose a fine to cover restitution to the victim. Another act also makes it a crime to fraudulent use a debit device. A debit device is defined as a card, code, number or device that initiates an electronic transfer. The term includes fraudulent use of an electronic transfer of benefits to recipients of public assistance. The crime is punishable as a Class A misdemeanor, unless the value of property or services misappropriated within a 30 day period equals $150, which increases to a Class D felony. As recently as July 2002, Vermont and the District of Columbia still had not updated or passed laws related to identity theft. Finally in June of 2004, Attorney General William H. Sorrell, Senators Dick Sears (Bennington), and John Bloomer (Rutland) announced at a press conference in Vermont a law concerning Identity Theft would go into effect. The District of Colombia also waited until 2003 to updated the law written in 1982, to include the crime of Identity Theft. A review of the sentencing guidelines makes it apparent that elected officials did not foresee the magnitude and seriousness that the crime of Identity Theft could possibly reach. In 2003 the Federal Trade Commission report found that 27.3 million Americans were victims of identity theft in the last five years (including 9.9 million the previous year). The report also found that identity theft activity cost businesses almost $48 billion the previous year. Not all identity theft originates over the Internet, of course. The FTC report also found that 4 percent of thieves still used old-fashioned ways of stealing personal information – stolen paper mail. Fourteen percent of victims report their personal financial information was used for crimes of identity theft when their wallet, checkbook or credit card was lost or stolen. Building A Better Mouse Trap There are companies that exist that provide extra levels of security. One such company, Authentify, provides a telephone-based identity management solution, which enables organizations to defeat Internet fraud with just a phone call. Authentify, without creating any major delays, enables a simple automated, outbound telephone call during, or immediately after, an Internet session that does not interfere with the immediacy of service over the Internet, while greatly reducing fraud in online transactions. Yes, it can be that simple. Voice print identification is the least-intrusive biometric technology available. The telephone network already exists, and this technology is inexpensive to implement. Authenitify’s program provides an audit trail if fraud is committed. Another company, Teros, created a computer application that detects what an application is doing and literally blocks suspicious behavior. For instance, if someone is attempting to inject SQL commands that would allow a computer hacker to obtain hundreds of customer account numbers, the Teros appliance has the ability to end the transaction. Firewalls typically protect a network from attacks, but firewalls don’t monitor network traffic on Web servers. The Teros appliance un-encrypts and reads on going traffic at the application level, and then determines if what the user is doing is acceptable. Then there is CSI, Computer Security Institute, and through a company’s membership and participation a company can supplement their security technology with security audits and training. Computer Security Institute (CSI), in conjunction with the San Francisco FBI’s Computer Intrusion Squad, conducts an annual audit. Security audits are widely used, and assists a company in measuring their performance of security, and then allows a company to determine what it needs to improve security performance. Results of the 2004 CSI audit showed respondents from all sectors do not believe that their organizations invest enough in security awareness. There are other professional training programs in information protection, one of which is the International Information Systems Certification Consortium’s Certified Information System Security Professional and SANS Institute’s family of Global Information Assurance Certifications. “A lot of companies are getting involved in privacy risk management, but the majority are not doing enough”, says Larry Ponermon of the Ponemon Institute, a think tank in Tucson, Arizona. The Bottom Line Although privacy professionals face daunting, up hill challenges, especially when dealing with security and privacy issues, there is more that can be done to prevent all security breeches. Laws enacted only help if the punishment for the crime of Identity Theft is sever enough to be a deterrent. On July 15th, 2004 President Bush signed into law, legislation passed by Congress that increased sentences for persons convicted of Identity Theft. The law titled, Identity Theft Penalty Enhancement Act, adds two years to prison sentences for criminals convicted of using stolen credit card numbers and other personal data to commit crimes. Violators who use that data to commit "terrorist offenses" would get an extra five years. Michael Wolfe, the co-founder of Vontu Inc, a Calif.- based security software company that focuses on preventing internal fraud is reported to have said, “Congress may have to pass legislation requiring companies to take basic steps to protect consumers’ personal data.” In addition to everything else that people have been advised to do to prevent Identity Theft, the single most proactive position for consumers to take is to demand that companies do the right thing without Congress having to go through the time and expense to pass laws that make it a rule of law to just do the right thing – protect Americans from Identity Theft. Then again, companies such as ChoicePoint and LexisNexis, having lost control of sensitive data in the past, and deliberately covered up their security breeches only because no law required the companies to report the security breeches, will probably make it absolutely necessary for Congress to pass laws that require companies to maintain the highest level of security technology available. As I see it... the largest majority of Identity Theft victims are actually the victims of the companies, who for profit, are building unsecured data bases chocked full of individuals personal financial information. Some of the companies have had Class Action law suits filed against them. Obviously not enough of the companies have been sued and held legally, and financially responsible for their failure to protect the people, whose data they use to make their profits. Seems that the people and companies responsible - just don't get it. If you have been a victim of Identity Theft through no fault of your own - SUE! |
View Portfolio
Visit Notebook
Send Gift Points
Awards
Badges
Send Email
Community Newsfeed
General Discussion
Sponsored Items
Book of Trinkets
Static Items
Books
Groups
Interactive Stories
Audio
Campfire Creatives
Community Notes
Crossword Puzzles
Documents
Folders
Images
In & Outs
Madlibs
Photo Albums
Polls
Product Reviews
Quizzes
Survey Forms
Web Pages
Word Searches
