Documents Session 328 Powerpoint Presentation - PowerPoint PPT Presentation

Loading...

PPT – Documents Session 328 Powerpoint Presentation PowerPoint presentation | free to view - id: c7784-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Documents Session 328 Powerpoint Presentation

Description:

Insurances (Med, Auto, Homeowners, etc.) 10. How Does It Happen. SSN is Big(gest?) Problem ... to that, These Crimes Classified as 'Fraud', 'Wallet Stolen', etc. ... – PowerPoint PPT presentation

Number of Views:134
Avg rating:3.0/5.0
Slides: 45
Provided by: nevinm
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Documents Session 328 Powerpoint Presentation


1
Identity Fraud This Crime Is Changing Your
Job Session 328 Nevin Maffett Application
Outfitters, Inc.
2
Agenda
  • Overview
  • How Does It Happen
  • Historical Perspective
  • National Response
  • Privacy Crisis
  • Protecting Yourself
  • Impact on Employers
  • Taking Action

3
Overview
  • What Is Identity Theft?
  • Fastest Growing Crime in US
  • High-Profit, Low-Risk, Low-Penalty Crime
  • A Dual-Victim Crime
  • An Invasive Crime with Substantial, Long-Lasting,
    Emotional Impact
  • Exists in Vacuum b/w the eXplosion US
    Piecemeal Approach to Privacy

4
Overview
  • Three General Types
  • Financial Identity Theft
  • Imposter Establishes New Credit
  • Enabler Personal Id Info, Particularly SSN
  • Criminal Identity Theft
  • Criminal Poses as Someone Else
  • Provides Personal Info of Someone Else
  • Identity Cloning
  • Imposter Establishes New Life
  • Imposter Lives and Works as You

5
Overview
  • Most Common Types of Fraud Committed Via Identity
    Theft
  • Credit Card Fraud
  • More than Half of Victims Reported This
  • Bank Fraud
  • Unauthorized Checking/ Savings Account Activity
  • Communications Services
  • ¼ of Victims New Service Opened in Their Name
  • Fraudulent Loans
  • Thief Uses Your Identity

6
Overview
  • A Few Statistics
  • Victim Liability Limit 50/ Credit Card
  • Average Victim Spends 175 Hours and 1,100
    Out-of-Pocket Responding
  • Various Estimates of Between 500,000 1.1
    Million Cases of ID Theft in 2001
  • Avg. Time to Discovery 15 Months
  • Law Enforcement 100 500 Hrs/Case
  • Criminal Profit Est. at 18,000/Case

7
Overview
  • From FTCs Consumer Sentinel
  • ID Theft Complaints
  • CY 2000 31,117 22 of Total
  • CY 2001 86,198 39
  • CY 2002 161,819 43
  • Victims per 100,000 Population in 2002
  • Worst 5 DC (123.1), California (90.7), Arizona
    (88.0), Nevada (85.6), Texas (68.9)
  • Best 5 N Dakota (12.6), S Dakota (16.4), Vermont
    (17.6), Iowa (18.9), West Va. (19.9)

8
How Does It Happen
  • Root Problem is Authentication
  • Three Ways to Authenticate Oneself
  • Something You Know
  • PIN, Password, etc.
  • Something You Have
  • Credit Card, ATM Card, ID Card at Work, etc.
  • Something You Are
  • Handwriting, Fingerprint, DNA, etc.

9
How Does It Happen
  • Key is the Numbers that Identify Us
  • They Are Everywhere. . .
  • Bank Statements Utility Bills
  • Credit Card Stmts ID Cards
  • Personal Checks Pay Advice/Check
  • Empl Application School Records
  • Drivers License Real Estate Trans
  • Court Documents Loan Apps
  • Product Reg Cards Tax Forms
  • Insurances (Med, Auto, Homeowners, etc.)

10
How Does It Happen
  • SSN is Big(gest?) Problem
  • Reality SSN is Required Used as Identifier
    in Many Places Many Ways
  • Myth is that SSN is Private
  • Presumed to be Valid Way to Authenticate
  • Only that Person Would Know It, Right?
  • We Are Generally a Trusting Society . . .
  • Space Between Reality and Myth
  • Opportunity for Abuse, Fraud, ID Theft

11
How Does It Happen
  • One Thing Leads To Another. . . .
  • Perhaps You Get Careless
  • Throw Something in the Trash Misplace a Check or
    Credit Card, or Receipt
  • Youre Too Nice
  • If Somebody Asks for Info They Have A Good
    Reason, Right?
  • You Are Targeted
  • Thief Steals Wallet/Purse Takes Your Mail Opens
    Acct in Your Name False ID

12
Historical Perspective
  • The Term
  • Appears to have Emerged in mid 90s
  • Prior to that, These Crimes Classified as
    Fraud, Wallet Stolen, etc.
  • In The Beginning. . . .
  • 1935 Social Security Act
  • Govt Attempt to Create Old-Age Pension
  • Byproduct A Unique Record ID, The SSN
  • Original Intention SSN For Use Only by Social
    Security Administration

13
Historical Perspective
  • Whats In That Box? Lets Open It!
  • 1943 SSN Authorized as Primary Key in Other
    Federal Databases
  • Ooh, Shouldnt Have Done That . . .
  • 1974 Privacy Act Cessation of SSN Use by
    Agencies, (Except SSA), But
  • Legitimate Use of SSN as Primary Keys by All
    Fed Agencies Using it Before 1/1/75
  • Required Privacy Act Disclosure Notice

14
Historical Perspective
  • Tax Reform Always Makes Things Better!
  • 1976 Tax Reform Act Authorizes Use of SSN by
    State and Local Revenue Offices, Licensing
    Agencies, etc. . .
  • Results in Substantially Increased Usage of SSN
    by Fed, State, Local Govt Agencies
  • Widespread Use in Govt Makes it a Popular Choice
    in Business Industry
  • SSN Now Begins to Take on Character of a Personal
    Identifier for Public Use

15
National Response
  • States
  • 1996 Arizona Passes First Identity Theft Law
  • 2003 DC Still Has No ID Theft Law
  • California is Leading The Way
  • May, 2000 37 States Had ID Theft Laws
  • End of 2002 Only CO, DC, and VT w/o Specific
    Identity Theft Laws (Source FTC)
  • Some States Revisiting Existing Laws
  • Increasing Penalties
  • Revising Definition of Criminal Activity

16
National Response
  • Federal
  • Fair Credit Billing Act (1986)
  • Limits Consumer Liability for Fraudulent Charges
  • Fair Credit Reporting Act (1996)
  • Establishes Procedures for Correcting Errors
  • Record Can Only be Provided for Legitimate
    Business Needs
  • Identity Theft Assumption Deterrence Act
    (1998)
  • A Federal Crime to Transfer or Use, w/o Lawful
    Authority, Means of Identification of Another

17
National Response
  • Federal (contd)
  • Gramm-Leach-Bliley Financial Mod Act (1999)
  • Original Focus Restructuring Financial Industry
  • Amended to Include Privacy Aspects
  • Some Limits Placed on How Institutions Disclose
    Nonpublic Personal Information About a Customer
  • Provision for Consumers to Opt-Out of Having
    Their Information Shared
  • Notices Written at 2nd Year College Level Bill
    Provision is Clear and Concise Language
  • Sharing Can Still Occur Over Your Objections

18
National Response
  • Federal (contd)
  • November 2001 Supreme Court Ruling
  • At Issue The 2-year Statute of Limitations Under
    the Fair Credit Reporting Act
  • Ruling Period Begins When the Alleged Wrongful
    Disclosure Occurred, not When Discovered
  • Protection of SSN (NOT!)
  • No Fed Law Limiting Disclosure In Private Sector
  • Business Can Request It
  • Youre Not Required to Provide It, However . . .
  • If You Dont, Business Can Legally Refuse to
    Provide You Service

19
National Response
  • Federal (contd)
  • Relevant Bills Introduced in 2002
  • US House of Representatives (www.house.gov)
  • HR5588, ID Theft
  • HR5474, GLB ID Theft
  • HR5215, Privacy in Stat Data
  • HR4678, Consumer Privacy
  • HR4561, Privacy in Rule Making
  • HR4513, Social Security Privacy
  • US Senate (www.senate.gov)
  • S3067, Government Information Security Reform
  • S3064, Health Privacy Opt-In
  • S2629, Privacy Policies of Fed Agencies
  • S2201, Online Privacy

20
National Response
  • Federal (contd)
  • Relevant Bills Introduced in 2003
  • 14 Different Bills Introduced in House or Senate
    as of April 9th Some Examples
  • HR 338 Defense of Privacy Act
  • HR 781 Privacy Protection Clarification Act
  • HR 122 Wireless Telephone Spam Protection Act
  • HR 69 Online Privacy Protection Act
  • S 188 Data Mining Moratorium Act
  • HR 220 Identity Theft Prevention Act
  • S 745 Privacy Act
  • S 228 SSN Misuse Prevention Act
  • S 223 Identity Theft Prevention Act

21
National Response
  • Is the Tide Turning??
  • Fair Credit Reporting Act
  • Preemption Provision Expires 1/1/04
  • If Sustained, States Could Require Financial
    Institutions to Obtain Customer Approval
    (Opt-In)
  • Sen. Shelby, R-AL, Chair of Banking Committee
    Appears to be Leaning Toward Opt-In Position
  • Financial Services Industry Now More Interested
    in Stronger National Privacy Standards
  • HR 70, Proposes Establishment of Opt-In Basis
  • HR 220, Proposes Dramatic SSN Changes
  • Some States Already Have Opt-In Rules

22
Privacy Crisis
  • What is Privacy
  • The Right to be Left Alone the Most
    Comprehensive of Rights and the Right Most Valued
    by a Free People
  • Justice Louis Brandeis, Olmstead v. U.S.
    (1928)
  • Your Privacy is Under Attack
  • Commercial Exploitation
  • Employer Negligence
  • Governmental Inaction
  • Individuals . . . Thieves, Terrorists, etc.

23
Privacy Crisis
  • Information Awareness Office (DARPA)
  • Key Initiative Total Information Awareness
  • Stated Purpose to deter terrorism
  • Based on assumption that terrorists must take
    certain actions
  • Integrated database of people their actions
  • Major Pushback from ACLU, EPIC, others
  • Through 12/4/02 26 Awards for Work on TIA
  • Feb, 2003 Congress Suspends Funding of Project
    Pending Report From DARPA
  • 5/20/03 DARPA Report Delivered
  • New Name Terrorism Information Awareness
  • Congress Prohibits Application to US Citizens

24
Privacy Crisis
  • No Controls Over SSN Use
  • No Integrated National Policy
  • Electronic Records Can be Easily Stolen
  • Individual Must Take Action to Prevent Sharing of
    NPI
  • Individuals Not Aware
  • Confused About Rights, Obligations, etc.
  • Do Not Understand Risks
  • Dont Have Time to Figure it all Out
  • Info Continues to be Collected, Shared, etc., w/o
    Regard for Accuracy/Impact

25
Privacy Crisis
  • Profiling. . .
  • The Product is You (Adbusters Media Foundation)
  • Recording Classification of Behaviors
  • Occurs Through Data Aggregation from Everywhere,
    Everything You Do
  • Has Created the Customer Relations Management
    (CRM) Industry and Personalization

26
Privacy Crisis
  • Personalization is Very Personal
  • SSN Size of Clothes Worn Shopping Preferences
  • Habits (Smoking) Health Information Arrest
    Records
  • Marital Status Lifestyle Preferences Hobbies
    (Collections)
  • Religion Homeownership Date of Birth
  • Sex Age Household Income
  • Race and Ethnicity Geography Physical
    Characteristics
  • Household Occupants Telephone Number Magazine
    Subscriptions
  • Occupation Level of Education Contributions
  • Club Memberships Mail Order Purchases Pet
    Ownership and Type
  • Interests (Gambling, Arts, Antiques, Astrology)
  • Whether You Are Likely To Respond to Money
    Making Opportunities
  • Characteristics of Automobile (year, make, value,
    fuel type, vanity tags)
  • Financial Situation (solvency, creditworthiness,
    loan amounts, credit cards)

27
Privacy Crisis
  • Medical Profiling We Know That Too
  • Allergy Nasal Allergies Wheat Alzheimers
  • Arthritis Asthma Athletes Foot
  • Breast Cancer Bronchitis Cancer
  • Celiac Sprue Chewing/Swallowing Dif Chronic
    Back Pain
  • Clinical Depression Colon Cancer Constipation
  • Contact Lenses Crohns Disease Dandruff
  • Dentures Diabetes (all, Type 1, 2) Dry/Flaky
    Skin
  • Eczema Emphysema Epilepsy
  • Freq Chapped Lips Frequent Cold Sores Frequent
    Flu
  • . . . . . . . . . . . . . . . . . . . . . . . . .
    . . . . . . . . . . . . . . . . . . . . . . . . .
    . . . . . . . . . . . . . . . . . . . . . . . . .
    . . . . . .
  • Parkinsons Disease Prostate Cancer Psoriasis
  • Rheumatoid Arthritis Rosacea Sensitive Teeth
  • Shingles Spinal Cord Injury Ulcerative Colitis
  • Ulcers Use Wheelchair Yeast Infection

28
Protecting Yourself
  • Manage Your Risk
  • Risk Management Taking Charge of the Things Over
    Which You Have Control
  • Start. . . . .
  • Understanding Your Risks
  • Reviewing Your Credit Report Every 6 Months
  • Shredding Every Credit Application, Every Piece
    of Paper That Has Any NPI
  • Being Aware of Who You Give NPI To. . And Why
  • Supporting Stronger Privacy Legislation
  • Looking at Those Receipts
  • OPTing Out

29
Protecting Yourself
  • Manage Your Risk (contd)
  • Stop. . . .
  • Giving Out Your SSN w/o Asking Questions
  • Printing NPI On Your Personal Checks
  • Putting NPI on Product Registration Cards
  • Participating in Shopper Loyalty Clubs
  • Leaving Paid Bills in an Unsecured Mailbox
  • Answering Questions When Youre Not Completely
    Sure Why Youre Being Asked
  • Being Nice
  • Trusting The System Nobody Cares About
    Protecting Your NPI, Except You

30
Protecting Yourself
  • Be Aware, Be Vigilant . . . Examples
  • Free Credit Report emails Most are Scams
  • Account Verification emails purportedly
    describing a problem resulting in loss of data,
    need you to re-send SCAM
  • FTC Investigation Uncovered Bogus FTC
    Investigator Who Sent Emails Asking for NPI to
    Assist in Investigation SCAM
  • Bogus Hospital Employees Needing to Fill in
    Blanks on Your Record SCAM
  • When In Doubt, Dont!!!

31
Impact on Employers
  • Newest Trend in ID Theft
  • To Be More Efficient!
  • Why Steal One Identity When You Can Have
    Hundreds, or Even Thousands?
  • Theft of NPI From the Workplace
  • Now 1 Source for Credit Fraud ID Theft
  • State of CA 262,000 Records
  • TriWest HealthCare 562,000 Records
  • Lawsuit Has Already Been Filed Charging Negligence

32
Impact on Employers
  • Be Aware Changing Environment
  • Employer Records are Prime Target Risk of Theft
    Increasing Substantially
  • Employer Liability Due to Negligence is
    Increasing w/Focus on ID Theft
  • Legislation Impacting Employers
  • Need to Monitor Fed State Developments
  • EU Privacy Directive, HIPAA, etc.
  • Must be Proactive Periodically Review
    Policies/Procedures

33
Impact on Employers
  • Records Management is Critical
  • Judicial/Societal Expectations
  • Employer Will Exercise Due Diligence
  • Records Mgmt Policies, Procedures
  • Design of Records Mgmt System
  • Validating Identity of Individuals with Access to
    Records
  • Temporary Workers Major Risk Factor
  • Periodic Review/Audit of Policies, Practices,
    Procedures

34
Impact on Employers
  • FTC Position
  • It is not enough to make promises about
    protecting personal information and then just
    hope that nothing bad happens, or if it does,
    that nobody finds out (Howard Beales, Dir of
    FTCs Bureau of Consumer Protection)
  • Employers Expected to Take Affirmative Action to
    Appropriately Protect Personal Information

35
Impact on Employers
  • Some Suggested Actions
  • Remove SSN from all Employee ID, Badges,
    Timecards, etc.
  • Halt Use of SSN as Employee Identifier
  • Never Ask for SSN Prior to Hire
  • Audit Trails to Document Who Has Reviewed
    Employment Data
  • Shred/Securely Destroy Documents Containing
    Employee Data
  • Conduct Background Checks on Employees
  • Closely and Carefully Monitor Temp Employees
  • Implement Training Program for all Who Have
    Physical or Electronic Access to Employee Data
  • Provide Employees with Yearly Credit Check as an
    Employee Benefit Helps Spot a Records Compromise
  • Provide Employees w/Education on How to Protect
    Themselves
  • Implement Strong Program of 3rd Party
    Audits/Reviews of Policies, Procedures,
    Practices, System Security

36
Impact on Employers
  • Trend Increasing Employer Liability
  • A Few Examples
  • Washington State June 13, 2002
  • Employer Liability for failing to take all
    reasonable precautions in destroying records
  • GLB Safeguards Rule May 23, 2003
  • Employer must implement various safeguards for
    protecting NPI FTC Oversight
  • California Bill 1368 July 1, 2003
  • Companies Required to Notify Individuals When
    Records Containing NPI are Compromised
  • HIPAA Security Rule April 21, 2005
  • Safeguards Issues HHS Oversight

37
Taking Action
  • Check Your Credit Reports
  • Equifax 888-397-3742 www.experian.com
  • Experian 800-685-1111 www.equifax.com
  • TransUnion 800-888-4213 transunion.com
  • Check Your Medical History Info
  • Medical Info Bureau 617/426-3660 www.mib.com
  • Use Gramm-Leach-Bliley Act Opt-Out
  • www.privacyrightsnow.com provides sample letters
    and procedures

38
Taking Action
  • Halt Pre-Approved Credit Offers
  • One Call Does It 888-5OPTOUT
  • Junk the Junk Mail
  • Write to Mail Preference Service, PO Box 643,
    Carmel, NY 10512
  • Pay 5 online www.dmaconsumers.org
  • Avoid Sweepstakes Other Contests
  • Reduces Number of Lists That Include You
  • If It Seems Too Good To Be True, Then Its a SCAM

39
Taking Action
  • Reduce Risk from Telemarketing
  • Telephone Preference Service, PO Box 1559,
    Carmel, NY 10512
  • Pay 5 online www.dmaconsumers.org
  • Leverage FTC Resources Implementing Brand New
    National Do Not Call List www.ftc.gov for
    Information
  • Practice Safe Interneting
  • http not secure
  • https secure (at least more secure. . . .)
  • Look for Trusted Security Designators (VeriSign,
    etc.)

40
Taking Action
  • Check Your Driving Record
  • State Sites Listed at www.aamva.org/links Read
    Fine Print on Applications/Forms
  • Your Identity is Worth 3 Minutes. . . .
  • Handle Loyalty Clubs Differently
  • Protect and Keep Private Your SSN
  • Review Your SSA Stmt of Benefits
  • Consider Placing a Pre-Emptive Fraud Alert on
    Your Credit Record

41
If It Happens To You. . .
  • Contact Fraud Depts of Credit Bureaus
  • Request Free Credit Report From Each
  • Place Fraud Alert On Your Record
  • Review Credit Reports
  • Contact Creditors of Compromised Accounts
  • Close These Accounts
  • File Report
  • With Local Police, or Police Where Theft Occurred
  • Get Copy of Report to Support Claim of Theft
  • FTCs ID Theft Clearinghouse 877-438-4338
  • Complete ID Theft Affidavit (From FTC)

42
If It Happens To You. . .
  • Some Other Valuable Resources
  • ID Theft Info
  • www.ftc.gov FTC Site
  • www.consumer.gov/idtheft Fed Govt Central ID
    Theft Site
  • www.idtheftcenter.org General Info and Resources
  • www.fightidentitytheft.com General Info and
    Resources
  • www.stolenidentity.com General Info and
    Resources
  • www.callforaction.org General Info and Resources
  • Privacy Issues and Awareness
  • www.privacyrights.org Privacy Advocacy Group
  • www.epic.org Electronic Privacy Info Center
  • Your Representatives
  • www.house.gov US House of Representatives
  • www.senate.gov US Senate
  • www.ncsl.org Council of State Legislatures

43
Information Sources
  • VG 3 Testimony Provided by Linda Foley,
    Executive Director, Identity Theft Resource
    Center, to U.S. Senate Judiciary Subcommittee on
    Technology, Terrorism, and Government
    Information, March 20, 2002
  • VG 5 Source FTCs Identity Theft Clearinghouse
  • VG 6 Statistics Excerpted from various Federal
    Trade Commission and Privacy Rights Clearinghouse
    Documents
  • VGs 12 14 SSN Historical Perspective Points
    Excerpted From Social Security Numbers, Identity
    Theft, and The Web, by Hal Berghel, Professor
    and Chair of the Department of Computer Science
    at the University of Nevada at Las Vegas article
    at www.acm.org
  • VGs 26, 27 Electronic Privacy Information
    Center www.epic.org/privacy/profiling
  • VG 30 Identity Theft Resource Centers Scam
    Alert, www.idtheftcenter.org and FTCs ID Theft
    site www.consumer.gov/idtheft
  • VG 32 Adapted From Victims Assistance of
    Americas Employer Checklist
    ww.victimsassistanceofamerica.org
  • VGs 37 40 List Adapted From Privacy Survival
    Guide, Privacy Rights Clearinghouse
    ww.privacyrights.org/fs/fs1-surv.htm
  • VG 41 Adapted From Source Adapted From FTC web
    site www.consumer.gov/idtheft/victim.htm

44
IHRIM Needs Your Feedback! Please complete a
session evaluation for

Session 328 Identity Fraud, This Crime Is
Changing Your Job Nevin Maffett nevin.maffett_at_ap
poutfit.com 410/684-3700 THANK YOU!
About PowerShow.com