Protecting Your Company, Employees and Customers from Identity Theft Presented by: Bill Morrow CSIdentity Chairman and CEO - PowerPoint PPT Presentation


PPT – Protecting Your Company, Employees and Customers from Identity Theft Presented by: Bill Morrow CSIdentity Chairman and CEO PowerPoint presentation | free to view - id: 72cb9f-MDIzM


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Protecting Your Company, Employees and Customers from Identity Theft Presented by: Bill Morrow CSIdentity Chairman and CEO


Protecting Your Company, Employees and Customers from Identity Theft Presented by: Bill Morrow CSIdentity Chairman and CEO – PowerPoint PPT presentation

Number of Views:249
Avg rating:3.0/5.0
Slides: 26
Provided by: ymc47


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Protecting Your Company, Employees and Customers from Identity Theft Presented by: Bill Morrow CSIdentity Chairman and CEO

Protecting Your Company, Employees and Customers
from Identity TheftPresented by Bill
MorrowCSIdentity Chairman and CEO
  • Risks Businesses Face Today
  • Identity Theft Overview
  • Identity Theft Protection and Data Security
  • Questions Answers

Risk and The Opportunity Cost
  • Risk to expose oneself to the chance of injury
    or loss, to venture upon, take or run the chance
    of an outcome put oneself in danger or hazard.
  • With RISK taking there is an opportunity or
    payback for a sacrifice OR consequences to pay
    for not taking a risk. In todays business
    environment and with identity theft, there is an
    opportunity cost -- the cost of doing nothing.
  • There is no payback for accepting or allowing the
    RISK to occur.
  • Consequences for inaction are greater than ever
    before not just from a lost revenue
    perspective but also from a legislative point of
    view with state and federal regulations setting
    compliance standards.

Managing Risk
  • Identity theft is ever-evolving and criminals are
    becoming more sophisticated, scheming ways to
    infiltrate businesses, find the gaps in security,
    manipulate the system and discover ways to
    further deceive consumers.
  • Businesses need to be ahead of the curve, and
    stay ahead of criminals, to protect their assets
    including revenue, customer base and employees.
  • Legislation is established as a result of
    incidents - reacting to discovered threats.
    However, today there are unrealized threats and
    areas where your company is unknowingly
  • Its important to be proactive versus reactive
    when it comes to fraud and identity theft.
  • Manage risk close the gaps.

Identity Theft and Related Fraud Risks
  • Hiring employees who use false identity data to
    mask a criminal history and gain access to your
    networks and data from the inside
  • Retaining employees who have committed criminal
    offenses after being hired and screened
  • Employee errors, loose policies or internal fraud
    causing data breaches of company, customer and
    employee data
  • Thieves or hackers externally accessing your
    network and data
  • Criminals buying and selling your company and
    customer data to other criminals who use it to
    commit more crimes
  • Maintaining incomplete current safeguards that
    may allow for gaps in security

Spear-phishing Whaling
Do you know who your colleagues report suspicious
e-mails to? Would you or your senior management
team recognize a whaling e-mail or use a USB from
an unknown source?
Criminal Chat Room Activity
Identity Theft Overview
Identity Theft Has Evolved And Grown Significantly
Source Deloitte Research, Identity Theft
Understanding the Experience of Private Sector
Organizations, 2006.
The Evolution Of Identity Theft Makes Banks The
Number One Target Of Identity Thieves
  • Banks are targeted
  • 7 of the top 10 targeted institutions
  • Responsible for more than 25 of complaints
  • Why are banks targeted?
  • Consumers only involved in fraud detection on
    their personal existing accounts
  • Credit monitoring does not provide information on
    debit accounts
  • Communication providers are targeted
  • 3 of the top 10 targeted institutions
  • Responsible for 15 of identity theft complaints
  • Fraudulent Phone Fraudulent Bank
  • Reinforces control of identity
  • Both used to verify identity authenticity
  • Creates significant merchant losses

Identity Theft Is Not Simply Credit Card Fraud
  • Businesses and consumers are targeted in multiple
  • Employment Fraud
  • 1.8 M applicants use stolen identities
  • 30 of applicants falsify credentials
  • Phone Fraud
  • Service obtained under stolen identity
  • Third parties authenticate using phone
  • Government Documents Fraud
  • False DL/Passport defeat verification
  • False IRS, SSA, HHS claims
  • Criminal Fraud
  • Crimes committed with false identities
  • Prevents detection during employment
    or other screening activities

2006 FTC Identity Fraud Theft Statistics
FTC Data Clearinghouse 2006. Survey results
include some cases of identity theft where the
individual was impacted by more than one area
(i.e. credit take-over and credit new account). 
For purposes of presenting in a pie chart, survey
results were pro-ratably adjusted for these cases
in order that a relative comparison of types of
identity theft could be presented.
FTC Data Trend Shows Decline In Credit-Related
Identity Theft
Credit-related identity theft is declining while
non-credit-related identity theft has increased
since 2002. Identifying both types of identity
fraud and theft is key.
Non-Credit Related
Credit Related
Down 40
Up 17
2002 2003 2004 2005 2006
Credit Related 30 23 19 18 18
Non-Credit Related 70 77 81 82 82
FTC Data Clearinghouse 2006.
Identity Theft Crimes Impact Individuals In
Countless Ways
  • Unable to secure a job
  • Wrongly arrested
  • Tax liabilities
  • IRS audits
  • Fraudulent tax refunds
  • IRS notice of undeclared income
  • Unable to buy a home
  • Unable to buy a car
  • Unable to pay for college
  • Theft/loss of government benefits
  • Fraudulent payday loans issued
  • Property deeds compromised property sold
  • Damage to professional reputation
  • Unable to open new bank accounts
  • Existing bank accounts shut down
  • Existing bank accounts drained
  • Unable to open new credit accounts
  • Existing credit terminated
  • Existing credit used fraudulently
  • Unable to take out loans
  • Fraudulent loans
  • Health insurance used fraudulently
  • Erroneous health records due to fraud
  • Loss of security clearances

Consumers Are Targeted By Growing And Evolving
Identity Theft Crimes
Identity Theft Is Growing
Identity Theft Is Evolving
65 Increase
Non-Credit 93 Increase
12.3 M
15 M Victims
6.37 M
9.1 MVictims
2.73 M
2.7 M
Credit 1 Decrease
Identity-theft-related fraud IDC, 2006
FTC, 2006
Individual Losses Are Increasing
International Black Market Identity Trade
131 Increase in One Year
17.3 CAGR
1.6 B
1.5 B
1.3 B
1.1 B
0.9 B
0.7 B
Gartner, 2007
IDC, 2006
Businesses Are Targeted Both To Commit Fraud And
To Steal Identities
Cost per Record Exposed in Data Breach
Source Ponemon Institute
Aggregate Business Identity Losses (not due to
( in billions)
Source Javelin Strategy and Research Survey
Protect Your Company From Data Security Breaches
  • Businesses are also targeted because they control
    identity data for hundreds of thousands or
    millions of identities in centralized
  • 85 percent of companies have experienced a data
    breach in the past two years.
  • 1 to 3 data breaches occur daily.
  • Approximately 90 percent of most breaches are due
    to people and policy issues.
  • 6.3 million average cost per breach, up from
    4.8 million in 2006.
  • 197 average cost per record lost.
  • Companies suffer legal liabilities, loss of
    market share (2.67), brand equity and customers
    with increased churn.

People, process and policy security breaches
Source Ponemon Data Breach Study, November 2007.
Identity Theft Protection and Data Security
Regulatory Landscape
  • Agencies, financial institutions and businesses
    face a myriad of federal and state regulatory
    requirements, for example
  • Patriot Act
  • Sarbanes-Oxley
  • Fair Credit Reporting Act
  • Fair and Accurate Transactions Act
  • Gramm-Leach-Bliley Act
  • State data privacy and security laws

Identity Theft Defense Framework
  • Understand environment, criminals, and motives
  • Why would the data you control be desired?
  • How would a criminal conduct transactions with
    your organization using a stolen identity?
  • Are you vulnerable to internal risks from
    employees, contractors, and vendors?
  • Understand risk areas
  • What types of transactions are high risk and
    where would they occur?
  • Are their gaps between systems or organization
    silos that can be exploited?
  • Install controls to identify and prevent theft
    and fraud
  • Who do you hire?
  • Who has access?
  • Who conducts transactions who authorizes, who
    overrides, and who is responsible?
  • Who monitors and audits?
  • Plan for post-fraud response
  • What constitutes a breach and what defines the
    severity of breach?
  • Who is notified and how is information conveyed
    to exposed victims?
  • What victim protection solutions will be extended
    based on data exposed and severity of breach?

Identity Data Security Requirements
  • Thirty-nine states (including Texas) have data
    security and privacy legislation.
  • Federal legislation mimicking California data
    security and privacy legislation is pending
  • Define data requiring compliance Personal
    Confidential Information (PCI).
  • Name associated with Social Security number,
    drivers license, account data (debit or credit),
    usernames and passwords, and other sensitive data
  • Protect PCI data from exposure.
  • Storage database, desktop, laptop, paper
  • Transfer e-mail, other network, backup tape
    (other medium), physical
  • Destruction data storage timelines, physical
    storage and destruction policies
  • Define a policy for responding to data security
  • Proactively develop data breach response plan as
    part of overall disaster recovery efforts
  • Promptly implement breach plan upon breach
  • Notify consumer victims and extend victim
    protection services in response to a breach

Properly Created Plans Provide Overlapping
Compliance Capabilities Reducing Risks and
Components Compliance Requirements / Satisfaction
1. Verify Employee Identities and Background Social Security verification confirms only the accuracy of the SSN, not the identity and fails to detect applicants concealing elements of their background GLBA, FCRA
2. Verify Customer Identities For all transactions account origination, transactions, and account changes GLBA, FCRA, FACTA
3. Employee Awareness Employee identity protection solutions with identity monitoring and ongoing training reinforce data security awareness GLBA and State Laws
4. Customer Awareness Provide identity theft awareness materials and/or retail programs online and in physical environments GLBA
5. Data Protection Identify personal confidential information, its location, encryption, access and storage requirements and risk by identity element GLBA, FACTA
6. Exposure Detection Detect when accounts or customer identities have been exposed to reduce fraud losses and protect customer FACTA
7. Incident Response Plan Prepare an incident response plan based on type of breached data and severity of breach now GLBA, FACTA, State Laws
8. Victim Protection and Assistance Deploy the incident response plan promptly to educate victims to their level of risk and protection available GLBA and State Laws
About CSIdentity
CSIdentity Targets Identity Fraud Across
Industries And Markets
Consumer Comprehensive identity theft protection
and personal security solutions.
Government Detection of altered, fabricated and
stolen identities used by individuals crossing
borders and utilizing the United States
transportation systems.
Business Identity theft and fraud detection, HR
Benefits, breach management solutions, data
solutions and security tools.
Multiple Security Layers Provide Comprehensive
Fraud Detection and Protection
CSIdentity Solutions
ID Verification Monitoring
SAFESM Security AuthenticationFor Employees
Enterprise Account Protection Blanket Solutions
CSIdentity ProtectorSM
Data Breach Mitigation Solutions
Questions Answers