IDTheftSecurity.com

go to http://IDTheftSecurity.com

2010-01-22T04:51:00.001-08:00

ComputerWorld & NetworkWorld visitors

Go to http://IDTheftSecurity.com

(This blog is outdated)

Thank you.
Robert Siciliano
Lets CONNECT!!!.....do it now!
http://www.linkedin.com/in/robertsiciliano
http://twitter.com/robertsiciliano
http://www.facebook.com/robert.siciliano

2007-02-20T16:18:00.000-08:00

Tax Time Makes Laptop Computers Especially Valuable to Identity Thieves

Phishers' websites, feigning to represent the Internal Revenue Service, threaten—as similar sites have in the past—to dupe citizens this tax season into divulging personal information.

Tax season is a frenetic time for most Americans. When we're extra busy, we run the risk of being extra careless—something identity thieves like. And with the growing number of taxpayers completing their IRS paperwork online, many from their laptop computers, the risk for foul play increases ever more. Guard your belongings, particularly any computer equipment containing your tax information, and never give your personal identifying information to an unknown source. Never to trust online messages that purport to be from the IRS, which never initiates communication with taxpayers via e-mail.

But the problem isn't just phishing sites. With more and more consumers doing their taxes online, and with research from various sources showing a marked increase in laptop computer sales, this means lots of laptop computers, machines that are prone to theft, are home to their owners' sensitive tax-related information. Consider use of MyLaptopGPS™, a product that combines Internet-based GPS tracking, which is more affordable and user-friendly than other types of GPS tracking, with encryption and additional technologies to put laptop owners' minds at ease when theft occurs.

2007-02-20T16:07:00.000-08:00

Fallout from recent breach of data at major U.S. retailer will continue for a while

A data breach at TJX Companies Inc. last month reportedly affected millions of past customers of the U.S. retailer, which operates numerous well-known department stores. Consumers need to remain vigilant and guard their financial records statements against wide-scale, related credit card fraud.

Last month I discussed the TJX data breach on WBZ NewsRadio 1030 in Boston, Mass., and WCBS NewsRadio 880 in New York City. First and foremost, make sure nothing is awry with your credit card statements. Watch your bank statements, too, and contact the credit bureaus to keep an eye on your records.

Identity thieves and fraudsters can do a lot with the kind of information typically lost in the type of data breach we've seen unfold these past couple weeks, and organizations that suffer massive data breaches like this often have little idea how many records of data are indeed in jeopardy. That kind of uncertainty is dangerous not just for customers, the obvious victims. Burglarized institutions then face their constituents' ire. The possibility of towering expenses related to easily justified class action suits, not to mention the hefty public relations retainer fees for crisis communication, can leave an organizations very survival in question.

Anyone possibly affected by the any large datas breach should obtain tools that help citizens to monitor their own information in the wake of such breaches. Arlington, VA-based MyPublicInfo provides such a tool, the Public Information Profile (PIP), which enables view public records connected to his name and see information accessible to other people performing background checks. This tool provides consumers with user-friendly, complete, and legally conforming personal profiles of aggregated public information.

Vigilance is the best recourse not only for the short-term, but for the long-term. Customers must take their financial information—their very identities, in fact—into their own hands. As we've seen all too often in the wake countless data breaches these past few years, when it comes to identity theft, we can ultimately count on nobody to protect us but ourselves.

2007-02-20T15:48:00.000-08:00

Desktop computer use is down, but laptop use is up

End-of-year reporting in 2006 suggested that desktop computer use is on the way down, in favor of the ever-more-prevalent laptop. Organizations that store sensitive data on theft-prone mobile computing devices must understand the implications: Mobile computers demand teh technology of security measures such as GPS tracking, encryption, and more, or data breach–associated costs will occur with growing frequency.

IDC research reported by Computerworld in September of 2005 suggested that business use of laptop computers would spread to more than 50 percent of employees within a few years, with shipments of laptops surpassing those for desktops by 2008. An article in the Dec. 18, 2006 edition of BusinessWeekOnline reported findings from the firm Current Analysis showing that laptop sales rose by 25 percent for the week ending Nov. 25, 2006; desktop PC sales dropped 2 percent for that week, and, in October 2006, were down 5 percent for the year.

Sales of laptop security technology need to increase in parallel. We must combat—and ward off—the thefts that will inevitably accompany the growing prevalence of laptop computers. The alternatives, lawsuits and recovery costs, are prohibitively expensive. We're already seeing companies paying thousands of dollars just to stop official inquiries into their laptop security practices. No organization is immune. Install simple technology, like GPS, instead. Avoid the security nightmare before it even happens.

A December 2006 article in The Boston Globe article reported a $25,000 settlement paid by Ameriprise Financial Services Inc. to settle a probe into the loss of a laptop that housed personal data on thousands of Massachusetts residents.

Imagine losing a laptop computer and only having to press a button to make the whole problem go away. That's what GPS tracking can do—no more public relations crises, no more litigious probes, and no more lost customers. Your organization has done its job, and the thief goes to jail.

Indeed, nightmares like those described above can easily be avoided with technology such as MyLaptopGPS's: GPS tracking and encryption technology as security for mobile computers. Internet-based GPS, the technology this company's product of the same name uses, is more affordable and user-friendly than other types of GPS tracking and effectively tracks lost machines.

Laptop computer security can at once be simple, inexpensive, and highly effective. The alternative is theft and its attendant, often unknown consequences, such as lawsuits and soaring recovery costs. Smart organizations expect the worst and insulate themselves for it up-front. MyLaptopGPS provides the solution these companies want, and need.

MyLaptopGPS not only tracks lost laptops with Internet-based GPS, but also installs software that encrypts and silently removes and retrieves files from the machines—at once returning the data to its rightful owner and deleting it on the stolen computer. Users can invoke MyLaptopGPS's functions remotely.

2007-02-20T15:41:00.000-08:00

Recent research and the threat of lawsuits should spur initiatives to equip laptop computers with GPS

Laptop theft is on the rise, and the research into mobile computing security reveals findings that are daunting and irrefutable: Laptop computers stand to be stolen in large numbers over the next few years, and the associated costs, including lawsuits, threaten to be a major source of frustration.

According to legal experts whose article appeared on Tech News World in mid-December of last year, California Senate Bill 1386, passed into law in July 2003 and now emulated in about 30 states, provides consumers and employees, under some circumstances, the legal basis to sue companies that have suffered data breaches. On Nov. 27 of last year Investor's Business Daily reported research from Kahn Consulting, a consulting firm specializing in the legal, compliance, and policy issues of information technology: Only 35 percent of the 80 percent of companies that equip their workers with wireless devices secure the machines.

Also cited in the Investor's Business Daily article was research from IDC, a firm headquartered in Framingham, Mass. IDC predicted that the number of mobile workers will increase by 30 percent by the year 2009, and that these added workers will see, rising along with them, the security threat to mobile computers.

Symantec has found that a laptop computer is stolen every 53 seconds, and that 97 percent of these machines lost to theft are never recovered. And research from Gartner Group has revealed that the financial price tag of laptop computer theft can exceed $6,000 for even just one machine.

I predict that more and more organizations will come to the logical conclusion: Turn to simple, effective, countermeasures such as GPS tracking and encryption technologies.

Anyone who loses a laptop computer wishes their machine had the functionalities MyLaptopGPS provides. Rather than deal with the thousands of dollars and pure headaches that come with lost mobile computing devices, smart organizations are looking at companies such as MyLaptopGPS, which offers GPS tracking and encryption technology as security for mobile computers. Internet-based GPS, the technology MyLaptopGPS™ uses, is more affordable and user-friendly than other types of GPS tracking and effectively tracks lost machines. MyLaptopGPS not only tracks lost laptops with Internet-based GPS, but also installs software that encrypts and silently removes and retrieves files from the machines—at once returning the data to its rightful owner and deleting it on the stolen computer. Users can invoke MyLaptopGPS’s functions remotely.

Peace of mind is hard to come by. For a fraction of the cost of a lost laptop computer, GPS and other technologies provide an all-encompassing solution to laptop theft so that even if your computer is stolen, it won't matter.

2007-02-20T15:35:00.000-08:00

Rising tide of targeted mobile computer thefts is grounds for equipping laptops with GPS tracking technology

A laptop computer is a potentially lucrative acquisition for any thief. In some cases they’re seeking these machines because they're determined to obtain identifiable information that facilitates identity theft, account takeover, or medical fraud. Owners need to be aware of the information on their laptops and its worth to criminals. Organizations whose proprietary and sensitive data reside on laptop computers should install on these machines affordable antitheft safeguards such as Internet-based GPS tracking, encryption technology, and systems to remotely retrieve and delete data.

One briefly unattended machine sitting on a coffee table in an Internet café may contain data worth hundreds of thousands, if not millions, of dollars to a savvy criminal. But companies like MyLaptopGPS's, whose product of the same name uses Internet-based GPS (a technology more affordable and user-friendly than other types of GPS tracking), offer hope by not only tracking lost laptops with Internet-based GPS, but also encrypting and silently removing and retrieving files from the machines—at once returning the data to its rightful owner and deleting it on the stolen computer. Users can invoke MyLaptopGPS’s functions remotely.

2007-02-20T15:29:00.000-08:00

Laptop computers bereft of GPS tracking technology are easy targets for criminals

The unsecured laptop computer is easily stolen and a goldmine for identity thieves. Owners indiscriminately store personal data of all kinds on them. The portable computer is the thief’s fantasy, but effective, and inexpensive, security exists. Anyone who owns a laptop computer should install on it affordable safeguards such as GPS tracking, encryption technology, and systems to remotely retrieve and delete data.

According to Symantec, a laptop computer is stolen every 53 seconds, and 97 percent of these machines lost to theft are never recovered. The numbers are hardly surprising. The recent statistics and ongoing news of more and more mobile computer thefts speak for themselves. The data breaches continue unabated. And now laptops are quickly becoming the item of choice for identity thieves conspiring with gangs and organized criminals everywhere. Smart organizations and individuals are protecting themselves with commonsense, affordable security that blocks the loss of personal information to theft.

MyLaptopGPS, an Oklahoma-based firm, offers just that commonsense opportunity: security for laptop computers at a cost that pales in comparison to the financial price tag of laptop theft, which can exceed $6,000 for even just one machine, according to research from Gartner Group.

Internet-based GPS, the technology MyLaptopGPS™ uses, is more affordable and user-friendly than other types of GPS tracking and effectively tracks lost machines. And MyLaptopGPS also installs software that encrypts and silently removes and retrieves files from lost laptops—at once returning the data to its rightful owner and deleting it on the stolen machine. Users can invoke MyLaptopGPS’s functions remotely.

The market is awash with an array of less-than-effective laptop computer security products. MyLaptopGPS gives a user a host of functionalities all rolled into one product, plus the peace of mind that comes from silently retrieving a laptop’s data from a remote location.

2007-02-20T15:24:00.000-08:00

Educators should to equip laptop computers with GPS tracking technology

Identity thieves will steal anyone’s identity. They especially like to prey on young people, whose credit records are still clean and useful for new car loans, mortgages, and more under fake auspices. With so much theft of laptop computers storing Social Security numbers and all sorts of other information on students everywhere, GPS tracking and other safeguards for these machines must become a priority.

MyLaptopGPS is a firm that offers a product of the same name that uses GPS to track the whereabouts of misplaced and stolen laptops. MyLaptopGPS™ employs Internet-based GPS, a system characterized by affordability and user-friendliness. Going a step further, MyLaptopGPS™ also installs software that encrypts and remotely removes and retrieves files from lost laptops—at once returning the data to its rightful owner and deleting it on the stolen machine. MyLaptopGPS does what it’s designed to do remotely, covertly, and inexpensively.

Products such as MyLaptopGPS's bring enormous piece of mind to any organization, especially one with perhaps limited financial resources, such as an educational institution. MyLaptopGPS allows responsible and conscientious educators and administrators to track stolen laptops—and protect their students’ wellbeing.

Last fall, numerous laptop computer thefts affected college and high school students:

The Associated Press reported on Nov. 14, 2006, that a laptop computer had been recovered from a student at Connors State College, a school near Oklahoma City. According to the article, the student allegedly stole the machine, which contained Social Security numbers and other identifying information on thousands of students at the school.
As reported by the Dailyrecord.com on Nov. 13, 2006, a K-8 school in Boston Township, N.J. lost four laptop computers to theft on Nov. 6. On Nov. 9, 2006, cbs11tv.com reported on the theft of 24 laptop computers from a Fort Worth, Texas high school.
According to a Nov. 7, 2006 article in diamondbackonline, the University of Maryland’s online student newspaper, laptop thefts at the school in 2006 tripled over 2005.
The Associated Press reported on Nov. 2, 2006, that a laptop computer in Philadelphia had been stolen from an insurance brokerage firm to compromise the Social Security numbers and related, identifying information on 1,200 Villanova University students.
On Nov. 1, 2006, the Dailypress.com reported that a laptop computer containing sensitive, identifying information on 4,600 high school senior ROTC scholarship candidates had been stolen from the U.S. Army Cadet Command’s Fort Monroe, Virginia headquarters.
Also on Nov. 1, 2006, the Cambridge Times, a U.K. publication, reported that a Fenland, England school that lost to burglars over the past six months £20,000 in equipment had since installed tracking technology on all its computers, including laptops.

According to Gartner Group research, just one laptop lost to theft can result in costs that exceed $6,000. Laptop theft is a potentially catastrophic expense for educators. Anticipating worst-case scenarios, smart educational administrators are turning to GPS technology so that they’ll be able to track laptop computers once these devices are stolen. And, as we have seen with the rash of laptop computer thefts affecting students, a laptop computer is easy to lose.

2007-02-20T15:03:00.000-08:00

Laptop Security Products Must Provide All-in-One Functionality

Research has continually revealed the high cost of laptop computer theft. Gartner Group research has found that just one laptop lost to theft can result in costs related to lost productivity, as well as hardware and software replacement, that exceed $6,000. Often, organizations spend much more, with untold additional funds covering the loss of data.

That's why it's heartening to see the high technology industry responding with novel ways to secure lost machines and recover the data on them. All-in-one technologies that employ Internet-based GPS tracking as well as systems for remote recovery and retrieval of data are among the best of these offerings. The financial impact of laptop loss far outweighs the nominal costs of these security alternatives.

One all-inclusive solution comes from MyLaptopGPS, a firm whose product of the same name uses GPS to track the whereabouts of misplaced and stolen laptops. MyLaptopGPS™ employs Internet-based GPS, which is affordable and user-friendly. And, going a step further, MyLaptopGPS™ also installs software that encrypts and silently removes and retrieves important files from lost laptops—at once returning the data to its rightful owner and deleting it on the stolen machine.

The market offers a number of partial answers to laptop security concerns, but GPS tracking technology needs to go hand-in-hand with the ability to remotely destroy data on stolen machines—and nobody wants to destroy the data on that laptop without first being able to retrieve the files. These are the reasons why MyLaptopGPS™ provides all three options in one package for organizations keen on improving the security of their laptops.

Laptop computers containing sensitive, identifying information on high school students and ROTC scholarship candidates. Some teaching institutions, such as a Fenland, England school that lost £20,000 computing equipment, some of it mobile have installed tracking technology on all computers, including laptops.

2006-10-30T12:57:00.000-08:00

Remote Systems for Data Retrieval and Recovery -- Not to Mention GPS Tracking -- Are Essential for Laptop Computers

T-Mobile USA Inc. just recently announced that one of its laptop computers had gone missing. According to reports, the apparent theft put past and current employees’ sensitive information, such as Social Security numbers, at risk.

Where have we heard this before? Just about every week, it seems. And it doesn't only seem this way; it is this way. And whenever a laptop computer goes missing, two primary concerns haunt the organization that owns it: the portable computer’s whereabouts and the nature of the data on it. Both problems can lead to the loss of thousands of dollars, and rarely does any organization that loses an unsecured laptop recover the machine or the data that it stored.

Even so, the installation of systems for GPS tracking and data recovery and retrieval would be simple and affordable for firms -- and would greatly mitigate the many difficulties that otherwise beset them when their laptops are lost to thieves. An organization that wants to avoid the prohibitive costs associated with laptop loss and theft, should equip its portable computer fleet with GPS tracking technology and systems for the recovery and retrieval of data.

MyLaptopGPS, an Oklahoma-based firm, uses proprietary Internet-based GPS, a user-friendly system that tracks the whereabouts of misplaced and stolen laptops more efficiently and at far less of an expense than do offerings from other GPS providers. And the company’s product of the same name, MyLaptopGPS™, goes a step further by installing software that encrypts and silently removes important files from lost laptops—returning these electronic documents to their rightful owners while placing the data out of criminals’ reach.

According to MyLaptopGPS' chief technology officer, “Why make the laptop computer thief’s job any easier than it already is? High-profile thefts can bring attention to this issue, but there’s little comfort when an enormous percentage of small and large businesses continue to sit completely idle. MyLaptopGPS turns the tables, enabling businesses to remotely, covertly, and inexpensively destroy stolen data—with or without recovering it first—and track the criminals who stole the machines in the first place.”

Studies now show that the total number of records lost this year due to data security breaches has reached 100 million. Many of these breaches have been laptop computer thefts. With so much affordable counter-theft technology available, smart organizations are investing in themselves, their customers, and employees by spending a little money up front to save everyone a mountain of money later.

2006-10-30T12:50:00.000-08:00

GPS: A Major Piece of the Laptop Security Puzzle

The past year has witnessed countless, major security breaches involving laptop computers, putting millions of consumers’ identities at risk of theft. I encourage organizations to stave off further portable computer thefts and losses by considering GPS tracking technology for their fleets of laptops.

GPS is the simplest solution for organizations trying to address their laptop computer security concerns. These machines are easy to steal and can go missing anywhere. MyLaptopGPS, an Oklahoma-based company, provides a particularly attractive form of GPS tracking as a service. If the technology is affordable, like MyLaptopGPS’, organizations are remiss not to install it on their entire laptop fleets.

MyLaptopGPS uses proprietary Internet-based GPS, an affordable technology that makes the company’s product of the same name easy to use and preferable to offerings from other GPS providers. MyLaptopGPS™ also installs software that encrypts and silently removes important files from lost laptops—returning these electronic documents to their rightful owners while placing the data out of criminals’ reach.

According to MyLaptopGPS' chief technology officer, “MyLaptopGPS allows responsible and conscientious companies to track stolen laptops. But much more importantly, it allows the rightful owners to ‘push the big red button’ and delete sensitive data from the stolen machine right under the thief’s nose, simultaneously transferring it back to a secure location. This is, by far, the most important consideration.

The past year’s spate of government data breaches recently prompted the House Government Reform Committee to investigate. As reported by CNET News, the committee found each of the government’s 19 agencies reporting at least one loss of data since 2003. Meanwhile, earlier this month the Department of Homeland Security released a report that found laptop computers at its own Inspector General’s Office in many ways unsecured. DHS’s findings followed many months' worth of incidents and worrisome revelations, including those at General Electric Co., the Commerce Department, the Veterans Affairs Department, Hotels.com, Equifax Inc., and elsewhere.

Laptops have always been a target of thieves due to their ease of procurement and resale value. In the past an organization would fret over the monetary loss of the machine. Today, the laptop’s value is equal to the cost of a press release announcing the theft of the machine’s data, plus the hundreds and thousands, if not millions, of dollars the company ends up spending to protect consumers from the theft.

2006-10-30T12:43:00.000-08:00

GPS Technology Can Greatly Reduce the Cost of Laptop Computer Loss and Theft

Research into the financial impact of laptop computer theft has suggested that the loss of just one laptop computer can cost as much as $90,000, or even more. The findings, available since 2002, further illustrate the implications of losing even just one laptop computer -- not to mention the utility of the alternative: GPS tracking technology.

Organizations faced with lost data often incur financial costs related to fines, credit monitoring for victims, public relations damage control, and class action litigation. Companies are only hurting themselves when they ignore the logical alternative to these costs: safeguarding laptops by equipping them with affordable GPS tracking technology.

The loss of a laptop computer belonging to General Electric Co., stolen (according to reports) in September from a locked hotel room where a GE employee authorized to use the computer had left it, contained the Social Security numbers of approximately 50,000 current and former employees of the company. According to the 2002 Computer Security Institute/FBI Computer Crime & Security Survey, the theft of a laptop results in an average financial loss of $89,000, with only a small percentage of the sum actually relating to the hardware cost.

The potential financial cost from this past year’s losses and thefts alone is staggering. Because of this, organizations owe it to themselves, employees, and customers to minimize the impact of laptop computer loss and theft. And yet, for a nominal monthly fee that pales in comparison to the financial cost of lost laptops, MyLaptopGPS™ uses GPS to track these machines when they are lost or stolen. The product also installs software that encrypts and silently removes the important files from them—returning these electronic documents to the rightful user while placing them out of a criminal’s reach.

GPS tracking technology solves many problems caused due to loss or theft. The simplest way for a company to keep track of laptop computers, which frequently travel with employees, is to equip these machines with GPS.

2006-10-30T12:38:00.000-08:00

GPS Tracking Will Curb the Rate of Laptop Computer Loss and Theft

News of the widespread loss of Commerce Department laptops since 2001—many assigned to the Census Bureau—has provided possible hints to explain the boom in identity theft seen these past few years, according to an authority in the field. The Commerce Department’s revelation of more than a thousand laptops lost earlier this fall, together with previously publicized research and the theft of laptops from other firms, has illustrated the need for companies to turn to solutions such as GPS tracking to curb the rate of laptops being irretrievably stolen or lost.

When you lose more than a thousand laptops—many of them containing Census Bureau data—less-than-scrupulous individuals are bound to find the information useful. With Census Bureau data in hand, the identity thief’s puzzle is a particularly easy one to complete.

Companies ought to consider solutions from providers such as MyLaptopGPS (www.mylaptopgps.com), whose product of the same name not only tracks any stolen laptop worldwide via the Internet, but also silently removes important files once the machine is stolen—returning them to the rightful user while placing them out of the criminal’s reach.

The Commerce Department released figures showing the loss of more than 1,100 laptops since the year 2001. More than half, according to reports, had been assigned to the Census Bureau. The news was no surprise:

• In May, the theft of a laptop from the Veterans Affairs Department jeopardized millions of U.S. veterans’ identities. A few months later, another laptop theft there put the personal information of additional veterans at risk.

• In June, Hotels.com reported the loss of a company laptop containing the financial records of about 243,000 customers.

• Also in June, Equifax Inc., one of the three major credit reporting companies, suffered the theft of a laptop computer containing identifying information on the company’s 2,500 U.S. employees.

And more breaches have occurred since. Laptop security needs a revamp. These machines are, apparently, difficult for organizations to track and keep. GPS and other technologies would go a long way in curbing the rate of laptop loss and theft.

2006-10-30T12:30:00.000-08:00

Laptops Are the Weak Link in Data Security

The state of data security is in shambles. Anyone who watches the news knows this.

And the policies surrounding employee use of company-issue laptops seem to be particularly lax. In fact, laptops seem to be the weak link when it comes to data security. Research continues to find that the frequency of laptop theft in the workplace is high. Companies need to guard laptops—and the information allowed to be stored on these devices—with more vigor.

Earlier this year, the Ponemon Institute LLC and Vontu Inc. released the findings of a joint survey on the state of laptop security. Of the 500 information security professionals who participated, 81 percent reported the loss of a company laptop this past year. Furthermore, 53 percent said sensitive or confidential data stored on USB memory sticks would be impossible to track. The Ponemon–Vontu research seemed to bolster findings from an October 2005 report by CREDANT Technologies. CREDANT’s survey of 283 Global 2000 professionals found them estimating that as many as 90 percent of missing company laptops house sensitive data. The respondents, who largely agreed that laptops are most likely to be lost or stolen at work, also indicated that nearly three fourths of missing company laptops are noncompliant with California SB 1386’s encryption data requirements.

We’re seeing trends in companies’ laptop security. Despite the official post-theft statements from affected organizations, these laptops seem to be in transit often, and unsecured. And they also seem to hold sensitive data that should never be stored on portable computers.

In May, the highly publicized theft of a laptop from the Veterans Affairs Department jeopardized millions of U.S. veterans’ identities. A few months later, the theft of another laptop from the same government agency put more veterans’ personal information at risk of theft. Meanwhile, in June, Hotels.com reported the loss of a company laptop containing the financial records of about 243,000 customers, and Equifax Inc., one of the three major credit reporting companies, suffered the theft of a laptop computer containing identifying information on the company’s 2,500 U.S. employees. More high-profile thefts and losses have occurred since.

Companies should physically lock access to their laptop computers and use GPS to track them. A product from Staples®, WordLock™, allows users to employ a letter password that can be reset at any time to lock a laptop computer. And MyLaptopGPS™, an offering from AIT Solutions, LLC, not only tracks any stolen laptop worldwide via the Internet, but also silently removes all important files once the machine is stolen—returning them to the rightful user while placing them out of the criminal’s reach.

2006-08-14T12:40:00.000-07:00

Consumer Trends Portend a Massive Backlash against Businesses that Fail to Implement Sound Data Security Measures

The threat of identity theft has become a given in most consumers’ minds. Merely going online, let alone making a simple purchase while on the Web, has become akin to walking solo down an inner city back alley after midnight. And yet another laptop stolen from the Veterans Affairs Department, not to mention the latest security breakdown at the Department of Transportation, only serve to chip away even further at consumer confidence. The potential costs to consumers and industry alike have reached enormous proportions. Consumers who have yet to take notice soon will—and probably the hard way.

New research last week provided insight into consumers’ attitudes about data security breaches and into the demographics of those most susceptible to identity fraud and theft. Other findings placed the annual cost to victims of cybercrime in the billions of dollars for U.S. and British citizens. And while the data mostly spell trouble for industry, some of the results suggest companies that understand the importance of security could convert the bad news to opportunity.

Research released in a flurry from various organizations last week underscored the daunting costs of cybercrime and the fragile state of consumer confidence in data security:

=>A survey of 2,200-plus consumers, conducted by Princeton, NJ’s Opinion Research Group, found more than half of respondents reporting a rise in their concerns over data security. Released on Aug. 7, the results also revealed that this heightened awareness caused 40 percent of those surveyed to halt a transaction online, over the phone, or in person. Furthermore, no single industry, brand, or company stood out when researchers asked respondents to name a most trusted.

=>On Aug. 8, the BBC News reported the results of research conducted by Britain-based market research firm YouGov and commissioned by Npower, an energy firm. One in every 10 of the 2,200 people polled believed they had fallen prey at some point to identity fraudsters. According to the findings, people under 30 years old, less prone to protect information such as the PIN numbers to their ATM cards, may be more susceptible to identity thieves.

=>As reported in the Aug. 6 edition of the Sunday Mirror, the British government has estimated the annual cost of cybercrime there to be in excess of £2 billion. On Aug. 8, an article in California’s Central Valley Business Times shared results from Consumer Reports’ “State of the Net Survey,” which found that U.S. consumers lost more than $8 billion over the past two years to cybercrime.

The these various findings, while worrisome, also present opportunities. Security consciousness has become a necessity for industry, and anyone who markets this consciousness ahead of the curve will not only retain existing customers; these sage companies will also woo jaded consumers from unconscious competitors. But only believable, strong countermeasures properly communicated to the public will work. After all, how can any company expect to conduct business, especially e-commerce, in an environment fraught with so many fears about security?

2006-08-14T12:25:00.000-07:00

Consumers Will Probably Have to Take Their Identities into Their Own Hands

Earlier this summer, one of the three major credit unions, Equifax Inc., lost one of its own laptops to theft. This event strikes like no other to the core of our data security system’s fundamental flaws. Laptops are no place for sensitive data. And the response from both industry and government to all the breaches prior and since has remained slow at best—and counterproductive at worst. Companies continue in their unwillingness to learn basic lessons. Meanwhile, we’ve seen proposals from government this summer to further restrict access to the credit freeze, a major consumer-empowering tool against identity theft.

On June 20, Reuters and others reported that Equifax Inc., one of the three major credit reporting companies, had suffered the theft of a laptop computer. The machine contained identifying information on the company’s 2,500 U.S. employees. According to the company, the laptop housed no data on the millions of consumers whose credit scores Equifax sets. The company also said the employee was not allowed to store the information on his laptop, but did have authorized access the data.

Equifax is one of the companies whose information databases determine whether we’re good enough to get credit. And yet it seems that their security measures aren’t good enough to keep their own employees’ information safe. We can only hope they will offer those affected more than "free credit monitoring for one year"—the party line, it seems, these days.

We face the cold reality that we must go without much help from industry or government in protecting our own identities. I encourage any consumer to take her identity into her own hand—before a thief takes it into his. Luckily, despite the hurdles that face us, tools are at our disposal at the individual level. We’re going to need them.

Plenty of options exist for consumers to protect themselves. Identity theft insurance, for instance, is a wise choice, and companies should consider investing in password-protected locks for their employees’ laptop computers—that is, if they make the mistake of using laptops to transport personal financial information in the first place.

The Equifax laptop theft followed the loss of a Department of Veterans Affairs laptop containing personal data on millions of U.S. veterans. I encourage all veterans affected by the multiple VA data breaches this year to immediately enroll in IdentitySweep, a service that manages subscribers’ public records while monitoring their credit card information and Social Security numbers. Veterans can go to www.identitysweep.com/vet and receive a full year’s worth of IdentitySweep for only $18, a discounted rate, from MyPublicInfo, the Arlington, VA consumer identity protection company that created the service.

2006-08-14T12:13:00.000-07:00

In Fighting Identity Theft, A Credit Freeze Beats Credit Monitoring Every Time

According to some estimates, well over 88 million Americans’ identities are at risk of theft in the wake of a steady stream of data breaches since February 2005’s at ChoicePoint Inc. The circumstances call for immediate changes to the rules that have disallowed consumers in many states from requesting a credit freeze. The credit freeze, after all, is far superior to monitoring when it comes to fighting identity thieves. A credit freeze locks access to your credit, whereas a monitoring service simply alerts you that someone has gained access. Then you still have to deal with it—and it’s a real headache. Are we going to make the credit freeze—something with teeth—available? Or are we just going to go through the motions and offer them little more than the consolation prize, credit monitoring?

Only a fraction of the country’s 50 states allow consumers to choose the credit freeze, and prohibitive restrictions in a number of those states render the option impractical anyway. As a result, activists have called for lifts on credit freeze restrictions. And yet, according to a June 16 report in the Cherry Hill Courier Post, a bill before U.S. Congress actually sought to pre-empt laws that make the credit freeze available to consumers. For this and other reasons, the Financial Data Protection Act of 2006 has drawn ire from columnists everywhere and from advocacy groups such as Consumers Union and the U.S. Public Interest Research Group.

Following the May 3 theft of a Department of Veterans Affairs laptop from an employee who took the computer home against Department policy, about 17.5 million past and current U.S. veterans found themselves at risk of identity theft. On June 22, The New York Times reported that the Department offered all affected veterans one year of free credit monitoring.

Great. Why don't we simply intruct the thieves to wait a year before using the information? Identity thieves are smart. They know how to work the system. In response, we make laws that disallow consumers from working that same system. Where’s the logic?

2006-05-24T16:07:00.000-07:00

Here's How to Deal with the Week’s Burglary of 26.5 U.S. Veterans’ Identities

This week we have heard officials of all stripes assure us that "we have no reason to believe anyone’s identity is at risk" even though a laptop with the personal identifying information of 26.5 million U.S. veterans on it has been stolen. Their words represent the party line we typically hear when a security breakdown of this magnitude occurs. Their words aren't worth the cue cards their lackeys wrote them on.

The latest big-ticket data breach has endangered not only individuals’ bank accounts, but also national security. For expediency's sake, we'll leave national security to Homeland Security; it's pretty much out of our hands now no matter how apprehensive we may be about their ability to secure the homeland. So let's focus on what we can do.

Here's my advice for companies and other large organizations that store sensitive information on laptops, machines prone to theft: Don't. Laptops are the last place any organization should be storing the personal identifying information on 26.5 million people.

If for some untenable, inexcusable reason you must use laptops for this purpose, please, at the very least, keep those laptops in a safe place and locked down when authorized personnel aren’t using them. Make sure the machines are fully secure with functionalities designed to ward off thieves. I suggest the use of products such as the Staples® WordLock™ for laptop computers, a simple and inexpensive device that allows users to employ a letter password, which they can reset at any time, to lock their laptop computers.

But now that we're already in this mess courtesy of an improperly secured laptop, I urge consumers to treat this very real threat to their identities like the emergency it is—luckily, one they can manage. Luckily, a service available to everyday consumers can mitigate the ruined credit ratings and other aftermath nightmares individual veterans might otherwise have to endure.

All of you on the list of 26.5 million affected by this week’s laptop theft should immediately enroll in a service like IdentitySweep, which manages subscribers’ public records while monitoring their credit card information and Social Security numbers. Veterans can go to www.identitysweep.com/vet and receive a full year’s worth of IdentitySweep for only $18, a discounted rate, from MyPublicInfo, the Arlington, VA–based consumer identity protection company that created the service.

The Social Security number is the key to the kingdom, and it's a number these thieves now have—along with the dates of birth for the veterans affected and for some of these veterans' spouses. Without a monitoring service of their own to fall back on, these veterans and their families will be at the mercy not only of the thieves, but of credit companies’ good will, which is likely to wane after the usual offer we’ve seen following massive data breaches: pro bono credit monitoring for one year.

Thieves are smart. They'll wait at least a year before they use the information. Identity theft has become a part of life for these veterans. It didn't have to be this way, but it is. Enrolling in a service like IdentitySweep is the best way a veteran can save his reputation now that the institutions he's relied on to protect his personal data have failed at that very task.

2006-05-10T18:45:00.000-07:00

Decrying the State of Data Security

A litany of data breaches filled the month of April. The deluge again typified industry’s seeming inability to solve the problems surrounding information security.

Infamous security breaches such as those at ChoicePoint Inc. and elsewhere happened more than a year ago. Now that we’re well into our second year of ‘The Identity Theft Apocalypse,’ I’m sure consumers are anything but pleased to learn that their personal and financial information is still out there, like loose change on the sidewalk, for the taking. After all, it’s usually identity thieves who are doing the taking.

April’s breaches ran the gamut:

=>According to a report in the April 27 edition of Newsday, the Long Island Railroad (LIRR) lost the personal information (e.g., Social Security numbers, names, addresses, and salary figures) of nearly “everyone who has ever worked for the agency”—about 17,000 people.

=>An April 26 CNET News article reported that scammers had succeeded in stealing the credit card details of 2,000 MasterCard holders. MasterCard, according to the report, said it was able to disallow activity on the accounts before the would-be online thieves could use the cards.

=>Reuters reported on April 26 the theft of a laptop computer containing the personal information of approximately 38,000 members of the health insurer Aetna Inc. Names, addresses, and Social Security numbers were among the information on the stolen computer, although an Aetna spokesperson stressed that no banking or health claim data would be available to the thief.

=>On April 14 TheHawaiiChannel.com reported that more than 40,000 Hawaii residents were at risk for identity theft as the result of tertiary activity surrounding an attorney general investigation. According to officials there, a security breach occurred at a professional copying service tasked with duplicating state employee documents that the attorney general’s office had requested for litigation purposes.

We’ve seen the loss of personal and financial records on nearly 100,000 people this April, and more than half of these went missing during the month’s last week alone. Times it by 52, and you begin to understand why identity theft is a problem requiring urgent attention.

2006-05-10T18:43:00.000-07:00

Consumer Vigilance and “Smart Suiting” of Personal Computer Security Systems Go a Long Way in Thwarting Identity Thieves

Reports last week indicated that phishers continue to exploit security flaws in news ways. Voice over Internet protocol, also known as VoIP, has become the latest target. Phishers’ ever-improving scams again underscore the need for consumer education efforts, which should promote vigilance and smart use of security technology.

Successful education of consumers is the best line of defense against identity thieves, including the ones who operate online. Consumers need to know what security technology is right for their habits.

Consumers should consider “smart suiting” their personal computer systems with software that supplements antivirus and antispyware solutions. A recent press release from Spain-based Panda Software announced availability of what the firm calls “proactive technology.” Proactive technology performs tasks that software to combat viruses and spyware does not, such as striving to recognize whether the user’s personal computer has become a zombie—i.e., one that a computer hacker uses, unbeknownst to its owner, as a server for phishing and other online scams.

Right now, consumers seem to know only so much. Their lines of personal defense are down. Recent studies and surveys suggest that industry has a long way to go in teaching consumers how to take precautions against online scams. In fact, in many cases, consumers still need to learn that they must, indeed, even take these precautions.

Such studies include “Why Phishing Works” by collaborating researchers from Harvard University and UC Berkeley and a survey of UK consumers by British firm MyCallcredit.

The research also may explain why phishers’ scams are so effective. As reported by NetworkWorld and others, a new phishing tactic has gained prevalence. Ostensibly to verify bank account information, spoof e-mails encourage recipients to call a listed toll-free number.

Phishers perpetrating these attacks set up inexpensive VoIP systems that emulate legitimate organizations’ phone systems. With the mechanics of their ruse in place, the scammers then field victims’ calls, all in an effort to fool those who dial the provided phone number into revealing personal and financial information.

Consumer education and security technology go hand in hand. But sometimes, commonsense is all you need. Vigilance is the number-one antidote to online scams.

2006-05-10T18:41:00.000-07:00

New Research into Online Threats Underscores the Need for Widespread Consumer Education

Results from a recent survey of UK consumers’ attitudes toward identity theft have shown that many underestimate the probability of the crime occurring. A joint Harvard University–UC Berkeley study, meanwhile, has demonstrated just how susceptible even a sophisticated Web user can be to a phishing attack, often the precursor to identity theft.

Education campaigns are the key to raising awareness. When even the savviest of Web users can’t recognize a crafty phishing attack, imagine how often average computer users might fall prey to online identity theft schemes. We need to undertake a massive, Apollo project–scale education effort to turn the tide.

Recently reported research suggested that only one third of UK consumers know that their risk of falling prey to identity theft is one in 1,000. British firm MyCallcredit’s survey also revealed that nearly 25 percent of respondents drastically underestimated their risk by as much as 15 times less than their actual risk.

Meanwhile, findings from a study titled “Why Phishing Works” conducted by researchers at Harvard University and UC Berkeley suggested that phishers fool even sophisticated Web users. “Good” (i.e., polished) phishing sites were effective, in fact, at fooling 90 percent of the study’s participants.

The authors of “Why Phishing Works” then collaborated to isolate the factors behind the efficacy of phishing attacks. They concluded that users’ lack of knowledge of—or an inattention to—common security indicators helped to make phishing attacks effective. In addition, “typejacking,” a tactic that replaces the key characters of a legitimate organization’s domain name with similar key characters (e.g., the use of the Arabic numeral “1” in place of the lowercase letter “l”), and other visually deceiving practices also seemed to be effective at duping users.

Is it any wonder why we need to educate consumers about the dangers they face? The task before us is monumental. Identity theft and the computer threats that facilitate this crime have been prominent in the public consciousness for years now. And yet the levels of awareness and savvy needed to thwart scammers are sorely lacking.

Fortunately, stopping identity thieves before they even have a chance to commit their crime is pretty straightforward. Comprehensive education for consumers will do it. The challenge resides in summoning the will to invest in that education, a worthy investment of time and energy.

2006-05-10T18:38:00.000-07:00

News of widespread high-tech crime has become trite and may lead to consumer apathy

According to an identity theft and personal security expert, the press coverage of identity theft, phishing scams, and other types of fraud may be reaching the saturation point. Robert Siciliano, president of IDTheftSecurity.com, said the problem now runs the risk of becoming mere background noise to a public that feels helpless and may have a short attention span.

How are we going to publicize the threat of identity theft and other high-tech crimes in a way that leads to improvement, not apathy? The only way consumers will get effective tools to combat high-tech crime is if the threat remains a primary concern for consumers. Big companies answer to their customers, investors, and nobody else.

=>On March 22, The Boston Globe and others reported the loss of a laptop computer from Fidelity Investments, the Boston, Mass.–based financial firm. The computer, according to the article, held personal data on 196,000 retirement account customers.

=>NBCSandiego.com reported on March 24 reported on an apparent software glitch that caused the State of California to inadvertently send “64,000 tax forms containing Social Security numbers and income information to the wrong addresses.”

=>A March 24 report that aired on KSBI-TV 52 in Oklahoma detailed a social engineering scam involving phone callers who have stolen a number of unsuspecting citizens’ identities. Accusing the victims of missing jury duty, the scammers have managed to compel those they call to reveal identifying data.

=>Numerous news media outlets have reported that the Internal Revenue Service is warning taxpayers to beware phishers whose e-mails masquerade as IRS communication and ask for financial information.

A lot of people just want this problem to go away. Those who might have to take the blame for a general lack of security might in fact choose, at this point, to let news of identity theft and similar crimes saturate the news media.

The notion of an intractable high-tech crime problem might compel consumers to tune out. The voices for change would retreat, and the pressure to fix things would subside. After all, it costs money to beef up security.

2006-05-10T18:35:00.000-07:00

Consumers Can Easily Learn How to Spot and Avoid Online Criminals’ Traps

Hackers remain steps ahead of watchdogs even as industry groups have succeeded in shutting down online criminal operations. Self-policing actions on the part of industry are a step in the right direction, but consumer awareness and education represent the best path to security against hackers, who invariably rely on their victims’ lack of vigilance.

Most malware, spyware, and viruses can ruin a computer and steal the owner’s valuable identifying information. Easy for the trained person to spot, these threats benefit from a civilian computing culture of ignorance and carelessness.

On March 8 TechWeb reported industry self-policing activities that thwarted hackers’ activities. According to the article, U.S.-based RSA Security collaborated with Panda Software, a company based in Spain, to shut down a number of Web sites that were selling readymade Trojan horse–style viruses custom-made for identity theft and other unscrupulous activities.

Typically, consumers only invite malicious code onto their computers if nobody has taught them what to watch for. While a number of companies may be well-equipped to ferret out and thwart hackers at the source, the best route for us all to take, economically speaking, is the education of end users. Policing efforts, no matter how aggressive, will always remain steps behind cybercrooks, whose tactics continually evolve.

Also on March 8, an article in the Channel Register, a publication based in the UK, described the success phishers have had with “smart redirection,” which helps phishers, who typically run multiple sites related to one spoof, to keep track of their sites’ availability. When the victim clicks on a malicious link, smart redirection figures out which of a phisher’s sites have evaded shutdown and points the doomed browsers only in the direction of sites that remain live.

Phishing tactics continue to grow in sophistication. But the fact remains that a phishing e-mail, the requisite precursor to the phisher’s criminal activity, is telltale. No reputable banking or other financial institution requests sensitive information from its customers via e-mail. Any consumer can learn to spot and avoid the facades the veil malicious code.

2006-05-10T18:29:00.000-07:00

The Theft of Consumers’ PIN Numbers from a Major Bank Shows High-Tech Fraud Knows No Bounds

High-tech thieves hacked the computer systems at Citibank in March and made off with countless ATM cards’ PIN numbers, four-digit consumer security codes previously considered impervious to attacks. No system of security is foolproof. Any tendency to believe so breeds complacency, the key ingredient online identity thieves and others need in order to operate under the radar.

We need to lose the Titanic mentality when it comes to high-tech crime. How many times do we need to hit an iceberg before we alter our course? Anything can happen and will. No computer system is immune. Even the tried-and-true PIN number method of security can sink.

According to a March 9 report in InformationWeek, the PIN number scam that Citibank experienced affected additional institutions: Bank of America, Wells Fargo, Washington Mutual, and smaller banks. Thieves apparently hacked into an “as yet unknown system” to pilfer all the information they’d need to make use of victims’ ATM cards, which the article described as the “data stored on debit cards' magnetic stripes, the associated 'PIN blocks,' or encrypted PIN data, and the key for that encrypted data.”

A Gartner Research analyst remarked that the industry had always thought PIN numbers would be safe from hacking attacks, but the InformationWeek article went on to explain how retailers’ infrastructure can undermine PIN security. Stores’ computer data storing systems can play fast and loose with the PIN numbers consumers leave at the point of sale. ATM machines are largely secure, but checkout line PIN use can be risky.

One of the problems with identity theft and related fraud is the sprawling transactional system we use for retail. Point-of-sale transactions occur every second across a nation bursting at the seams with retailers ranging from large chains to mom and pop shops. This yields a large quantity of personal financial data, and no standard seems to be guiding retailers in the safekeeping of this information. Without standardization of security, the quality of security is bound to vary wildly and collapse in failure.

Commonsense indicts organized crime rings such as Webmobs in sophisticated breaches such as the PIN-related thefts at Citibank. And recent reports have indicated that identity fraud–related organized crime continues to flourish. A March 6 Denver Business Journal article documented the shenanigans of a Mexico-based crime family whose alleged fake ID operations reach into 33 states. According to law enforcement officials quoted, the group’s infrastructure is robust.

As many have noted, identity theft, fraud, and related online theft all threaten not only our finances, but our national security. Lax policies may cut costs in the short term, but in the long run consumers lose money, and we all lose our security.

2006-02-19T09:42:00.000-08:00

Research Supports the Accuracy of a Security Industry Expert’s Prediction: Public Is Ready for GPS Technology

Recently announced research supported a nationally televised security industry expert’s assertion that the public is ready for GPS. The Boston University–led survey found a large percentage of respondents receptive to the notion of surveillance in the form of consumer-friendly P2P devices. The findings provided insight into effective strategies for marketing GPS technology to consumers.

GPS manufacturers who want to saturate the market face one remaining challenge. They must gain favor with consumers, and they’ll do this by marketing safety.

Graduate students at Boston University’s College of Communication conducted their research online. Conducted by graduate students, the study looked at 523 online adults’ receptivity to Person-to-Person (P2P) surveillance of loved ones and found 32 percent “likely to use such devices themselves.”

With research findings like this on their side, P2P device manufacturers should go to market en masse this year. The everyday consumer’s possible lack of preoccupation with privacy issues may be incongruent with professional privacy advocates’ agendas.

Verizon Wireless recently announced plans to market a P2P device. The company’s GPS-equipped cell phones will allow parents to track teenagers’ whereabouts.

People choose safety over privacy every time. Those pursuing the market for GPS technology can embrace this notion. GPS manufacturers will gain favor with consumers as safety enablers, not as an invaders of privacy.

Once the public becomes comfortable with GPS, the floodgates will open. Without fear of backlash, consumers, law enforcement officials, and manufacturers alike will then be free to adopt and provide GPS for its many uses.

GPS offers clear benefits for the law enforcement community. On Feb. 7, The Associated Press reported that police in Southern California are turning to GPS technology to curb high-speed pursuit. According to the article, a small number of police cruisers there will receive the StarChase systems, which allows users to shoot GPS-enabled darts that stick to fleeing vehicles.

GPS is the security industry’s ‘killer app,’ the breakthrough that will change everything. Professionals in security have always dreamed of a solution that would make the bad guy’s job impossible. That solution has remained elusive until now. GPS has the potential to make crime as we know it extinct.

The law enforcement market segment is ready to embrace GPS technology, the ‘killer app,’ with abandon, and consumers interested in safety will continue to recognize the technology’s benefits. Manufacturers will position themselves to profit from these opportunities, and, as counterpoint, privacy advocates will react by decrying the dangers that GPS poses to our civil liberties. But the market, which comprises all these factions, will make the final decision.

2006-02-09T10:14:00.000-08:00

Netizens: Protect Your Privacy; Providing a Personal Phone Number Online Makes the Online Criminal’s Job Easy

For millions seeking their perfect partner on social networking Web sites or advertising through an online or print classified ad, the act of sharing your personal phone or cell number can mean trouble.

This seemingly harmless action can turn into a bonanza for crooks and a nightmare for the innocent, as new Web sites make it easy to reverse-search your home and cell phone numbers to locate your name and address. I encourage online daters and classified advertisers to post and share disposable phone numbers, like myprivateline.com and myclassadd.com, which can forward your calls to wherever you are.

Consumers of all ages should take extra measures to protect the privacy of their cell and home phone numbers. Predators can use a phone number to track someone down. Thieves can use it to locate additional information necessary to steal a person’s identity.

Use disposable phone numbers from companies like PrivateTel (www.privatetelsolutions.com), the leader in an emerging privacy-related personal telecommunications marketplace. A disposable phone number that forwards to your home or cell phone number makes your actual number untraceable. At myprivateline.com and myclassadd.com, disposable numbers can be obtained online in a few minutes, giving citizens a new tool in their personal privacy protection arsenal. These solutions are for everyone who wants to post a phone number at online social networking sites and for individuals or businesses that want to include phone number in an online or print classified ad.

The Social Security number is the key to the "Kingdom." This is why identity thieves love it so much. But it’s not the only number consumers should guard. Keeping your phone numbers private is the best protection against crime.

Crime, especially identity theft, is likely to explode when, for a fee, almost anyone can obtain your cell phone logs or sensitive financial information. Tools exist for people to protect themselves. Now is the time.

2006-02-09T10:02:00.000-08:00

The Use of Global Positioning System Technology Will Gain Major Acceptance This Year

News revealed a number of developments in GPS earlier last month. Among these was Verizon Wireless’ decision, reported in Red Herring on Jan. 19, to market to parents a GPS tracking system for them to track their teenagers via cell phones.

Global Positioning System tracking technology will explode as 2006 unfolds. Most people are ready to welcome this technology into their lives. GPS will take the first steps this year toward becoming second nature to us, a must-have just like the phones and other devices that will include GPS technology in them.

The march has already begun. Cars with satellite radio are virtually preconditioned for GPS. Most people with late-model cell phones have the capability to be outfitted with it, and a recent story on CNN’s ‘Headline News” showed how anyone with even an old cell phone can be tracked through simple cell phone tower communication.

Some uses of GPS are logical and offer society benefits that meet little, if any, resistance.

On Jan. 21, The Albuquerque Tribune reported that New Mexico’s Bernalillo County has implemented a GPS program that uses cell phones and ankle bracelets to track repeat violent offenders who might violate restraining orders. According to the article, other counties across the country have adopted similar programs that rely on GPS.

A Jan. 20 report in the Seattle Post-Intelligencer gave information on pending GPS legislation in Washington State. The proposed laws would, according to the article, “mandate GPS monitoring for registered sex offenders across the state and set up a GPS pilot program for homeless sex offenders.” Rep. John Lovick, Democrat for Washington State’s Mill Creek district, has sponsored the bills.

GPS systems are the troublemaker’s worst nightmare. Tracking software does not lie, and the days of teenagers coming home late and making up stories about where they’ve been are nearing an end. And criminals may as well hang up their hats and go home. Their careers are over.

GPS tracking systems won’t need to become popular to gain ubiquity. This is a technology that will spread regardless of whether consumers ask for it. Default marketing via the popular culture will bridge any remaining gaps between fear and acceptance.

In an episode about a teenage daughter going out on a date with a much older young man, “Hogan Knows Best,” a surprisingly real “celebreality” show on VH1, presented the idea of GPS tracking.

GPS can strengthen trust and understanding between parents and their children and between society and law enforcement. And, from a perspective of pure convenience, GPS stands to revolutionize the way we keep tabs on one another.

2006-02-09T09:41:00.000-08:00

Identity Theft on Youth-Oriented Online Communities Is a Wake-up Call for the Industry

The Christian Science Monitor reported on Jan. 30 that young people are increasingly becoming a prime target for identity theft. Other reports have linked identity thieves with popular sites such as MySpace.com and Facebook.com.

I think the news gives those who run online communities geared primarily for youth a prime opportunity to beef up their security. We give lip service to the notion of protecting our children from danger. Teeming online youth communities can be great outlets for creativity and social growth. Let’s not allow these sites to become great outlets for identity thieves, too, who want to hide behind these benefits.

According to the Christian Science Monitor article, US Federal Trade Commission logs are suggesting a steady rise in identity theft against young people. Other articles in student-run college publications—such as a Jan. 25 report in The Daily Colonial and a Jan. 30 story in The Dakota Student—have specifically shed a light on the dangers of identity theft for people who use sites such as MySpace and Facebook. Users tend to give little thought to posting large amounts of personal information.

Young people have grown up with the Internet and trust it, especially when a site is well-known. Juxtapose this with the common denominator among nearly all online identity theft scares this past year: careless posting of sensitive information to the Web. You have a recipe for disaster. It’s just one more reason why we shouldn’t be surprised at all that youth are a prime target of identity thieves.

And the carelessness again extended beyond the Internet. The Associated Press reported on Feb. 1 that issues of The Boston Globe and the Worcester Telegram & Gazette arrived at subscribers’ homes that day with credit card numbers and other sensitive information inadvertently included on home address stickers.

Protection against identity theft and online predators doesn’t have to be complicated. It doesn’t even have to cramp anyone’s style all that much. But we do need to pay attention. Leadership and a sense of responsibility from industry will help us to meet these growing challenges. Legislative responsiveness wouldn’t hurt, either. And commonsense behavior on the part of consumers is always critical.

2006-01-14T04:03:00.000-08:00

Federal Government Web Site Vulnerabilities Revealed in Recent News Reports Lay Bare the Sad State of Data Security

Security vulnerabilities that recent reports have revealed about federal government Web sites are unacceptable. The news, combined with ongoing corporate greed and negligence, bodes ill for the state of data security in a computer environment teeming with identity thieves.

Negligence and ignorance, not to mention greed on the part of industry, are horrible excuses for identity theft. We are seeing outrageous, unnecessary levels of incompetence and inattention.

On Jan. 13, The New York Times reported a security hole discovered at the General Services Administration (GSA). Government contractors’ financial information was found to be viewable and modifiable at the GSA’s Web site. The story followed news last week in Wall Street & Technology reporting Social Security numbers had been displayed at the U.S. Department of Justice’s Web site.

I have appeared on CNBC’s “On the Money” multiple times over the past two weeks to discuss identity theft. The rampant, out-of-control use of the Social Security number as a primary identifier and multipurpose account ID is unnecessary. The situation these practices breed makes the identity thief’s job easy.

A recent article in Bankrate.com titled “Hijacking your Social Security number” provides a history explaining how the Social Security number has evolved to become a universal, all-purpose identifier. According to the Wall Street & Technology report, the Privacy Act aims to block the kind of Social Security number breach seen at the DOJ’s site but “is frustratingly fuzzy and comes with a dozen exceptions.”

Obviously, the Privacy Act is often misinterpreted or not enforced. If we want to stop identity theft, we need to make sense and use common sense. We need to make our own rules and tactics clear-cut.

We have no choice but to give large organizations our personal identifying and financial information. In return, the least that government and industry could do is to safeguard our information. And yet, despite all the high-profile breaches we’ve seen, we also see a continuing failure to implement simple measures that would curb the problem.

2006-01-14T03:57:00.000-08:00

Credit Monitoring and Similar Services that Protect Small Business Owners and Others Deserve More Attention

Identity theft can be a catastrophe for small business owners, but credit monitoring and other solutions can ward off the crime or minimize the fallout that follows. The new year has already seen reports that larger companies recognize the potential such services pose in helping small businesses and profit margins at the same time.

Credit monitoring and other services protect the small business owner when thieves compromise her identity. Other products can help civilians to track their identities and thwart beginning-stage thefts. These services all deserve attention.

A report in the Jan. 1 issue of the Orlando Business Journal indicated that at least one company now sees the value in publicizing and offering identity theft protection services. According to the article, The Hartford Financial Services Group Inc. has made identity theft insurance available on “all its new or renewed small business policies."

I appeared on CNBC’s “On the Money” on Jan. 3 with representatives from Allstate Insurance to discuss credit monitoring and identity theft insurance. It’s time for industry to revisit its efforts to promote credit monitoring and similar services. For a long time, I’ve informed those who attend my identity theft workshops of the many products available to them. These services have existed for years. Many people are unaware of this, but I always encounter huge demand.

Other, similar services, which I offer through my Web site, have been available for a while:

=>MyPublicInfo, an Arlington, VA–based identity management company, provides the Public Information Profile (PIP), a tool that can be very useful in tracing the public “threads” that run through our lives. Anyone who obtains a PIP can view public records connected to his or her name and also see information accessible to other people performing background checks. Citizens can use their PIP to make sure their identities are in order.

=>Kroll Background America, the world’s leading risk-consulting company, provides the Identity Theft ShieldSM. The product includes continuous credit monitoring; access to Pre-Paid Legal Services®, Inc., an affordable attorney service; and identity restoration assistance should the customer’s ever be stolen.

=>MyPrivateLine (MPL) is a service offered by PrivateTel and available through www.MyPrivateLine.com. An identity thief can learn a great deal from little information. This information could be as simple as a phone number. MPL ensures the last bit of privacy protecting a phone user’s identity. A single person can use MPL when communicating via phone through online social sites. Business owners can use MPL, too, when they want to list untraceable toll-free phone numbers for classified ads.

News reports about the suspected theft of millions of identities last year gave the impression that consumers were helpless. Yet the best bulwark against identity theft is indeed the consumer. We need to educate consumers on what’s available to them to stop this crime where the rubber meets the road.

2006-01-14T03:52:00.000-08:00

A Data Tape Fumble and Major Computer Hack Job Cap off a Year Fraught with Large-scale Security Breaches and Whispers of Massive Identity Thefts

Reports in December described the loss of customer data tapes from a large mortgage company and revealed that hackers had managed to infiltrate the database of a company that itself investigates computer hacking incidents. The developments were fitting ways to cap off a year that was swimming in security breaches and identity theft. I see little improvement in the ways industry protects our data.

News of the ChoicePoint breaches broke in February of last year. Then we heard about the scare with Bank of America tapes, Social Security numbers of Boeing employees, everything in between, and now the latest. It’s like nobody has learned anything.

MSNBC and others ran articles late that month piecing together the apparent loss by delivery firm DHL and subsequent retrieval by the proprietor, a mortgage company, of computer tape containing data on 2 million mortgage customers. According to accounts, Dutch-owned ABN Amro Mortgage Group Inc. later reported the retrieval of lost computer tape that had entered transit via DHL on Nov. 18, more than a month earlier.

These companies should treat this data as if it were money to be transported in an armored vehicle. Imagine if millions of dollars were transported via a run-of-the-mill delivery truck.

Companies are cutting corners. It costs money to expand the capabilities of in-house server backup. Taking chances with the transit of consumers’ data costs industry less to low-tech warehouses is less expensive.

And people should be asking why the credit bureaus aren’t providing transport vehicles. Credit bureaus require the tapes but don’t seem to chip in with transportation costs.

The Washington Post then reported that hackers had compromised the database of Guidance Software, a Pasadena, Calif.–based company whose purpose, ironically, is to diagnose hacked computer systems. According to the article, Guidance’s database contained sensitive identifying information on thousands of those working in law enforcement and network security.

To Guidance’s credit, the company was prompt in notifying customers of their compromised identities. This is more than can be said for most other companies this year plagued by security breaches. Beyond the irony behind Guidance’s problems, we see just how perilous computer security really is. Everyone’s identity is on a computer, somewhere, and it seems like the information is fair game if you’re a smart enough hacker.

Industry needs to be in crisis mode, but doesn’t seem to be. Companies continue to handle our data just as they have for years despite the obvious threat exemplified by multiple high-profile breaches this year. How many second chances are we going to give them?

2005-12-12T07:30:00.000-08:00

The Holiday Shopping Season Is Open Season for Identity Thieves

Surveys last month predicted that online shopping would enjoy a jump in popularity this holiday season, now well underway. Research, reported early this week, indicated that the increase over last year’s numbers could be significant. The news of this data underscores a need for consumer vigilance, according to a security industry expert; identity thieves certainly are scrambling for the possible bonanza awaiting them.

Whenever a consumer reveals her credit card or banking account number during a shopping transaction, she leaves herself vulnerable to identity thieves. It is critical for consumers to shop wisely by treating their personal information as they would anything else they consider valuable.

The Dallas Morning News and others have reported research from comScore Networks, a “global information provider and consultancy.” The findings show that sales online this holiday shopping season will see a 24 percent increase over last year’s numbers. Although the online medium remains a niche for holiday sales, the percentage rise translates to more than $15 billion.

A survey by Harris Interactive (commissioned by Sun Microsystems), as reported by PC World on Nov. 29, forecast similar jumps in online shopping for the 2005 holiday season. Of the 2000 survey respondents, 67 percent said they would cease shopping at an online retailer if they were to learn their personal data had been compromised. A survey from Forrester Research, also cited in the PC World article, produced comparable findings.

When research suggests that consumers are wising up to identity theft, it is good news, especially during the holiday season. But other news suggests that companies are still not doing enough to safeguard the identities of those who shop online. Companies needs to catch up, or those selling in an important market niche, the Web, will go out of business.

On Nov. 26, The Wall Street Journal looked at Congressional effort to combat identity theft. The report suggested that elected officials are fighting resistance from various industries, and in-fighting within certain industries is slowing progress. For instance, according to the article, small banks are fighting large banks over reissuing costs associated with credit card and debit card replacement—often one of the first activities to follow identity theft once a victim finds out about the crime.

If industry wants to have petty arguments and play chicken with consumers’ personal financial information even as elected officials try to fix the situation, then companies that mishandle this sensitive data deserve to go out of business.

Industry has been negligent for quite some time. And yet their marketers simultaneously -- and heavily -- promote the notion of shopping online for the holiday season. The threat they have all created, to the economy and national security, is severe.

2005-12-12T07:27:00.000-08:00

Fear of Identity Theft among Consumers Leaves Industry with no Choice but to Implement Multifactor Authentication Measures

Studies are finding consumers increasingly apprehensive about identity theft to the point that fears may threaten the profitability of e-commerce. The threat of falling prey to this crime may be precipitating a drop in the numbers of those who shop and bank over the Internet. It is a situation that jeopardizes earnings for the holiday season and over the long term, and the push for multifactor authentication, which goes beyond the familiar username–password system to verify identities online, is underway.

Little overhead is needed for companies to implement multifactor authentication systems right away. Any company that conducts business online should implement multifactor authentication immediately to combat consumer unrest, which threatens long-term profitability.

On Nov. 8, Reuters reported on an October 2005 survey by Entrust, Inc., which found security concerns among consumers. Eighteen percent of Americans surveyed who had banked online are doing so less often, or not at all, as a reaction to the current climate, which shines a spotlight on identity theft. A full 94 percent of respondents expressed openness to additional security online to counter the problem.

Trends suggested by Entrust’s survey are not new. Over the past year, Gartner Research; TNS, a marketing information company; TRUSTe, a nonprofit dealing in online privacy; and others have conducted studies indicating a fall in online consumers’ numbers and/or a rising fear over identity theft and other online threats.

Industry is running out of time to salvage public opinion. To combat identity theft—and, in turn, a snowballing loss of business—online banks and others must implement weighty, tangible measures that consumers will perceive as adequate.

The same Reuters article reported that the Federal Financial Institution Examination Council has “ordered banks to tighten online access by late 2006.”

Simple multifactor authentication measures might require consumers to reveal their favorite colors and pets’ names along with passwords. The cost doesn’t have to be huge, and any investment in multifactor authentication is preferable to the permanent loss of revenue should consumers flee the Internet for good.

What’s great about multifactor authentication is its ability to evolve. It’s a long-term answer to the problem of identity theft. Fingerprint readers and other advanced technologies will enhance multifactor authentication’s effectiveness. Once these kinds of devices become more widely available for home computers, the identity thief’s task will evolve, too—into something much more difficult to undertake.

2005-11-11T13:52:00.000-08:00

10 Tips to Avoid Becoming Victims of Identity Theft

With news reports of industry facing more and more scrutiny over identity theft, fundamental change in protection from this crime may be on the horizon. The development is welcome, but the temptation to let others handle a seemingly intractable problem is strong and plays into thieves’ hands.

We hear about multifactor authentication technology and laws forcing companies to inform the public. And it’s not that these are bad ideas, but the temptation is to view them as panaceas, which just isn’t true. Nothing done from the top down will be a cure-all for identity theft. We must accept responsibility for our own identities.

I suggest the following for consumers wondering how to protect themselves against identity theft and other security threats of the high tech world:

1) Use a free e-mail address for transactions. This will make it a lot tougher for thieves to trace your name back to financial information. As an added bonus, the practice provides added protection against online stalkers.

2) Track your identity before something goes awry. Tools are available. MyPublicInfo (MPI), for instance, provides the Public Information Profile (PIP), a tool that helps to trace the public "threads" that run through our lives. The PIP aggregates public information from disparate sources into a complete and legally conforming personal profile. Through my Web site, I provide a link to more information about the PIP.

3) Avoid following links or buying from e-mail spam, which could really be a message from phishers, those who send “spoof” e-mails that masquerade as legitimate messages.

4) Enter your personal information only at familiar Web sites. Charlatans known as pharmers can redirect a DNS to a fake site designed to steal information. Exercise extra precaution by making sure the site features https—not simply http.

5) Use a double-blind, untraceable 800-number if you date online or must post a phone number to the Web or to a classified ad. Thieves and online stalkers can find out where you live and just about anything else from a home phone number. Companies such as PrivateTel (www.privatetelsolutions.com), NetworkIP (www.networkip.net), and others provide applicable 800-number services.

6) Never provide your Social Security number. Most of the time, the information is unnecessary, making any request for it suspect. Exceptions include when you call your credit card company for information, and the organization asks for the final four numbers of the number.

7) Beware social engineers, identity thieves who gain victims’ trust before stealing personal and financial information. Social engineers use psychological techniques to give themselves a veneer of legitimacy. For instance, they may claim to work for charitable donations. Typically, they solicit via phone.

8) Whenever possible, use a credit card instead of a check. Should thieves get hold of your credit card information, you will encounter far fewer obstacles as you rectify the situation. With your checking account information, thieves can get your money for good and leave you bereft of recourse.

9) Avoid the use of a cordless phone to communicate details of your personal and financial information. Thieves can easily intercept conversations from cordless phones, which are susceptible to widely available eavesdropping technology.

10) Vary the passwords you use. By having only one or two passwords for all your online access, you make the identity thief’s job easy.

BONUS TIP: One of the major ways identity thieves obtain your information is by infiltrating your computer with spyware and viruses that record keystrokes and lift data from your hard drive. Install at least one anti-spyware program and run a sweep once per week. Run an effective virus shield at all times, and use a reliable firewall.

By taking a number of simple steps, you can greatly reduce your risk of becoming a victim of identity theft. Nothing thwarts the identity thief like the well-informed, cautious consumer.

2005-11-11T13:43:00.000-08:00

The Push for Multifactor Authentication in Online Transactions Will Help to Stop Identity Theft

The online security most people know, username plus password, is one-factor authentication. It’s a combination that cannot withstand the threat of online identity thieves, who easily crack the one-factor system. Multifactor authentication does a much better job of counteracting the sophistication of identity theft. Reports indicate federal regulators have recognized multifactor authentication’s promise and have put the banking industry on notice to implement multifactor technologies. It’s a savvy move against a prolific crime.

Multifactor identification is the best, most accessible weapon we have against identity thieves. The banking industry—in fact, any industry that conducts transactions online—owes the public the protection from identity theft that multifactor authentication provides.

Multifactor authentication calls for additional verification, beyond the security of a password, from the consumer. An Oct. 27 article in InformationWeek’s Wall Street & Technology [link unavailable] reported that regulators from the Federal Reserve and Federal Deposit Insurance Corp. have given “banks until the end of 2006 to implement two-factor authentication.”

Consumers cannot give multifactor verification for their transactions unless the companies with which they transact make it possible. And for this, regulators are right to require two-factor authentication. Consumers can do a number of things to protect their identities online, but the onus of responsibility for stopping identity theft is with industry.

Two-factor and multifactor authentication have been gaining momentum for a while. The October 2005 issue of Banking Technology [link unavailable] reported that the bank Lloyds TSB will be conducting a two-factor authentication trial with 30,000 of its 2 million customers.

The push for two-factor and multifactor authentication has been growing for a while, and with good reason. Studies will probably lend credence to multifactor authentication’s benefits.

We simply cannot fight identity thieves anymore with passwords and usernames. To try to do so is silly. Just like signatures, our antiquated system for authenticating off-line transactions, usernames and passwords are quaint ways to protect ourselves against criminals in today’s online environment.

2005-09-15T05:55:00.000-07:00

Hurricane Katrina Has Greatly Elevated the Risk of Identity Theft

Phishers are already preying on its victims. Courthouses and other buildings housing individuals’ public documents no longer stand, and paper is everywhere. Social Security cards, birth certificates, and other identifying documents are floating in the floodwaters. The circumstances are ripe for identity theft and call for a renewed wake-up call on fraud.

Identity thieves couldn’t ask for a better opportunity. Many victims lack identification, yet it goes without saying we must help them. Thieves know this and will exploit the situation.

MyPublicInfo, an identity management company, provides the Public Information Profile (PIP), a tool that can be very useful in tracing the public "threads" that run through our lives. Citizens can use their PIP to see their public records and make sure their identities are in order. Anyone can obtain a PIP by visiting my Web site, www.idtheftsecurity.com, and clicking on the “MyPublicInfo” logo.

A PIP helps in two ways. Anyone who obtains one can view public records connected to his or her name and also see information accessible to other people performing background checks.

On Sept. 6, an Associated Press report [to gain access to the article, must view a short advertisement] by Jennifer Kerr focused on the pervasiveness of floating debris that litters the Hurricane-afflicted region. Much of this debris displays personal, financial, and other identifying information. A Sept. 9 story that ran in All Headline News reinforced the reality that victims of this hurricane are now highly susceptible to identity theft and fraud.

We’ve heard on the news that the Gulf Coast has been through two disasters in just two weeks. First, the storm hit. Then, we all witnessed a painfully slow response to the unfolding danger in New Orleans. Let’s make sure we stop a third disaster, the possible flood of identity theft in Hurricane Katrina’s wake, before it strikes us out.

According to Dr. Harold Kraft, CEO of MyPublicInfo, "An event like Hurricane Katrina brings with it numerous challenges, as we have all seen. One of these, daunting as it is, will be the retrieval of public records. Anyone hit by this disaster needs to consider jumpstarting the process of verifying his or her identity."

It’s just as important as finding shelter. Public records, personal financial information, and other important documents are strewn, for everyone to see, across an area the size of Great Britain. There’s no telling how many of Katrina evacuees will find that their identities have been compromised by thieves.

Those who have tried to help with their money are also encountering scams. A Sept. 8 New York Times article [article no longer available for viewing] by Tom Zeller Jr. explored the wide variety of online con jobs masquerading as legitimate hurricane relief sites. Many sprouted almost immediately following the disaster.

The aftermath of Hurricane Katrina is starting to look a lot like what happened after the Tsunami earlier this year. It’s a shame that we have to think about thieves at times like these. It’s also the reality.

2005-09-11T10:30:00.000-07:00

Citizens can avoid identity confusion by routinely checking their public dossiers

Identity confusion can cost its victims access to insurance, mortgages, leases on apartments, or even job offers. When names are similar, background checks can fail to distinguish the criminal's record from the law-abiding citizen's. Consumers must check their public records regularly to catch the mistake before it happens.

Imagine losing a job offer because some public official sees a criminal's dossier and thinks it's yours because the names are similar. This is why it is so important for a citizen to check her public dossier on a regular basis.

Arlington, VA-based MyPublicInfo provides the tool to do so: the Public Information Profile (PIP). Citizens can obtain a PIP by going to my Web site and clicking on the "MyPublicInfo" logo. The PIP helps in two main ways. Anyone who obtains one can view public records connected to his name and see information accessible to other people performing background checks.

You pay your bills on time and take pride in being a law-abiding citizen. Then, some dreg of society comes along and ruins it all. Whether it's identity theft or mistaken identity, a citizen in these instances is essentially burdened with being guilty and having to prove innocence.

A recent article in The Reidsville Review chronicled the travails of a woman with multiple last names from previous marriages. To rent a new apartment, she needed a background check. Officials ended up confusing her, a law-abiding citizen, with another woman whose similar name pulled up a public record detailing a penchant for writing bad checks. The embarrassing and reputation damaging mix-up took many hours to resolve.

According to Dr. Harold Kraft, CEO of MyPublicInfo, "Identity confusion is just one of the problems the PIP helps to combat. The PIP also enables citizens to be proactive in catching criminal activity committed in their names. It is time-consuming to rectify even the honest mistakes that public officials are bound to make."

MyPublicInfo's PIP gives consumers unique and unparalleled access to their public records. It is the first tool to provide consumers with user-friendly, complete, and legally conforming personal profiles of aggregated public information.

Wilmington, NC's "WECT News 6" reported the plight of a North Carolina man, Kevin Horn. His public record showed the criminal history of his high school classmate, who has used Horn's identity as a cover for the past 10 years. According to the report, it has been challenging for Horn to get jobs and insurance.

Citizens need to start thinking about identity upkeep. The price of inaction can be a real-life nightmare. Keep tabs on your public records. Watch your credit reports. Expect the worst and check for evidence of it regularly. Only then do you stand a real chance of avoiding misfortune.

2005-08-23T07:11:00.000-07:00

Citizens Have a New Tool to Help Them Take Control of Their Identities

Identity theft affects more than credit scores and bank accounts. By assuming another's identity, someone can commit crimes of all sorts and never face the consequences. The aftermath of identity theft can affect a person's job and reputation for years to come, with no easy way to repair the damage.

It's the job of all citizens to monitor activity taking place under their names. Arlington, VA-based MyPublicInfo provides the tool to do so: the Public Information Profile (PIP), available at my Web site, http://www.idtheftsecurity.com. You can obtain a PIP by going there and clicking on the "MyPublicInfo" logo.

Every citizen has a responsibility to stave the identity theft pandemic. While we all have the right to expect industry and government to rise to the challenges of identity theft, we can -- and must -- do a lot, ourselves, to make sure nothing is awry with our identities.

MyPublicInfo's PIP gives consumers access to their public records. The tool helps them in two main ways. Anyone who obtains one can view public records connected to his name and see information accessible to other people performing background checks. It is the first tool to provide consumers with user-friendly, complete, and legally-conforming personal profiles of aggregated public information.

According to Dr. Harold Kraft, CEO of MyPublicInfo, over the past year, the rash of data thefts has led consumers to feel powerless. "The PIP, checked regularly, empowers consumers; peace of mind no longer depends on the whim of an identity thief."

Terrorists could enter the country under stolen identities. I can't think of a more intuitive, comprehensive way than the PIP tool for American citizens to take control of their identities and help Homeland Security. I have viewed my own PIP. It was a momentous experience. Citizens will be surprised by the information that floats around online and in public records. This is all potentially available to criminals, and it only makes sense for each and every citizen to keep tabs on it.

Government is beginning to recognize that citizens deserve power when it comes to their own identities. An article in the Aug. 17 edition of Insurance Journal reported the passing of the Information Security and Notification Act in New York State. Once it takes effect in December 2005, the law will require businesses to inform New York residents when financial and personal information has been compromised.

A handful of states have enacted legislation like New York's Information Security and Notification Act, but the measures are reactive, and many states provide little protection. Citizens cannot afford to wait. The best course of action is to be proactive when it comes to identity theft. A PIP makes action all the more possible. I encourage all my clients to use it.

2005-08-22T13:30:00.000-07:00

The Real ID Act is an earnest step toward staving identity theft

Through social engineering or other means, thieves can learn everything they need to know to steal identities on a massive scale. While watchdog groups decry countermeasures such as The Real ID Act as invasions of privacy, the added security will stave identity theft in the face of increasingly brazen robberies.

I don't even need to get your Social Security number behind your back to steal it. All I need to be is a good liar. This is called social engineering. It's low-tech, and it works so well, thieves even without computers can easily steal identities.

The Associated Press reported on Aug. 12 that Olatunji Oluwatoisn, the only person charged in the ChoicePoint robbery, now faces six charges in addition to those he faces from earlier this year. He was allegedly part of a Nigerian identity theft ring that used social engineering techniques to gain access to ChoicePoint Inc.'s database. The massive heist of Social Security numbers and other sensitive identifying information lasted for about a year before news of the breach broke.

I always tell people that they might as well plaster their Social Security numbers across billboards along major highways throughout the nation. It's the key to the kingdom of identity theft, but not an especially challenging key to obtain. The billboards, in this case, are data brokers and others who have few laws to follow. Government must rethink how the private sector handles personal financial information.

An Aug. 10 article in The Christian Science Monitor quoted privacy and government officials debating the anticipated consequences of The Real ID Act, which Congress passed in May 2005. People read about The Real ID Act and think, "I can't believe how the government is fiddling with my privacy." It is upsetting to learn that so many people have access to your personal information, but it is important to realize, too, that privacy went the way of the dinosaur a long time ago.

With identity theft running rampant, we need security. People think they want privacy, but what they may really want is to know their information is secure. Security and privacy, in this day and age, cannot coexist. The Real ID Act is an earnest step toward effective authentication in identification. It is an improved way to stave identity theft. It begins to provide true peace of mind in identification.

As we implement it, people will learn just how available their information is—and just how impossible it is to change this fact. They will soon give up on the futile battle for privacy and start to demand security.

2005-08-10T07:49:00.000-07:00

The increasing variety and growing sophistication of online threats demand an overwhelming response

Threats to computer and data security continue to increase in variety and grow in sophistication. Criminals such as identity thieves and computer hackers employ these tools along with social engineering techniques to lull unsuspecting Web surfers. The onslaught demands a coordinated, overwhelming response from industry. Without massive and intelligent retaliation from industry leaders and governments, computer hackers, identity thieves and the like will have gained the upper hand for a long time to come.

Cons exploit the trusting sides of victims by using lies and ruses to gain proprietary information. This is social engineering. Hackers and identity thieves, technically adept, are adding social engineering to their tactics at an alarming rate. Social engineering is a tool to gain access to sensitive identifying and financial information stored on what may otherwise be properly secure individual and networked computers.

Remain vigilant even if your computer system or network utilizes the very latest in security. Anybody with nerve who studies sales techniques and psychology can socially engineer others. There is nothing high-tech about it. Social engineering applies tried-and-true, time-tested conning techniques to new circumstances, the information age.

And the technical threats continue to mount as well. A July 25 press release from Websense, Inc. explores many, such as keyloggers, mobile malicious code (MMC), and others—all of which are increasing in their frequency, according to the release.

The August 2005 issue of Entrepreneur looks at another alarming ploy, the pharming technique, which essentially compromises the functioning of a domain name server (DNS). A pharming scam redirects Web surfers who type legitimate organizations' URLs. A user may have no idea she has been rerouted to a con site, which masquerades as the real thing. Those running the fake site typically steal the visitor's personal information.

We cannot allow pharmers to get away with taking hacking to a whole new level. Pharming undermines users' fundamental expectations for the online experience.

The response to online threats must be cooperative. Governments and industries such as banking and software firms should work together to combat the problem as a united front. Stakeholders at all levels, from the software firm's boardroom to the personal computer user's living room, need to aggregate threats as they learn of them. Only then will firms and individuals be able to easily obtain and deploy effective blocking software.

Companies' security measures are woefully lacking. Just watch the news any night. The latest security breach tells you this. The circumstances we find ourselves in could bring down the whole house of cards. And a house of cards it truly is. Easy money for computer-savvy thieves abounds.

2005-07-30T11:27:00.000-07:00

News sources lag behind in discovering and reporting online threats to consumers’ identities

Powerful Web-based people search engines are just now receiving official attention from the press. Yet these services, which offer Web users significant search capabilities for free or minimal fees, are well-established and nothing new. The media must dig deeper to help those whose main source to learn about threats is the news.

Penetrating search engines that dredge up hard-to-find information on people have been around for a while. It is worrisome that supposedly savvy media such as the high technology press are just now reporting the phenomenon.

On July 25, PC World ran an article by Andrew Brandt covering Zabasearch, one such search engine. According to the article, Zabasearch will sell detailed background information to any user for $20. This is significant. Public documents containing the same data have been available for years but difficult to find. Zabasearch makes the search far easier and accessible to anyone online, not just credit collectors and others whose businesses may require the capability.

It’s great to read warnings about Zabasearch in the news, but they come a year too late. Zabasearch and its questionable services, all serious threats to consumers’ identities, have been online and available for quite some time. Public records, which officials post online, are gold mines for thieves and available to anyone with a little know-how.

I recently conducted a search of my own online and was easily able to find information on Jeb Bush and his wife, Colin Powel and his wife, and CIA Director Porter Goss and his wife—all legally. For this kind of data to be available at a few strokes of the keyboard and clicks of the mouse speaks volumes of the identity theft threat.

The problems that aid and abet identity thieves are found in the firmly established processes for storing public and private data. Meaningful steps toward the eradication of identity theft will never be realized until we chip away at entrenched, longstanding practices that make identity theft one of the easiest crimes to commit.

2005-06-29T07:50:00.000-07:00

The jeopardizing of forty million credit card numbers shows that the real consumer right is security, not privacy

A recent compromising of data related to 40 million credit cards last week dwarfs other data breaches reported this year, yet the security lapse at CardSystems Solutions was avoidable. Public officials exploring ways to respond and stave this year's alarming hemorrhage of personal data need to shift focus away from consumers' privacy. The real "consumer's right" is data security, which legislation must strive to ensure.

Companies have no incentives, negative or positive, to protect our data. They operate with little mind for security because little punishment befalls them should breaches occur. Public embarrassment, such as what we saw with ChoicePoint, goes only so far to halt the bloodletting.

MasterCard, with 13.9 million cards affected by the CardSolutions breach reported on June 17, posted a press release the same day detailing protections available to customers. A June 20 New York Times article (link is to an archive excerpt) by Eric Dash quoted CardSolutions' chief admitting that the company should not have been keeping the information lost to thieves.

Reckless industry policies for handling sensitive information have set the stage for a massive security breach like the one at CardSolutions. I'm surprised this sort of thing didn't happen sooner. Identity thieves prey on easy targets. Complacency works in their favor. They gravitate to shoddy security and exploit lapses in judgment. Consumers enjoy some protections after a theft has occurred, but these are small comforts to victims, who must endure hassles unimaginable to the uninitiated.

The results of a Cyber Security Industry Alliance study, reported last week in ComputerWorld and elsewhere, indicated 97 percent of 1,003 of likely voters think identity theft is a "serious problem." Of respondents to the study, 71 percent "said new laws are necessary to protect consumer privacy on the Internet."

We hear a lot about how identity theft threatens privacy. Consumers want privacy, and politicians know this. Yet the charge is a misnomer. Privacy went the way of the dinosaur many years ago.

Last week, just as news organizations began widely reporting the CardSolutions breach, U.S. Senators jockeyed for the public's attention in efforts to advance competing identity theft bills. The same ComputerWorld article reporting last week's research findings quoted members of Congress, such as Sen. Bill Nelson (D-Fla.), warning that identity theft threatens Americans' privacy.

Politicians and consumer advocates who decry the loss of privacy in the wake of massive identity thefts raise a moot point. The issue driving the identity theft debate should be security. If politicians want to take action on consumer rights, they should pursue legislation speaking to consumers' obvious right to ironclad security that protects personal financial data from those who seek to gain access to it illegally.

Sen. Conrad Burns (R-Mont.) called for required government licensing of all data brokers. A bill proposed by Sen. Charles Schumer (D-NY) and Sen. Nelson looked at recourse such as expanding the Federal Trade Commission to combat rogue, irresponsible data brokers that lose information to thieves.

Other measures would pass a federal law much like California's SB1386, which requires companies and state agencies to inform Californians of any security breach potentially threatening the identities of 500,000 or more people; such a federal law, many insisted, must not supersede tougher state laws.

Susceptible data calls for the armored vehicle's high-tech counterpart. These kinds of breaches are becoming commonplace. The industry storing our information is largely unregulated yet must be closely monitored. The situation is unacceptable, but the only way to turn things around is to pay attention and to start handling people's personal financial data in the same way we handle greenbacks.

2005-06-17T05:18:00.000-07:00

Unencrypted information in transit makes identity theft an easy inside job

Last week, tapes containing the personal data of 3.9 million CitiFinancial customers went missing while in the custody of UPS. Other such tapes have been lost in transit this year. See how easy an inside identity theft job could be?

Massive losses of information are always egregious no matter whether events lead to identity theft. According to Enterprise Strategy Group research cited in a July 13 USA Today article by Jon Swartz, only a small percentage of financial services firms and other companies encrypt information on backup tapes. The same article quoted Rep. Edward Markey (D-Mass.) questioning the apparent lack of security measures.

Data tapes in transit can be easily misplaced. Unencrypted, they are like open books for anyone with moderate computer knowledge and unscrupulous aims. These are precisely the circumstances that make inside jobs easy. Identity thieves are everywhere. Many are employed, and some identity thieves certainly understand the benefits of working for a parcel delivery service or bank.

Encryption is an easy, cost-effective means to protect data from theft. Any aware citizen should be asking questions. Encryption is like ‘Data Security 101.’ It is inexcusable for large companies with the resources to implement such measures not to do so.

In a June 1 article, The Wall Street Journal’s Li Yuan cited January 2005 research from Mazu Networks. The findings revealed “23 percent of 229 U.S. organizations with more than 1,000 employees had at least one internal security breach in 2004.”

Yankee Group research cited in the same Wall Street Journal article indicates about two thirds of the $12 billion spent last year on enterprise security was to protect against external threats despite the growing prevalence of internal breaches.

When it comes to security, computer networks at enterprises large and small are like some kinds of candy: hard on the outside but soft and chewy on the inside. The events of this past year have shown how easily massive identity theft can occur courtesy of companies’ very own employees. The danger of inside identity theft jobs is clear and present, as we have seen with Time Warner Inc. and others.

2005-06-14T17:55:00.000-07:00

Yet more research illustrates how little knowledge computer users possess to protect themselves from online threats

On the heels of data from last month reporting computer users’ unfamiliarity with computer security threats, yet more research now indicates that people don’t know how online privacy works. The level of unfamiliarity with computer security is astounding, but I believe consumers will abandon ecommerce once they understand the danger unless they receive proper education immediately.

Last month, a Ponemon Institute study suggested that people are failing to grasp the dangers of spyware. Last week the University of Pennsylvania’s Annenberg Public Policy Center released the results of new research, which finds that respondents are unaware of how Web sites aggregate and use visitors’ personal information.

According to a PC World article published on June 1, many respondents share an inaccurate understanding of online privacy. Of participants in the Annenberg study, 75 percent answered, for instance, that any posted Web site privacy policy automatically means the organization displaying it will not distribute visitors’ personal information to third parties—an incorrect assumption.

People don’t know how online privacy works—or, more accurately, how it doesn’t. Just because a Web site may display a ‘privacy policy’ doesn’t mean a visitor’s personal information—which is collected—is safe from distribution and reuse. It’s in the fine print, but who reads the fine print? Many computer users have no clue.

The Annenberg findings also revealed that 49 percent of participants were incapable of spotting phishing e-mail scams. Authors of the Annenberg study, titled “Open to Exploitation: American Shoppers Online and Offline,” offered a number of measures to combat apparent shortcomings in public awareness.

Any intelligent discourse about how to fix the problems of online security is a positive development. The Annenberg findings, ironically, seem to support the lackadaisical, irresponsible approach industry has adopted. The banking, computer, and online retailing industries clearly aren’t bearing the brunt of online threats because awareness is nil. Consumers, oblivious to a lack of security online, continue to use the Web indiscriminately.

We must relentlessly advocate education to stave an ‘identity theft apocalypse’ and strengthen online security. Right now, industry is running on borrowed time. Additional recent research hints that consumers will wise up sooner or later to the gravity of online threats and leave the Web in droves.

2005-06-06T18:30:00.000-07:00

The emergence of a new form of ransomware is an example of criminals moving faster than the technology of security

New scams continue to beset the Internet. The emergence of a new rendition on ransomware demonstrates how criminals remain a step ahead of the public's awareness.

Ransomware steals data from computers. It then employs encryption, a technology typically—and ironically—for the security of online activity, to disallow victims from regaining their personal information until they pay a ransom.

What's maddening about ransomware is the way it steals personal information by using a technology that's also the backbone of Internet users' security. This is not an original ruse. The concept behind ransomware is nothing new, and many have attempted it. But the latest iteration is the first to utilize an automated program as the vessel.

Exploiting a vulnerability in Microsoft Internet Explorer, a malicious site that the unsuspecting user visits downloads and runs code, a Trojan Horse, to the compromised computer. This downloader then connects to another Web site, which downloads, renames, and runs an encoding application that performs a series of actions to steal the victim's personal information.

The problem with ransomware is not with the security response. Officials are familiar with this ploy, a favorite of savvy computer coders, and automation adds no significant hurdles for security response. Ransomware's victims, however, probably haven't heard of the scam, just as most people had not heard of phishing until recently. The problem is in the awareness—or lack thereof.

The consumer's learning curve will give ransomware perpetrators the time they need to do damage. Yet another scam threatens to dissuade people from participating in ecommerce. The computer, banking, and retail industries need to develop and implement a major initiative to educate current and potential customers on how to be safe and secure online.

2005-06-02T07:23:00.000-07:00

High-profile identity theft is fueling a decline in consumers' online activity

A survey of consumers suggests that confidence in online commerce may be faltering. The research indicates a noticeable dip in the number of people who bank online. I was warning of this possibility long before a string of watershed identity thefts and security breaches rocked nearly all corners of industry this year. After all, faith in the security of online transactions is the backbone of all ecommerce.

The study, conducted by Intervoice, found that 17 percent of UK respondents surveyed no longer use online banking services. The reason: fears of identity theft. It also found that 13 percent of respondents had ceased buying from online retailers. It’s easy to look at these findings and draw the logical conclusions. The computer, retail, and banking industries stand to lose millions if consumer confidence in the security of online commerce is declining as this research suggests.

Identity thefts and breaches of security continue:

-A laptop computer containing the credit card information of approximately 80,000 U.S. Department of Justice employees was stolen during early May, according to a May 31 ComputerWorld report. The incident occurred at a travel agency that the DOJ uses.

-According to a May 25 Associated Press report, a May 11 computer breach at Stanford University has attracted an FBI investigation. Thieves stole the personal data (e.g., letters of recommendation and Social Security numbers) of nearly 10,000 people. A California law, which Siciliano supports, required the school to inform potential victims.

-On May 23, ComputerWorld ran an IDG News Service report about the theft of a laptop computer that contains information (e.g., Social Security numbers) on approximately 16,500 former employees of MCI Inc., owner of the machine. According to the report, a financial analyst for the company had authorization to keep the information on the laptop, which she had left in a car parked in her home garage.

-A May 23 Associated Press story that ran in The Detroit Free Press and elsewhere reported that a hacker gained access to the computer system at Michigan’s Jackson Community College and may have stolen as many as 8,000 Social Security numbers. According to the article, the school uses Social Security numbers as default passwords. Students, who are encouraged to change their passwords, tend to use the defaults anyway.

People pay attention. They’ve heard about all the identity thefts and security breaches, much of it involving computers, that have plagued industry this year. It only makes sense that consumers would begin to avoid the circumstances necessary for ecommerce.

2005-05-25T17:51:00.000-07:00

A study about spyware confirms a need for more online security education

Research about spyware offers telling information about the average computers user's relationship with this online threat. Data from the widely reported 2005 National Spyware Study, conducted by the Ponemon Institute, suggest that people may be failing to weigh the dangers of spyware appropriately. This is just additional proof that more education is critical.

It seems that computer users don't even understand what is going on, let alone grasp the full gravity of the risks associated with spyware. The computer, retail, and banking industries must step up their consumer education efforts. Many computer users don't even recognize blatant spyware attacks, but once the damage is done, consumers and everyone else involved lose.

Ponemon's study reveals that the staggering toll spyware has exacted on computer users hasn't necessarily sounded the alarm for consumers. According to the study, 84 percent of respondents had experienced trouble with spyware. Yet most still seemed confused about spyware and indicated that, when given the choice, they would choose more access to free downloads over the development of laws to address the problem of spyware.

If this study is any indication, the current approach to educating everyday computer users about the spyware threat is ineffective. Enjoying all the conveniences of technology, consumers also sacrifice a large degree of security. I don't think they would jeopardize themselves in this way if they truly understood the stakes.

We see television commercials that present serious issues such as spyware and identity theft under the guise of humor, as if online security were a laughing matter. It is not.

While Madison Avenue sure can make some entertaining commercials, the advertising industry clearly hasn't framed the problems of spyware, identity theft, and related issues effectively. Otherwise, I doubt we'd be seeing results like those from Ponemon's study.

Most respondents to the study were unfamiliar with the lexicon of online threats. For instance, many could not differentiate between spyware and adware.

The industry must begin to look at spyware and related threats as more than mere opportunities to increase revenue. Advertising is for making money, but industry first needs to spend money on its existing customers' online security education.

2005-05-15T08:47:00.000-07:00

Computer users must take advantage of all the online security available

Industry and government are still debating the best ways to combat identity theft. This should be a wake-up call for consumers to take their online security into their own hands. Computer users have an array of options at their disposal to fight the problem themselves.

On May 4 Canada.com ran an article [link no longer available] by The Gazette's Alison MacGregor. The report quoted McAfee Inc.'s chief security officer, Ted Barlow, providing advice for computer users to protect their systems.

So many computer users operate their systems with little or no security against hackers, identity thieves, phishers, and other online crooks. We need education. Executives everywhere must follow Barlow's lead and publicize solutions to computer security woes.

Computer users are susceptible to a litany of threats. Webmobs, organized online theft rings, collude to steal identities en masse. Geeks create viruses to wreak havoc for no reason other than fun.

Hackers can even turn a home's computer, unbeknownst to its owner, into one of countless nameservers like it to run illegal Botnets. These networks then fuel phishing activities, also known as online scams, which perpetuate indefinitely and elude law enforcement by utilizing constantly moving nameservers that authorities cannot pinpoint.

Companies offering security technologies must be ahead of the curve for us even to have a prayer in turning back the tide of online crime. The speed and pace of the conveniences of technology have far outpaced the security necessary to keep users secure. However, there are a variety of tools available for free or for a small fee to maintain a relatively secure system.

Some computer users are savvier than others. Companies such as Netcraft have developed solutions that let users across the spectrum of proficiency pool knowledge to surf the Internet more safely, avoiding phishing sites and the like.

Security is a journey, not a destination. It needs constant attention and a never ending implementation of available combative resources. An online security solution that pools the expertise of advanced users to protect the less savvy remionds me of an Internet neighborhood watch. I like this idea.

The sophistication of online crime is mind-boggling. The response from the high-tech security industry must be the same.

2005-05-14T10:53:00.000-07:00

Identity theft can happen to consumers even when they are not consuming

Fears of mass identity theft struck again a couple weeks ago with the reported loss of hundreds of thousands of employees' records at one of the world's foremost media companies. The incident demonstrated that everyone is a potential victim of this crime.

Has Time Warner read its own publications this past year? Is the company aware of what has been reported regarding major breaches of data? Even at one of the world's largest media companies, supposedly a technology-savvy organization, employees are still vulnerable to identity theft.

On May 2, Bloomberg's Cecile Daurat, along with others, reported that the personal information of 600,000 Time Warner Inc. employees, both past and present, had been lost. According to the report, a container holding 40 back-up tapes has disappeared.

An employee has no choice but to relinquish valuable identifying information to her employer, exposing the data to the whims of lax security. Employers entrusted with this information should protect it as if it were their own.

Information continues to disappear elsewhere, and Time Warner is only the latest in this year's string of data breaches:

-On April 21, Linda Rosencrance of Computerworld reported an incident at Carnegie Mellon University's Tepper School of Business. The school informed 19,000 students, alumni, and faculty that their personal information had potentially been compromised. Recent weeks have seen similar incidences at Tufts University and Boston College.

-On April 20, Emily Fredrix of The Associated Press reported that Ameritrade Holding Corp. had notified 200,000 current and former customers of the loss of a backup tape containing their personal information.

-On May 13, The Duluth News Tribune quoted me in one of many articles that have chronicled a March 2005 incident of identity theft involving a DSW Shoe Warehouse database.

We are witnessing a freefall. Data is dropping out of sight left and right.

In most of these cases, the official communique to customers follows a theme. This theme says the data breach poses no known threat to customers' identities. This theme is wishful thinking.

Meanwhile, on May 2, Red Herring reported on the latest findings out of the SANS Institute, which found more than 600 new Internet security vulnerabilities.

High technology is forcing us to rethink the way we identify people and safeguard important information from crooks. Right now, the bad guys are winning. We need a uniform response from government and industry immediately to combat the threat before identity theft cripples our economy and irrevocably shatters people's trust in longstanding institutions.

2005-04-28T17:10:00.000-07:00

Industry and government must respond to the identity theft threat

Industry and government are responding to the identity theft threat, but the approach varies from state to state and business to business.

Industry and government are responding to the identity theft threat, but their approaches vary from state to state and business to business. It is imperative for government and industry to develop a unified front against identity theft.

On April 21, United Press International’s Al Swanson provided an overview of the current and pending safeguards government has against identity theft.

We need a national policy. The messages from all corners should be in agreement. Identity thieves need to know that industry cares about its customers and that government has industry’s support in developing punishments to fit this crime.

Senator Diane Feinstein (D-Calif.) has proposed legislation that would require any company nationwide to inform potential victims of identity theft as soon as it learns of a security breach. California is the only state to demand such action from industry.

I applaud Sen. Feinstein’s efforts; however, legislation is reactive. Putting systems in place to stop identity theft is proactive. There shouldn’t be an opportunity for industry to notify consumers if identity theft is stopped in the first place.

Most of the action being taken by politicians constitutes ineffective responses to the crime. It’s like eating fast food, gaining weight, clogging your arteries, and then drinking diet cola. It makes no sense.

As explained [free registration required to view article] by Knight Ridder’s Matthai Chakko Kuruvila on April 13, only a handful of states offer -- or soon will -- a “credit freeze” option for consumers. California, again, is the pioneer. Any consumer there can prevent new accounts from opening in her name. To apply for a new account, she must manually “unfreeze” her credit -- even for herself.

The credit freeze is the single most useful tool consumers can use to foil identity thieves. Every state in the nation should offer this option.

Legislators should also push for proper authentication via biometric security solutions. Many financial accounts don’t use Social Security Numbers for authentication. A freeze won’t stop identity theft here, and criminals can continue to commit crimes under the names of victims, too. Authentication is the only solution.

Industry has also responded. A number of companies are assisting organizations that offer free or affordable help to victims of identity theft.

On April 18, InformationWeek’s Steven Marlin reported that a group of financial institutions called the Financial Services Roundtable “has made permanent its Identity Theft Assistance Center.” According to Marlin’s article, victims of identity theft receive free assistance there. Banks fund the operation, and Intersections Inc., “a provider of bank-branded ID-theft-protection services,” runs it.

Every victim of identity theft deserves access to free assistance. All too often, victims are saddled with the arduous task of fixing their credit histories themselves. This costs money and can make them feel like they’re guilty until proven innocent.

In an April 13 press release, the Calif.-based Identity Theft Resource Center (ITRC) announced that ChoicePoint Inc. has committed to fund an expansion of the ITRC’s programs for victims of identity theft.

Any help from industry is welcome, but ChoicePoint is also part of the problem. Identity thieves are criminals but not solely to blame. Those who pursue legal profits by buying and selling people’s identities assume a heavy responsibility indeed. It will take a noticeable change in business practices to halt the barrage of identity theft.

2005-04-17T09:46:00.000-07:00

Web-based organized crime is fueling online identity theft

Organized crime is hijacking the Internet for its purposes. The Internet is the thief’s playground. These cons will exploit every channel and employ every tool at their disposal. Identity thieves and computer hackers will seek increasingly unconventional and shady channels for their shenanigans.

As reported by John McCormick and Deborah Gage of Baseline Magazine in a lengthy article last month, the phenomenon of Web Mobs flourishes. Web Mobs function much like traditional organized crime rings, but the affiliations are looser, and Web Mobs more easily evade law enforcement. The differentiator is that Web Mobs proliferate and exist exclusively online.

Organized crime has gained a stronger foothold online. Nigerian crime rings fueled widespread phishing scams last summer and, allegedly, the thefts at ChoicePoint over the past year. The Russian mafia has displayed an appetite for identity theft for a long time. Even 22-year-old white-bread American kids in Web Mob Shadowcrew stole millions.

In an illegal rendition of the business plan of data brokers such as ChoicePoint and LexisNexis, Web Mobs trade and buy credit card numbers and Social Security Numbers online for as little as $10 each. Then participants buy under the guise of unsuspecting others’ names.

The Web is great for organized crime, which is bad for legitimate business. Online ruses come to light and receive widespread attention. Consumers lose confidence in their security and become less inclined to shop and bank online.

The banking industry seems to be in denial and simply hasn’t harnessed opportunities to show clients it is on top of the problem. I haven’t seen one effective awareness campaign.

In yet another insight into online criminals’ creativity, Blogs have become a haven for malicious code. As reported by Gregg Keizer of TechWeb News, hackers are storing their keyloggers, spyware programs that furtively intercept identities emanating from people’s computers, at blogs. Blogs offer anonymity and a low threshold of security, which hackers prefer.

Online crime has reached pandemic levels this past year with more than 14 major breaches of data. Hackers, identity thieves, and Web Mobs have elevated their game in tandem with the expansion of the Web. The speed of technology has far outpaced its security.

The Internet has led to not only more opportunities for consumers, but also for criminals. Criminals look for the path of least resistance. The Web makes a virtual mugging or robbing a bank an easy score.

New identification technologies and hardening practices are needed now more than ever. Two-factor authentication and other innovations must be implemented on a wide scale immediately if not sooner.

2005-04-13T06:39:00.000-07:00

The discourse about identity theft and how to combat it is rife with misunderstanding over the concept of privacy

Advocates and elected officials continue to call for privacy rights in the wake of this year’s blitzkrieg of identity theft and related attacks. I advise those seeking solutions to the problem of identity theft not to view privacy rights as a panacea. People are, in fact, conflating the problem of identity theft and the quest for privacy rights.

The security of people’s identities and the idea of privacy are two different matters. We can achieve identity security, but the idea of ‘privacy rights’ clings to the mistaken notion that privacy exists in a high-tech world. Privacy is an unnecessary variable to stop thieves and safeguard consumers’ financial information.

This is a war not only against identity theft, but also against the misperceptions surrounding how to combat it. To strike a decisive blow against identity theft, those fighting this war must strive for security, not privacy.

An April 7 press release from the office of Congressman Bennie Thompson, D-Miss., illustrated how ideas about privacy permeate efforts at the highest levels to curb identity theft. In the release, Rep. Thompson, ranking member of the Committee on Homeland Security, called not only for better security of personal and financial information, but also for the protection of “individual privacy.”

Privacy is an illusion. Consumers, privacy advocates, and elected officials alike should never expect it. To try to ensure it is a misguided response however well-intentioned. Technology available for many years has rendered the notion of privacy quaint and antiquated. The information is already out there. Industry needs to realize that it is nearly impossible to protect consumers’ financial and identifying data from thieves.

We have a lazy system. It is an honor system set up for convenience’s sake. It promotes theft. We still rely on a person’s handwritten signature as a form of identification. It’s comical, actually.

Any unauthorized individual or organized criminal organization can open numerous accounts under anyone’s name at any time. We must upgrade and change, in fundamental ways, how we authenticate identities.

On March 15, CFO Magazine’s Peter Krass and, last week, MSNBC’s Bob Sullivan wrote articles providing useful overviews of the year’s debacles, thus far, in identity theft, the types that can occur, and various companies’ responses to the problem.

With security breaches occurring on a massive scale, we are in the midst of an identity theft apocalypse, a pandemic. We must employ every tool at our disposal and make serious changes to defeat the crafty identity thief, who masquerades in countless forms.

2005-04-09T08:30:00.000-07:00

A persistent lack of awareness about identity theft at the consumer and industry levels costs money

Reports show that many businesspeople and individual consumers still do not recognize the full gravity of the identity theft threat. Industry should be taking identity theft seriously and implementing measures to combat the danger. Identity theft can occur in myriad ways. The possibilities are endless. A complete overhaul of identifying standards and processes is paramount and needs to be industry’s driving objective.

In an April 1 CNET article, Jon Oltsik, senior analyst at the Enterprise Strategy Group (ESG), shared information from a survey of 229 U.S.-based security professionals. ESG's survey found 23 percent of respondents reporting internal security breaches at their organizations over the past year. An additional 27 percent of respondents did not even know, when asked, whether such a breach had occurred.

On March 29, Digital-Lifestyles.info reported research from Infosecurity Europe. Apparently, for the chance of winning theater tickets, 92 percent of 200 people surveyed provided strangers with all the personal information a criminal would need to steal their identities.

Clearly, security is lacking—as is awareness and concern—not only at the consumer level but also at the highest levels of corporations. This includes CFO and CIO naïveté about the issue.

Corporations have been slow to realize that identity theft is not just a problem for consumers. The crime and how a business behaves afterward can attract lawyers and litigation.

In press releases dated April 1, class action lawsuits alleging federal securities laws violations at companies such as Mamma.com, Inc., Molex Incorporated, and ChoicePoint Inc. were filed. The same day, The Atlanta Journal-Constitution’s Bill Husted reported [link requires free registration] that ChoicePoint would let consumers review the personal information it has obtained about them.

It is likely only because of legal and legislative pressure that ChoicePoint has responded by stopping the sale of Social Security numbers to third-party private investigators who then resell them to ‘Joe Identity Thief.’

At times of heightened awareness, inaction can be costly, and damage control, no matter how genuine, can be too little too late. One misstep in data security puts a company and all its executives’ actions under the microscope for a very long time.

Countermeasures to combat identity theft must also address the illusion of privacy, according to Robert Siciliano, founder of IDTheftSecurity.com

2005-03-30T07:38:00.000-08:00

Countermeasures to combat identity theft must also address the illusion of privacy, according to Robert Siciliano, founder of IDTheftSecurity.com

(BOSTON, Massachusetts – March 29, 2005 – IDTheftSecurity.com) Financial institutions and others continue to be the targets of identity thieves and computer hackers. Companies across the globe are considering countermeasures of various, inventive varieties. According to a nationally recognized security expert, the illusion of privacy will hamper the implementation of these safeguards that actually protect consumers’ finances.

“Identity theft is the ultimate threat to privacy,” said Robert Siciliano, a nationally televised and quoted authority on personal security and identity theft. “A deep violation takes place when a criminal gains access to a hard-working, law-abiding citizen’s finances. Privacy advocates are right to decry this crime. Yet the very actions that curb identity theft can look like infringements of what these advocates like to call ‘privacy rights.’”

On Feb. 24, shortly after the ChoicePoint Inc. scandal broke, Siciliano appeared on CNBC's "The Closing Bell" to discuss the dangers of identity theft. He is author of "The Safety Minute: 01" and an upcoming book, "Identity Theft Pandemic: Curing the Identity Theft Virus." He has also been featured on CNN, FOX News, and MSNBC, and quoted in The New York Times and other newspapers of record.

“True privacy is, in fact, an illusion,” Siciliano added. “It no longer exists. Concentrated media attention has suddenly alerted the public to an erosion of privacy that, courtesy of our high-tech world, has been complete and irreversible for quite a while.”

“To industry denizens,” Siciliano continued, “commonsense, high-tech actions to combat the scourge of identity theft seem reasonable. These same countermeasures may seem invasive to consumers. The whole situation seems sudden and new to customers even though it is not.”

“Anyone who champions privacy rights is fighting the wrong war,” Siciliano concluded. “People think they want their finances to be private, but what they really want is to know their finances are safe. If we enact protections against identity theft, we will have safeguarded American consumers’ finances from crooks. Then we must address the fear of the protection.”

On March 18, TechWeb News reported on a poll conducted in January by the Framingham, Mass.–research firm Financial Insights. The results found “nearly 60 percent of U.S. consumers…said they were worried about identity theft.” Yet EcommerceTimes’ writer Jack Germaine reported days later on a Better Business Bureau report indicating that the perceived threat of online identity theft may be eclipsing the actual threat.

“The point is, banks will hemorrhage customers and money,” said Siciliano. “This is because identity theft—and the fear of it—costs a bank customers and drains money. Consumer trust is slipping. Soon, it may be lost altogether unless banking institutions implement sweeping measures not only to combat actual identity theft but to fight the perception that a person’s personal finances are fundamentally unsafe.”

Institutions continue to reel from identity thieves’ and other computer hackers’ attacks. Bill Goodwin, writer at ComputerWeekly, reported on March 22 that, since December, banks in London, England have been on alert because of an investigation into a computer hacking attempt at the Japanese bank Sumitomo’s branch in that city.

Authorities at a number of institutions across the globe are responding by implementing various inventive countermeasures:

n On March 24, Samantha Ross of Geneva, New York’s Finger Lake Times reported that Excellus Blue Cross Blue Shield subscribers’ membership cards will no longer display Social Security numbers. Random alphanumeric numbers will be the replacement. According to a Blue Cross Blue Shield of North Carolina press release dated March 8, the company will commence transitioning all members’ cards to the new system in April and conclude the operation on Jan. 1, 2006.
n As reported on March 9 by Kristy Needham of The Sydney Morning Herald, a number of online banks across Australia will, later this year, implement new security measures and practices for customers who want to access account information. Text messages sent via mobile phones will contain extra pass codes for transactions. Security tokens, carried on key rings, that produce random, transaction-specific numbers have been in use since last year.
n Bank Systems & Technology writer Ivan Schneider reported on March 8 that Bank of America—itself a victim of security problems in February surrounding the care of customers’ sensitive personal data in transit—also plans to adopt these token devices, which churn out one-time passwords for banking transactions.

“Consumer rights, laudable as they are, represent only one of many concerns stemming from identity theft,” said Siciliano. “At all times, we must remember that terrorists love identity theft and would jump at the opportunity to commit it, enter the country illegally, and hurt us.”

###

Siciliano is available to discuss identity theft as it pertains to consumer privacy, personal finances, the terrorism threat, and national security. A speaker as featured on CNN, MSNBC, Fox News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." Siciliano leads seminars nationwide. He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, The Chicago Tribune, The Christian Science Monitor and other publications.

Siciliano's blog is available at www.IDTheftSecurity.blogspot.com. Siciliano can be reached at 1 (888) SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:

Main Web site: http://www.IDTheftSecurity.com
Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf
Testimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf

Siciliano's contact information follows:

Robert Siciliano
Personal Security Expert
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
E-MAIL: Robert@IDTheftSecurity.com

The media are encouraged to get in touch with Siciliano directly. They may also contact:

STETrevisions, strategic communications
Brent W. Skinner, President
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com

Founder of IDTheftSecurity.com warns that recent identity thefts at educational institutions pose a special threat to national security

2005-03-23T06:08:00.000-08:00

(BOSTON, Massachusetts – March 23, 2005 – IDTheftSecurity.com) Identity thieves have compromised yet two more college computer systems over the past week. Educational institutions’ databases—which hold personal information on alumni, faculty, and others—are particularly vulnerable to theft. Once stolen, according to a nationally recognized security expert, the at-large data can pose an exceptional threat to national security.

On March 17, The Boston Globe’s Hiawatha Bray and others reported that computer hackers had infiltrated a database housing about 120,000 alumni’s addresses and social security numbers.

“The breach at Boston College is only the latest, actually, in a malicious string of security compromises at college databases across the nation,” said Robert Siciliano, a nationally televised and quoted authority on personal security and identity theft.

On Feb. 24, shortly after the ChoicePoint Inc. identity theft scandal broke, Siciliano appeared on CNBC's "The Closing Bell" to discuss the dangers of identity theft. He is author of "The Safety Minute: 01" and an upcoming book, "Identity Theft Pandemic: Curing the Identity Theft Virus."

“No group is immune,” said Siciliano. “Identity thieves don’t care whether you are a senior citizen, a student, rich, or poor. All they care about is obtaining identities.”

“We’ve heard that they use these identities to run up debt in another person’s name,” Siciliano added. “And they do. But ‘they’ are not only everyday criminals. Identity thieves can also be terrorists, eager to use these identities to appear legit, enter the country, and hurt us. In fact, the everyday criminal may sell the information to the terrorist. The possibilities are endless and all egregious.”

On March 22 CIO Today ran an Associated Press report that hackers were able to break into California State University, Chico’s database to view the names and social security numbers of about 59,000 people associated with the institution.

“Think about the convenience factor for a terrorist,” said Siciliano. “Universities, with their typically elevated numbers of international students on the rosters, are the perfect places for dangerous international terrorists to steal seemingly legitimate international identities to help slip past profilers at our airports.”

Last week, results from a poll conducted by ABC News and The Washington Post suggested an increase in Americans’ concern over identity theft. Among the poll’s findings was that about 70 percent of those queried saw themselves as potential victims of online identity theft.

“Finally, people are beginning to understand,” said Siciliano. “Identity theft is a serious matter deserving of the public’s full attention. A thief can easily ruin a consumer’s credit record. A terrorist can easily threaten the security of our nation.”

###

Siciliano is available to discuss identity theft as it pertains to personal finances, the terrorism threat, and national security. A speaker as featured on CNN, MSNBC, Fox News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." Siciliano leads seminars nationwide. He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, The Chicago Tribune, The Christian Science Monitor and other publications.

Siciliano's blog is available at www.IDTheftSecurity.blogspot.com. Siciliano can be reached at 1 (888) SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:

Main Web site: http://www.IDTheftSecurity.com
Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf
Testimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf

Siciliano's contact information follows:

Robert Siciliano
Personal Security Expert
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
E-MAIL: Robert@IDTheftSecurity.com

The media are encouraged to get in touch with Siciliano directly. They may also contact:

STETrevisions, strategic communications
Brent W. Skinner, President
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com

IDTheftSecurity.com's Founder, Robert Siciliano, Commenting On Congressional Hearings, Warns That Terrorism Could Stem From The Identity Theft Crisis

2005-03-17T13:06:00.000-08:00

BOSTON/March 17, 2005 --- Identity theft has attracted the attention of legislators in Washington, D.C. CEOs of major companies that have fallen prey to recent high-profile thefts have already testified. Meanwhile, thieves continue to pilfer credit card numbers, database information, and other consumer data stored at venues of all kinds across the nation.

Last month a major, yearlong database breach at ChoicePoint became news. Since then, legislators have decried what many industry watchers have described as data mining firms' lax security. Reps. Edward J. Markey, D-Mass., Bennie Thompson, D-Miss., and others have led various efforts on Capitol Hill to investigate the problem of identity theft, and hearings began late last week.

"To avoid liability, information brokers capitalize on a litigious society's need to know," said Robert Siciliano, a nationally televised and quoted personal security and identity theft expert. "In this respect, data aggregators are necessary, yet the manner in which they operate is no different than a boiler room operation without oversight."

On Feb. 24, shortly after the ChoicePoint Inc. identity theft scandal broke, Siciliano appeared on CNBC's "The Closing Bell" to discuss the dangers of identity theft. He is author of "The Safety Minute: 01" and an upcoming book, "Identity Theft Pandemic: Curing the Identity Theft Virus."

ChoicePoint CEO Derek Smith sat before congressional interrogators March 15 to answer questions about his company's practices. Kurt Sanford, CEO of Lexis Nexis, another data mining firm, also testified. Both CEOs were at odds with legislators who have called for the sale of social security numbers to be illegal.

"Smith's apology to Congress is insufficient," Siciliano said. "I challenge both Smith and Sanford to make their social security numbers available for sale. I'll pay each of them $5,000 and post their numbers on a highway billboard, which is no different than what they are doing with mine and yours."

MSNBC's Bob Sullivan reported on the exchange between these CEOs and members of Congress. Smith faced questions about the many circumstances surrounding his company's leak and the measures ChoicePoint has taken in response. One legislator, for instance, probed whether more than 145,000 individuals' identities might be at risk, supposing that ChoicePoint is only reporting thefts as required by the law.

"I have mentioned it many times," said Siciliano. "The situation at ChoicePoint, with the delays in reporting thefts to the public and the large sums of money that executives there made on stock sales during the silence, are causes for alarm. These are wolves in sheeps' clothing that pose a threat to national security. Their actions are possibly aiding and abetting terrorists, and these CEOs offer an 'I'm sorry.' This industry needs serious attention."

Sanford answered questions about a theft of 32,000 identities at Lexis Nexis. Thieves stole information by using customers' passwords. In fact, identity theft continues nationwide at a frenetic pace:

--The Associated Press reported March 9 that thieves had lifted customers' credit card information from more than 100 DSW Shoe Warehouse stores over the last three months.

--The Associated Press reported March 8 on the theft of about 1,700 blank driver's licenses and license-making equipment such as cameras from a Nevada DMV office in North Las Vegas.

--Reuters reported March 9 that hackers have obtained from publisher Reed Elsevier's databases the personal information of about 32,000 people.

"This really is just the beginning. It's only going to get worse. With identity theft resulting in $48 billion in losses last year, information brokers are the greatest threat to our economy and national security," Siciliano said. "We are not just concerned about loss of money and ruined credit histories. The identities of everyday Americans have also suddenly become valuable to terrorists, both rogue and organized, who want to enter the country and hurt us. The bleeding has to stop."

Siciliano is available to discuss identity theft as it pertains to personal finances, the terrorism threat, and national security. A speaker as featured on CNN, MSNBC, Fox News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." Siciliano leads seminars nationwide. He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, The Chicago Tribune, The Christian Science Monitor and other publications.

Siciliano's blog is available at www.IDTheftSecurity.blogspot.com. Siciliano can be reached at 1(888)SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work: Main Web site: http://www.IDTheftSecurity.com Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf Testimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf

Siciliano's contact information follows: Robert Siciliano Personal Security Expert PHONE: 888-SICILIANO (742-4542) FAX: 877-2-FAX-NOW (232-9669) E-MAIL: Robert@IDTheftSecurity.com The media are encouraged to get in touch with Siciliano directly.

They may also contact: STETrevisions, strategic communications Brent W. Skinner, President PHONE: 617-875-4859 FAX: 866-663-6557 BrentSkinner@STETrevisions.com

CONTACT:Robert SicilianoBoston, MA 02215PHONE. (888)742-4542E-MAIL: Robert@IDTheftSecurity.com
KEYWORDS: Identity, theft, fraud, Internet, security, Computer, Personal, Privacy, rights, advocates, Terrorists, Terrorism, National
SOURCE: IDTheftSecurity.com

ChoicePoint Inc. security breach, the apocalypse of identity theft, threatens the economy and national security

2005-03-08T06:35:00.000-08:00

ChoicePoint Inc. security breach, the apocalypse of identity theft, threatens the economy and national security

Identity theft has become a pandemic. Its perpetrators are more organized than ever and could be affiliating with terrorist groups. Thieves could be terrorists themselves and have gained access to huge databases. Names, addresses, phone numbers, social security numbers, and dates of birth are up for grabs, and the information is useful to those with mal intent. Government and the business world are struggling to respond, and controversy defines the efforts to develop regulations that would properly protect consumers.

The system of identification is fundamentally flawed. The confluence of everyday cyber crime and terrorism demonstrates a need for across-the-board countermeasures and changes in the way in which we identify people. Organized international crime rings could easily collude with terrorist networks. A clever and properly equipped computer hacker could bring nations and monetary systems to their knees. A dirty bomb could detonate in a crowded city street and kill thousands—all courtesy of terrorists-turned-identity-thieves. Through identity theft, a terrorist operation could easily forge identities, enter the country illegally and, in others’ names, fund the entire operation.

Large databases are vulnerable

In October 2004, hackers infiltrated a University of California, Berkley database to render the identities of 1.4 million low-income healthcare recipients and the people who provide the care vulnerable. A recently passed California law, SB1386, requires companies and state agencies to inform Californians of any security breach potentially jeopardizing the identities of 500,000 or more people. The university complied.

Laws that require officials who suspect wide-scale identity theft to alert those who may be victims are good. They’re bad when insufficient, enforced improperly, or willfully ignored. Their provisions must scale to the speed of identity theft, whose perpetrators can ruin people’s lives and, possibly, the safety of millions, in short order.

Data warehousers are slow to respond

In what officials are pegging as an orchestrated effort, over the course of this past year multiple charlatans conducted a massive ruse against ChoicePoint, a large Georgia-based data mining company. Criminals posing as legitimate small businesses (e.g., debt collectors, credit checkers, etc.) easily gained access through the front door of ChoicePoint’s database to lift countless U.S. citizens’ identities.

This happened more than four months ago. It wasn’t until February that ChoicePoint began to inform the public. California’s law may have prompted ChoicePoint to alert Californians to their possibly compromised identity information, but the communiqué was still tardy. Worse, only after facing pressure from 38 state attorneys general, did ChoicePoint admit that the crime’s scope was far greater, The Globe and Mail and others report. According to AZCentral.com, ChoicePoint claims California law enforcement officials encouraged the company not to disclose the breach sooner.

Thefts trace to organized crime

Reuters and others report that a Nigerian man has been sentenced to 16 months in jail for his involvement in the crime against ChoicePoint. Authorities say he was part of a larger criminal network.

Organized crime’s link to identity theft has precedent. This past October, law enforcement officials suspected Russian mobsters to be behind a major identity theft racket in Brighton, Massachusetts. This past year high-profile phishing attacks and e-mail scams have originated from Nigeria.

The Seattle Post-Intelligencer and Cox News Service provide an informative report on organized crime’s link to the Internet. Well-known organized rings such as the Gambino crime family have tried their hands at consumer fraud. Newer players from Russia, Africa, Argentina and elsewhere have thrown their hats into the ring as well.

The trend threatens our economy. Would-be entrepreneurs, established companies, and online consumers, all cowed by the specter of crime, may shy away from the Internet, delivering a blow to U.S. economic growth.

Litigation looms

According to ABC News and others, ChoicePoint said the company would inform approximately 145,000 people spread across all 50 U.S. states, the District of Columbia, and three territories that thieves who fraudulently signed up with ChoicePoint may have stolen personal information.

ChoicePoint’s slow response and the massive scale of the crime have encouraged a California woman, as reported in the Los Angeles Business Journal and elsewhere, to sue ChoicePoint over the theft of her identity. Her suit could reach class-action status to cover the losses of the thousands others whose sensitive personal information may have been compromised.

Nobody should be surprised. While a low profile can help a criminal investigation, it is disconcerting for victims to learn how long ChoicePoint took to admit the crime’s full scale.

Questionable stock sales by executives at the company further fuel suspicions that ChoicePoint could have done more, and sooner, to protect the integrity of identities at risk. Again reported in AZCentral.com, ChoicePoint’s chief executive officer and the company’s president “made a combined $16.6 million in profit from selling company shares in the months after the data warehouser learned that people’s personal information may have been compromised and before the breach was made public.”

Tougher regulation is necessary

Clearly, the public cannot count on these companies, which have access to so much of our personal information, or law enforcement officials to alert consumers in a timely manner when security is breached. Business proprietors with so much at stake may put their own well being before others’.

As reported by CNET, Reuters, The Associated Press, and others, members of U.S. Congress have noticed. Reacting to the ChoicePoint debacle, Senator Charles Schumer (D-NY) has promised to introduce legislation to “curb” identity theft. FOX News reports that Democrats and Republicans alike have united to plan hearings into the latest industry shortcomings and what can be done to improve the system.

Centralization begets breaches

Centralization carries with it a false sense of security. Common sense says the fewer people who control a given repository, the less susceptible it will be to danger. The laws of averages say breaches will still happen, and when they do, watch out. Once the criminal compromises a highly secure centralized database’s security protocol, the information at his disposal is just as available to him as cash is to the Saturday evening thief who robs a convenience store at midnight—maybe even more so.

Centralized industries can also be at the mercy of their leaders’ whims, bureaucracies’ weaknesses, and systems’ shortcomings. Look at the food industry. As it has consolidated and centralized, people have warned of its susceptibility to terrorist attack—or plain old susceptibility, as evidenced by confirmed cases of mad cow disease.

Databases consolidate into fewer hands

This is not simply a question of consumers’ rights. It’s a matter of national security. Although these databases can help crime fighting, when they are compromised, national security is at risk.

The data mining industry is consolidating and centralizing like the food industry. ChoicePoint is one example of how large organizations are expanding control over people’s identities. Credit records, legal records, information on consumer habits and even the minutest details about people’s lives are all filing into a dwindling number of databases of increasing sizes that are becoming more susceptible to theft.

Identity theft threatens Homeland Security

As reported in The Washington Post and other publications, ChoicePoint and companies like it are beginning to operate as private intelligence services for national security and law enforcement tasks. In this capacity, these companies can circumvent privacy and information laws that constrain government bodies. By getting around these, they support Homeland Security activities.

FOX News reports that ChoicePoint is, in fact, a major government contractor providing important background check support to Homeland Security activities. In light of the company’s inability to secure its own database, observers have to wonder how safe any of us are. Security failures such as ChoicePoint’s will happen again. In fact, they already have; breaches such as the latest at Westlaw and BankAmerica will receive my attention in later columns. It is up to business leaders and government officials to clamp down on identity thieves and develop a strategy to let consumers know when their identities have been stolen.

Robert Siciliano Personal Security, Identity Theft Expert featured on CNN, FOX, MSNBC and CNBC. IDTheftSecurity.com

The Call For Hearings Following Identity Thefts At ChoicePoint Inc. Is A Welcome Development According To Robert Siciliano Of IDTheftSecurity.com

2005-03-04T16:21:00.000-08:00

The Call For Hearings Following Identity Thefts At ChoicePoint Inc. Is A Welcome Development According To Robert Siciliano Of IDTheftSecurity.com

(BOSTON -- March 4, 2005 -- IDTheftSecurity.com) A compromised database at ChoicePoint Inc. has left thousands of Americans' identities vulnerable to foul play. In the wake of this theft and security failures at Bank of America and elsewhere, many are expressing concern that missing or stolen information could fall into the hands of Al Qaeda and others. Democrats in the U.S. Senate and House of Representatives are asking the Department of Homeland Security and Government Accountability Office to look into how these developments might enable terrorists. "Organized criminals have latched onto identity theft, previously the domain of savvy hackers," said Robert Siciliano, a nationally televised and quoted personal security and identity theft expert. "Terrorists realize this is the most effective way to cross borders undetected, fund their cause and bankrupt commercial interests to cripple the American economy," he said. On Feb. 24, shortly after the ChoicePoint scandal broke, Siciliano, author of "The Safety Minute: 01," appeared on CNBC's "The Closing Bell" to discuss the dangers of identity theft. In their letter dated March 3 to Gen. Patrick Hughes - an acting undersecretary at the Department of Homeland Security - a number of Democrats wrote, "This security gap places America at risk. There is nothing to stop an organized terrorist organization like Al Qaeda from using this vulnerability to access the personal information of private citizens and use it against our nation." The undersigned of that letter included ranking Democrats from a number of Senate and House of Representative committees and subcommittees including Rep. Bennie Thompson, Rep. John Conyers, Sen. Bill Nelson, Rep. Loretta Sanchez and Rep. Zoe Lofgren. Similar letters were sent to David Walker, comptroller general at the Government Accountability Office, and Nuala O'Connor Kelly, chief privacy officer at the U.S. Department of Homeland Security. "Government officials see the writing on the wall and are scared," said Siciliano. "The identity theft virus, a pandemic, is spreading fast. Officials need to focus on a cure. Regulation is only a small part of the answer," he added. Rep. Thompson is the ranking Democrat of the House Committee on Homeland Security. A press release from his Washington, D.C. office indicates that he sent a letter to that committee's chairman, Rep. Christopher Cox, a Republican, calling for hearings. In the letter, Rep. Thompson wrote, "The thefts at ChoicePoint and Bank of America demonstrate the vulnerability of our citizens' personal information to potential terrorist attack and use." Later in the letter, he continued, "A committee hearing on identity theft ... would provide considerable information to determine exactly how large a security gap exists." "Half of the hijackers on 9/11 used stolen or fake IDs," said Siciliano. "Previously, in the year 2000, more than 100,000 Social Security numbers were wrongly issued by the Social Security Administration because officials there accepted fake birth certificates and fake immigration papers. Nothing has been done. If a virus goes untreated, it spreads," Siciliano added. News has surfaced that thieves gained access to ChoicePoint's database not only in late 2004, but also in 2002. A number of people have been able to view individuals' identities at ChoicePoint by masquerading as legitimate small business owners - such as debt collectors, loan companies and others - who would typically need such information. Some say ChoicePoint has been lax in its security screening process. "ChoicePoint's reckless behavior and lack of security are just small parts of the problem," said Siciliano. "Fraudulent financial accounts can be opened simply through the creation of documents or the use of readily available Social Security numbers. Fundamental changes in the system of identification should be a focal point for the committee and investigations," he added. Siciliano is available to discuss identity theft, the terrorism threat and national security. A speaker who leads seminars nationwide, he has appeared on CNN, MSNBC, Fox News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." He has been featured in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times and The Washington Times. Siciliano can be reached at 1-888-SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:
http://www.IDTheftSecurity.com, http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf The media are encouraged to get in touch with Siciliano directly or through STETrevisions, strategic communications Brent W. Skinner, president. By calling (617)875-4859, faxing (866)663-6557 or e-mailing BrentSkinner@STETrevisions.com.

CONTACT:Robert SicilianoBoston, MA 02215PHONE.(617)875-4859 PHONE.(888)742-4542E-MAIL: Robert@IDTheftSecurity.com

Identity thefts at ChoicePoint Inc. and security failure at Bank of America Corp. reflect a fundamentally flawed system for handling sensitive data, s

2005-03-03T16:24:00.000-08:00

Identity thefts at ChoicePoint Inc. and security failure at Bank of America Corp. reflect a fundamentally flawed system for handling sensitive data, says Robert Siciliano of IDTheftSecurity.com

(BOSTON -- March 3, 2005 -- IDTheftSecurity.com) Tapes of Bank of America Corporation's financial information for 1.2 million people, including a number of U.S. senators, have been missing since December 2004. A deep, yearlong breach of security led to identity theft at Georgia-based ChoicePoint Inc. more than four months ago. In both cases, law enforcement officials told the companies to delay informing affected customers. Members of U.S. Congress have responded to the gravity of these crimes by calling for hearings.

"Identity theft has become a pandemic," says Robert Siciliano, as quoted last week on CNBC's "Closing Bell." A Boston-based personal security and identity theft expert, Siciliano added, "The U.S. needs to improve the rules that govern when and how companies and law enforcement inform those whose identities may have been stolen." Nationally televised and quoted, he is the author of "The Safety Minute: 01."

Loss of customers' financial information leads to government reaction

"Legislators have been slow to respond to the dangers of identity theft," says Siciliano. "When information so critical to individuals, our economy, and the security of our nation is bereft of order, bad things happen. Companies resort to the least cost-intensive ways of doing business."

He added, "This can frustrate consumers. Someone wishing to precipitate government action could achieve the objective by heisting 1.2 million identities from a major bank."

The Boston Globe's Sasha Talcott paraphrased Senator Charles Schumer (D-NY), who posited that commercial airline flight baggage handlers swiped Bank of America's tapes. CNET, Reuters, The Associated Press, and others report that other members of U.S. Congress have joined Schumer in his concern over security breaches at Bank of America and ChoicePoint. FOX News' Kelley Beaucar Vlahos reports that Democrats and Republicans alike plan to look into industry shortcomings and explore possible improvements.

"Schumer and 38 attorneys general have reacted to ChoicePoint's security problems as if this is something new," says Siciliano. "These are their knee-jerk responses. For four years, I've been screaming about the danger of precisely what has now happened with Bank of America and ChoicePoint. Schumer and friends are just now coming out of the woodwork."

He added, "Security is about being proactive and protecting your constituents before something happens. It is not about showing up when the cameras are on to clean up a mess that should have never happened."

Bank of America responds, but the theft of information in transit has precedent

"Security measures in place, as the past month's events demonstrate, are insufficient at best and, at worst, nonexistent," says Siciliano.

The implication of Schumer's statement is that banks routinely transport their customers' sensitive data via insecure means. As reported by Paul Nowell of The Associated Press, Bank of America believes the tapes were simply lost and has unearthed no foul play related to the information on these missing tapes. A spokesperson for Bank of America, quoted in major publications across the country, says, "The investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused."

Theft or loss of sensitive information in transit has precedent. Just last week, for instance, the San Diego Union Tribune reported that a U.S. mail carrier stationed in California was arrested on suspected identity theft that he allegedly committed in exchange for drugs.

"The motives to lift people's identifying information are legion," says Siciliano. "The identity thief may be a junkie. She may need the money. He could just be a kleptomaniac. It doesn't matter. Information is susceptible."

Law enforcement's needs and the interests of company executives may conflict with timely communiqués to the public

The Bank of America investigation began in December when bank officials alerted the Secret Service that tapes were missing. It was only this week, as reported by The Dallas Morning News' Pamela Yip and others, that the Secret Service allowed Bank of America to inform customers.

"We cannot rely solely on law enforcement as the solution to the problem of identity theft," says Siciliano. "As we see, companies can follow procedures by the book and still wait too long to inform victims. While law enforcement officials are doing everything they can, the real answer is to change the system of reporting."

ChoicePoint spokespeople say law enforcement asked the Georgia-based company to delay efforts to inform the public. During the meantime, executives at the company made questionable stock sales equaling a total of $16.6 million, reports Associated Press writer Harry Webber and others. The revelation, made after ChoicePoint's problems became public a couple weeks ago, has fueled suspicions that ChoicePoint could have done more, and sooner, to protect the integrity of identities at risk.

"It's understandable for law enforcement officials to seek the benefit of a low profile as they investigate and perform due diligence," says Siciliano. "They want to make sure their ducks are in a row. They certainly don't want to cry wolf."

"Bank of America discovered in December that its tapes were missing and, working with the security-obsessed Secret Service, notified affected bank clients within two months," Siciliano added. "ChoicePoint waited four months. For ChoicePoint to attribute this to reasons similar to Bank of America's is specious at best. What's bothersome is that ChoicePoint executives managed to make a killing in stock deals during the meantime. Something smells funny. Investors should be screaming bloody murder."

Litigation looms

ChoicePoint's slow response and the massive scale of the crime against the company have encouraged a California woman, as reported by Reuters and in the Los Angeles Business Journal and elsewhere, to sue ChoicePoint over the theft of her identity. Her suit could reach class-action status to cover the losses of the thousands others whose sensitive personal information may have been compromised.

"How would you like to be sued by about 150,000 people?" Siciliano asks. "We need to develop a strategy to let consumers know when their identities have been stolen. A class-action suit on this scale would destroy any company. It is time for industry to stop playing chicken with identity theft. Profitable only until disaster strikes, the game then invites the lawyers to swoop in and ends."

ChoicePoint's is no stranger to litigation. Justin Rubner of the Atlanta Business Chronicle reports the company "has been involved in at least 11 lawsuits since 2000 involving possible misappropriation of information."

Identity theft traces to organized crime and poses a threat to national security

On February 22, The Seattle Post-Intelligencer published a report, written by Bob Keefe of Cox News Service, on organized crime's link to the Internet. Well-known organized rings such as the Gambino crime family have tried their hands at consumer fraud. Newer players from Russia, Africa, Argentina and elsewhere have thrown their hats into the ring as well.

"Security failures such as ChoicePoint's and Bank of America's will continue to happen," says Siciliano. "It is up to business leaders and government officials to clamp down on identity thieves."

Last month, Robert O'Harrow, staff writer at The Washington Post, reported that ChoicePoint and companies like it are beginning to operate as private intelligence services for national security and law enforcement tasks. FOX News' Kelley Beaucar Vlahos now reports that ChoicePoint is, in fact, a major government contractor providing important background check support to Homeland Security activities.

"The potential for identity theft is the Achilles' heel of our national security," says Siciliano. "In light of these companies' inability to secure citizens' financial and identifying information, observers have to wonder how safe any of us are."

Siciliano is available to discuss identity theft. A speaker who leads seminars nationwide, he has appeared on CNN, MSNBC, FOX News, CNBC, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, and elsewhere.

###

Siciliano can be reached at 1-888-SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:

Main Web site: http://www.IDTheftSecurity.com
Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf
Testimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf

Siciliano's contact information follows:

Robert L. Siciliano
Personal Security Expert
phone: 888-SICILIANO (742-4542)
fax: 877-2-FAX-NOW (232-9669)
Robert@SafetyMinute.com

The media are encouraged to get in touch with Siciliano directly. They may also contact:

STETrevisions, strategic communications
Brent W. Skinner, President
cell: 617-875-4859
fax: 866-663-6557
BrentSkinner@STETrevisions.com

Identity Theft At ChoicePoint Inc. Threatens National Security, According To Robert Siciliano Of IDTheftSecurity.com

2005-02-23T16:20:00.000-08:00

Identity Theft At ChoicePoint Inc. Threatens National Security, According To Robert Siciliano Of IDTheftSecurity.com

(BOSTON -- Feb. 23, 2005 -- IDTheftSecurity.com) Identity theft is growing in scale and sophistication. Its perpetrators are becoming more organized and affiliating with terrorist groups. Names, addresses, phone numbers, social security numbers, and dates of birth have been up for grabs for hackers who have penetrated as many as a dozen college databases in the past six months. Thieves have even gained access to huge corporations' databases such as the one at ChoicePoint Inc. Government and the business world are struggling to respond and controversy defines the efforts to develop regulations that would properly protect consumers.

"The system of identification is fundamentally flawed," said Robert Siciliano, author of "The Safety Minute: 01."

"The confluence of everyday cyber crime and terrorism further demonstrates the need for across-the-board countermeasures and changes in the way in which we identify people," Siciliano noted.

Siciliano is a nationally televised and quoted personal security and identity theft expert.

In October 2004, hackers infiltrated a University of California, Berkley database to render the identities of 1.4 million low-income healthcare recipients - and the people who provide the care - vulnerable. A recently passed California law, SB1386, requires companies and state agencies to inform Californians of any security breach potentially jeopardizing the identities of 500,000 or more people. The university complied.

"I applaud laws that require officials who suspect wide-scale identity theft to alert those who may be victims," said Siciliano.

According to Siciliano, California's law may have prompted ChoicePoint, the large Georgia-based data mining company, to alert Californians to their possibly compromised identity information earlier this month. Only later, after facing pressure from 38 state attorneys general, did ChoicePoint admit that the crime's scope was far greater, The Globe and Mail and others report. Two U.S. senators have called for hearings and stepped-up regulations to protect consumers.

"Criminals easily gained access through the front door of ChoicePoint's database," said Siciliano.

According to ABC News, ChoicePoint is now informing approximately 145,000 people nationwide that thieves who fraudulently signed up with ChoicePoint may have stolen personal information. The Associated Press reports that victims could be from all 50 states.

"Nobody should be surprised," Siciliano said.

"What is disconcerting is how long ChoicePoint took to admit the crime's full scale. Clearly, we cannot count on these companies, who have access to so much of our personal information, to alert the public in a timely manner when security is breached. Tougher legislation is necessary. ChoicePoint may have revealed the situation's full gravity to all those affected - and sooner - had laws similar to California's compelled the company to do so elsewhere," he added.

"Security failures such as what we've witnessed with ChoicePoint will happen again. It is up to business leaders and government officials to clamp down on identity thieves and develop a strategy to let consumers know when their identities have been stolen," Siciliano said.

The data mining industry is consolidating and expanding control over people's identities, ChoicePoint is one example. Credit records, legal records, information on consumer habits and even the minutest details about people's lives are all filing into a dwindling number of databases of increasing sizes that are becoming more susceptible to theft.

"This is not simply a question of consumers' rights," said Siciliano.

"It's a matter of national security. Although these databases can help crime fighting, when they are compromised, national security is at risk," he said.

As reported in The Washington Post and elsewhere, ChoicePoint and companies like it are beginning to operate as private intelligence services for national security and law enforcement tasks. In this capacity, these companies can circumvent privacy and information laws that constrain government bodies. By getting around these, they support Homeland Security activities.

A Nigerian man has been sentenced to 16 months in jail for his involvement in the crime against ChoicePoint. Authorities suspect he was part of a larger criminal network. Organized crime's link to identity theft has precedent. This past October, law enforcement officials suspected Russian mobsters to be behind a major identity theft racket in Brighton, Mass. Over the past year high-profile phishing attacks and e-mail scams have originated from Nigeria.

"Organized international crime rings could easily collude with terrorist networks," said Siciliano.

"A clever and properly equipped computer hacker could bring nations and monetary systems to their knees. A dirty bomb could detonate in a crowded city street and kill thousands - all courtesy of the terrorists who, through identity theft, could easily forge identities, enter the country illegally and -in someone else's name - fund the entire operation," he said.

Siciliano is available to discuss identity theft. A speaker who leads seminars nationwide, he has appeared on CNN, MSNBC, FOX News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." He has been featured by Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times and The Washington Times.

More information is available by contacting Siciliano directly or via STETrevisions, strategic communications Brent W. Skinner, president, at (617)875-4859, by faxing (866)663-6557 or e-mailing BrentSkinner@STETrevisions.com.

CONTACT:Robert SicilianoP.O. Box 15145Boston,Massachusetts 02215PHONE.(888)742-4542FAX. (877) 232-9669E-MAIL: Robert@IDTheftSecurity.comhttp://www.idtheftsecurity.com

Scams Interfere with Charitable Efforts Responding to the South Asia Tsunami Catastrophe, Warns Robert Siciliano, Personal Security Expert at StreetSa

2005-01-03T16:27:00.000-08:00

Scams Interfere with Charitable Efforts Responding to the South Asia Tsunami Catastrophe, Warns Robert Siciliano, Personal Security Expert at StreetSafeSecurity.com (BOSTON -- Jan. 3, 2005 -- IDTheftSecurity.com) -- Con artists have already targeted the South Asia tsunami catastrophe, and would-be charitable givers who want to assist victims may become victims themselves. Better Business Bureaus, state government officials, and experts across the country urge citizens only to support legitimate organizations via secure means. Many expect scams to be in full swing by the end of the week, and identity theft promises to play a major role. "Scams will take advantage of people's goodwill," says Robert Siciliano, author of The Safety Minute: 01. "Just as they did in the wake of 9/11, swindlers and charlatans will attempt to profit off the American people's kindness." A nationally televised authority on identity theft and matters of security, consumer safety, and self-defense, Mr. Siciliano is familiar with the various scams that all but guarantee to interfere with tsunami relief. Stories have been reported of people who may be soliciting door to door or by setting up booths in front of stores. The American Red Cross and a number of other providers of major aid for the tsunami relief effort do not employ such practices. Other reports have surfaced about e-mails masquerading as official solicitations from the American Red Cross and other charities. These are actually phishing attacks that threaten to steal unsuspecting recipients' credit card numbers. To be sure that money is going to legitimate organizations, people should donate at secure Web links such as https://www.redcross.org/donate/donation-form.asp. Since striking just over a week ago, the misery unfolding across South Asia has led to an exceptional level of giving. For instance, according to USA Today, Catholic Relief Services received $1 million in online donations over just three days' time, an extraordinary rate of volume that crashed the organization's Web site. "Charitable response has been immediate and overwhelming, not unlike what we saw after the September 11th terrorist attacks on the World Trade Center," says Mr. Siciliano. "The tragedy in South Asia has brought out the best in people from this country and throughout the world. Unfortunately, we will also witness the worst from those who see a bonanza for scams. Before people give, they must beware." Mr. Siciliano is available to discuss the threat and ramifications of disaster relief scams. A speaker who leads seminars nationwide, he has been featured on CNN, MSNBC, FOX News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," "David Brenner," "The Howard Stern Show," and in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, and The New York Times. Mr. Siciliano can be reached at 1-888-SICILIANO (742-4542). The following URLs will take you to his Web site and information about him and his consultancy: Main Web Site: http://www.IDTheftSecurity.comMr. Siciliano's Bio: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdfTestimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdfMr. Siciliano's contact information follows: Robert L. Siciliano (robert@safetyminute.com)Personal Security Expertphone: 888-SICILIANO (742-4542)fax: 877-2-FAX-NOW (232-9669) The media are encouraged to get in touch with Mr. Siciliano directly. They may also contact: Brent W. Skinner (BrentSkinner@STETrevisions.com)Public Relations ConsultantSTETrevisions, strategic communicationscell: 617-875-4859
fax: 866-663-6557

IDTheftSecurity.com's Founder, Robert Siciliano, RFID technology in national ID cards and new passports falls short of securing the nation

2004-12-14T14:23:00.001-08:00

IDTheftSecurity.com's Founder, Robert Siciliano, RFID technology in national ID cards and new passports falls short of securing the nation

(BOSTON, MASSACHUSETTS, DECEMBER 14, 2004) A proposed national ID card and high-tech passport system promise to employ radio frequency identification (RFID) technology. Although these are steps in the right direction, they fail to ensure our security, according to Robert Siciliano, a nationally televised and quoted Boston-based expert on security issues. Author of the book, "The Safety Minute: 01,” Mr. Siciliano says RFID-driven technology alone equals high-tech security that isn’t secure.

RFID technology is not enough to secure our identities when we travel. It demands encryption to be secure. The U.S. Government does not presently plan to encrypt the RFID technology slated for U.S. passports. Even when encrypted, by itself RFID is still not enough. Mr. Siciliano urges the designers of these cards to include biometric technology as well. RFID or biometric technology, each on its own, is merely a means to identify someone. Only together do they approach a truly secure form of identification.

Many ask whether the use of any advanced technology by our government to monitor us moves the nation yet one step closer to George Orwell’s vision in his book, 1984. “We are already there,” says Mr. Siciliano. “Now we must manage our circumstances.”

###

Mr. Siciliano is uniquely qualified to discuss the ramifications of a national ID card and the need for a uniform means to identify who is a citizen of the U.S. and who is not. He is available to the media to share his uncommon insight. A speaker as featured on CNN, MSNBC, Fox News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," and "The Howard Stern Show," Siciliano leads seminars nationwide. He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, The Chicago Tribune, The Christian Science Monitor, and other publications.

Visit Siciliano’s blog at www.IDTheftSecurity.blogspot.com. Siciliano can be reached at 1-888-SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:

Main Web site: http://www.IDTheftSecurity.com
Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf
Testimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf

Siciliano's contact information follows:

Robert SicilianoPersonal Security ExpertPHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)E-MAIL: Robert@IDTheftSecurity.com

The media are encouraged to get in touch with Siciliano directly. They may also contact:

STETrevisions, strategic communications
Brent W. Skinner, President
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com

IDTheftSecurity.com's Founder, Robert Siciliano, warns Holiday shoppers and e-commerce executives brace for the next phishing attack.

2004-12-13T14:16:00.000-08:00

IDTheftSecurity.com's Founder, Robert Siciliano, warns Holiday shoppers and e-commerce executives brace for the next phishing attack.

(BOSTON, MASSACHUSETTS, DECEMBER 13, 2004) Holiday shoppers and e-commerce executives brace for the next phishing attack. Law enforcement officials investigating elaborate credit card fraud schemes have their hands full. Identity theft and fraud have dominated the news this past month. Robert Siciliano, a Boston-based expert on identity theft and author of the book, "The Safety Minute: 01,” can share uncommon insight on identity theft and how people can protect themselves.

Mr. Siciliano is uniquely qualified to discuss the growing danger of identity theft and fraud and what to do about it. A speaker who leads seminars nationwide, he has been featured on CNN, MSNBC, FOX News, “ABC News with Sam Donaldson,” Reuters, “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” “David Brenner,” “The Howard Stern Show,” and in RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, and The New York Times.

Identity thieves’ technological savvy and organizational sophistication have improved alarmingly:

Across the country, organized Russian crime rings and others are establishing elaborate networks to execute sophisticated identity theft and fraud scams such as last month’s alleged foul play in Brighton, Massachusetts.
"Phishing" attacks, identity thieves’ online scam du jour, have increased astronomically this year.
ID theft has become easy. Terrorists and other misanthropes may enter the U.S. undetected, circumventing surveillance and security systems now in place.

Everyone is susceptible, from the individual consumer to entire industries. Banking organizations, e-commerce companies, and the government itself are at risk of falling prey, prompting officials to respond:

The U.S. Congress is presently debating a national ID system.
The Federal Trade Commission has posted a Web site where visitors can retrieve free credit reports.
A new law requires the three big credit companies, Equifax, Experian, and TransUnion, to provide free credit reports to consumers once per year, a practice that has already commenced in many Western states.

###

Street smarts can combat street-smart identity thieves. People can protect themselves right now. Mr. Siciliano has developed a street-smart methodology to fight back and is available to the media to share his uncommon insight about identity theft as it pertains to personal finances, the terrorism threat, and national security. A speaker as featured on CNN, MSNBC, Fox News, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," and "The Howard Stern Show," Siciliano leads seminars nationwide. He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, The Chicago Tribune, The Christian Science Monitor, and other publications.

Visit Siciliano’s blog at www.IDTheftSecurity.blogspot.com. Siciliano can be reached at 1-888-SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:

Main Web site: http://www.IDTheftSecurity.com
Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf
Testimonials: http://www.idtheftsecurity.com/PDF/11x17_3wc.pdf

Siciliano's contact information follows:

Robert SicilianoPersonal Security ExpertPHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)E-MAIL: Robert@IDTheftSecurity.com

The media are encouraged to get in touch with Siciliano directly. They may also contact:

STETrevisions, strategic communications
Brent W. Skinner, President
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com