Moving into a new decade, there are key issues that simply must be addressed if we are ever going to see a change in the flood of identity theft. Some of these changes must be made to make it easier to protect yourself from identity theft [LINK], but you may not have much to do with actually making the changes, since they need to be made by banks, government agencies, and so forth. If 2011 is going to be the year we turn it around, as many hope, then these points are going to be critical.
Banks Must Address Card Fraud
The results are in from the Information Security Media Group survey. They talked with over 200 leaders in financial organizations from the financial and security perspective, and the results are disturbing, to say the least. Card fraud impacted four-out-of-five companies, and almost half reported issues related to phishing attacks, but only one-in-five has a plan in place to help address the issues. More than 75% said they learn of fraud when it is reported by the customers.
Really. That’s what the report says. The financial organizations are responding to this mostly by saying public (and employee) education are the key to fighting this, and that seems to be where they are putting their resources. But this has resulted in little (if any) real detection process. And financial institutions will need to rely on automated methods of detection to comply with the Red Flags Rule, if the intent of the rule is to be met with any success.
URL Shortening and “Hacktivism”
Bob Sullivan over at MSNBC predicts more attacks hidden by URL shortening. The idea is simple enough – a shorter URL is easier to use than a longer one, and at a rate of over 3,000 URLs shortened per minute (according to McAfee,) the idea has really caught on. But the problem creeps in for us end-users who need to click on that link. After all, we’ve been taught for years that to make sure we are on the right website, make sure the URL is going to the right location – just check your address bar. But shorter URLs don’t show you where you’re going, and there is obviously a lot of hacker potential. The advice is still sound, make sure you’re going to the banks site if that’s where you need to be (instead of a phishing site,) but you will probably want to stay away from short URLs until some form of validation can be implemented.
Sullivan also suggests that the success and clever structure of “hacktivist” websites like WikiLeaks will have renegade hackers following this pattern for attacks targeting companies instead of government agencies. This means look for more data breaches in the coming year. Your protection is limited here, because you can’t protect your information when you’ve given it to a company, they must protect it. The proposed data breach notification law (DATA) [LINK] won’t stop this sort of thing, but at least it will ensure you find out it has happened to your information when there is a data breach.
Protecting GPS Information
The other morning a local news program was showing traffic slow-downs using GPS information from vehicles in the area to determine how fast traffic was flowing. This information is not necessarily easy to get to, but if a satellite is telling you where you are (within 6 yards) then it obviously knows where you are. And if the local news station can get information about specific locations (such as a stretch of interstate) for their morning show, it’s easy to see that the information could be used to determine where an individual is as well. Or at least their car. Efforts are already in the works to rolling to classify GPS location information as private information that must be protected. And new identity theft protection companies such as PinPoint are already using this information to help make your card purchases more secure, so this will become important to identity thieves as time goes on.
Failing to protect this information, it may not be long before GPS “spoofing” emerges, one more wrinkle in a complicated world of digital identification.
Illegal Immigration
Illegal immigration is one of the big fuels for the identity theft fire. Whether government steps up to enforcing immigration laws, or legislates a form of identification illegal immigrants can use to work and receive wages, the issue must quite simply and clearly be addressed. As long as citizens are required to have a social security number to receive a paycheck, social security numbers will be a valuable commodity to anyone who wants to work and doesn’t have one. If no other issue is addressed, identity theft could easily be cut in half with this one political change.
