Identity Theft

Teresa Wahleithner & Wanda Gaston IT 486 Critical Issues in Information Technology Terrance Linkletter

Identity Theft

Executive Summary
The purpose of this paper is to discuss identity theft as a crime that affects individuals as well as organizations. Identity theft is fraudulent activity that is defined and codified at local, State and Federal levels. Commissions and agencies such as the Federal Trade Commission and Secret Service are charged with helping to stem the flow of these activities and protect both citizens and organizations. This paper is the product of our undertaking towards the identification of how identity theft occurs, and what impact it has on both individuals and businesses. We will also explore the process of identifying a strategy to determine when information has been compromised, as well as a plan for mitigating risks when it has determined that personal information has been exposed and steps to minimize the effects to business and individuals.

3/9/2014

Identity Theft

Contents
Executive Summary......................................................... 1 Contents .......................................................................... 2 What is Identity theft? .................................................... 3 Types of Fraud by Percentage ........................................ 3 Tips for Preventing Identity Theft ................................... 5 Criminal Investigations ................................................... 7 Laws Covering Identity Theft .......................................... 7 Works Cited................................................................... 10

3/9/2014

Identity Theft

What is Identity theft?

The short answer is that identity theft is a crime. Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. (Justice, 2014) Identity Crimes - Identity crimes are defined as the misuse of personal or financial identifiers in order to gain something of value and/or facilitate other criminal activity. The Secret Service is the primary federal agency tasked with investigating identity theft/fraud and its related activities under Title 18, United States Code, Section 1028. Identity crimes are some of the fastest growing and most serious economic crimes in the United States for both financial institutions and persons whose identifying information has been illegally used. The Secret Service records criminal complaints, assists victims in contacting other relevant investigative and consumer protection agencies and works with other federal, state and local law enforcement and reporting agencies to identify perpetrators. Identity crimes investigated by the Secret Service include, but are not limited to, the following: Credit Card/Access Device Fraud (Skimming) Check Fraud Bank Fraud False Identification Fraud Passport/Visa Fraud Identity Theft

(Service, 2014)

Types of Fraud by Percentage

30% 25% 20% 15% 10% 5% 0% Credit Card Fraud Phone and Utilities Fraud Bank Fraud Employment Fraud Government Document Benefits Fraud Loan Fraud

3/9/2014

Identity Theft
Table 1: Fraud Percentages

In the age of information technology, fraud is not a foreign concept as the media warns us about fraud, the internet has disclaimers for prevention of fraud and if you are victimized by simply going to a store, bank or restaurant to name a few. If you have never been a victim, congratulations to you but there are many forms of fraud that we will provide details on. Unfortunately some of us are not so lucky and may have been exposed to some or all of these fraud situations. If not it is likely that in our life time we all will have experienced at least one of these attacks personally. To make samples of fraud easier to spot here are some of the types.

Credit Card Fraud

Phone and Utilities

Bank Fraud

Employment Fraud

Government

Loan Fraud

Figure 1: Fraud Types

Credit Card Fraud is a way that criminals use their technological knowledge to obtain identities of their victims through credit card theft. In this scam that is ever growing, the thieves are known as coders will use high-tech equipment and/or their extensive knowledge to gather data for sale on the black market. For the victims the years of credit cleanup and inconvenience of the process is painful and costly. An example was an incident that occurred in 2013 where a large corporation was targeted in a scam that resulted in 40 million customers credit card information getting compromised. The attack was a guru from the digital underground that created the crisis that is still in the cleanup process (Bjorhus, 2014). Phone and Utility Fraud are the number one methods of fraudulent acts in the theft of identity according to analyst in prevention positions to protect customers data. The technique used is a phone call urging you to pay your bill with pre-paid card instead of using check or credit cards that is no longer accepted. Once instructed how to purchase the pre-paid card the customer has willingly provided their personal information to be used to open a variety of utility and/or phone accounts fraudulently (Patterson, 2013). Bank Fraud is a white collar crime that is customarily executed by upper class individuals that has in interest in obtaining or making large sums of money. An example is a judge that resigned from the bench after getting caught when attempting to hide personal funds from being evaluated in the process of a short sale of her home (Gerber, 2013). A couple other people that are better known to most for bank fraud due to his high profile crimes are well publicized court 3/9/2014

Identity Theft case with Bernie Madoff for his infamous Ponzi scheme and Martha Stewart for her insider trading scandal. Employment Fraud is another harmful way that criminals can destroy the credibility of their victims by obtaining their personal information and using it to get employment if in high income brackets or other beneficial ways of use. It can also be a person posing as a potential employer gathering personal data of their victims to use maliciously (Employment Fraud, 2014). Government Fraud is identified by the criminals targeting resources that they are not entitled to for financial gain. Governmental programs that you may recognize from being in the news as being manipulated is housing fraud, defense contract procurement fraud, and school programs that are publicized once discovered. Loan Fraud is a crime that can be committed in many ways by illegally obtaining loans or illegally administering them. Criminals obtaining loans through identity theft is a quick mental leap to determine what loan fraud is. But a very public loan fraud incident is a large corporation, JPMorgan Chase, who had to pay out a $63.9 million to a whistleblower for not disclosing information to clients to save money. JP Morgan Chase is one of our nations largest corporations but they still make decisions to commit loan fraud to save money. Regardless of the reason they deceived the FHA and VA to push loans through the system, they played a large part in the financial crisis crippling the USA that began in 2007 (Stempel, 2014).

Tips for Preventing Identity Theft

For Personal - You may be careful about locking your doors and windows, and keeping your personal papers in a secure place. Depending on what you use your personal computer for, an identity thief may not need to set foot in your house to steal your personal information. You may store your SSN, financial records, tax returns, birth date, and bank account numbers on your computer. These tips can help you keep your computer and the personal information it stores safe. Virus protection software should be updated regularly, and patches for your operating system and other software programs should be installed to protect against intrusions and infections that can lead to the compromise of your computer files or passwords. Ideally, virus protection software should be set to automatically update each week. The Windows XP operating system also can be set to automatically check for patches and download them to your computer. Do not open files sent to you by strangers, or click on hyperlinks or download programs from people you dont know. Be careful about using file-sharing programs. Opening a file could expose your system to a computer virus or a program known as spyware, which could capture your passwords or any other information as you type it into your keyboard. Use a firewall program, especially if you use a high-speed Internet connection like cable, DSL or T-1 that leaves your computer connected to the Internet 24 hours a day. The firewall program will allow you to stop uninvited access to your computer. Without it, 3/9/2014

Identity Theft hackers can take over your computer, access the personal information stored on it, or use it to commit other crimes. Use a secure browser software that encrypts or scrambles information you send over the Internet to guard your online transactions. Be sure your browser has the most upto-date encryption capabilities by using the latest version available from the manufacturer. You also can download some browsers for free over the Internet. When submitting information, look for the lock icon on the browsers status bar to be sure your information is secure during transmission. Try not to store financial information on your laptop unless absolutely necessary. If you do, use a strong password a combination of letters (upper and lower case), numbers, and symbols. A good way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, I love Felix; hes a good cat, would become 1LFHA6c. Dont use an automatic log-in feature that saves your user name and password, and always log off when youre finished. That way, if your laptop is stolen, its harder for a thief to access your personal information. Before you dispose of a computer, delete all the personal information it has stored. Deleting files using the keyboard or mouse commands or reformatting your hard drive may not be enough because the files may stay on the computers hard drive, where they may be retrieved easily. Use a wipe utility program to overwrite the entire hard drive. Look for website privacy policies. They should answer questions about maintaining accuracy, access, security, and control of personal information collected by the site, how the information will be used, and whether it will be provided to third parties. If you dont see a privacy policy, if you cant understand the policy, consider doing business elsewhere. (Commision, 2014) For Business - Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy. The improper disclosure of sensitive data can also cause harm and embarrassment to proprietors and staff, and potentially harm the reputation of the business. Therefore, it is to everyone's advantage to ensure that sensitive data is protected. Data security is fundamental Data security is crucial to all academic, medical and business operations at MIT. All existing and new business and data processes should include a data security review to be sure MIT data is safe from loss and secured against unauthorized access. Plan ahead Create a plan to review your data security status and policies and create routine processes to access, handle and store the data safely as well as archive unneeded data. Make sure you and your colleagues know how to respond if you have a data loss or data breach incident. Know what data you have

3/9/2014

Identity Theft The first step to secure computing is knowing what data you have and what levels of protection are required to keep the data both confidential and safe from loss. Scale down the data Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks). Lock up! Physical security is the key to safe and confidential computing. All the passwords in the world won't get your laptop back if the computer itself is stolen. Back up the data to a safe place in the event of loss. (Technology, 2014)

Criminal Investigations
Secret Service - The United States Secret Service is responsible for maintaining the integrity of the nation's financial infrastructure and payment systems. As a part of this mission, the Secret Service constantly implements and evaluates prevention and response measures to guard against electronic crimes as well as other computer related fraud. The Secret Service derives its authority to investigate specified criminal violations from Title 18 of the United States Code, Section 3056. Criminal investigations can be international in scope. These investigations include: identity crimes such as access device fraud, identity theft, false identification fraud, bank fraud and check fraud; telemarketing fraud; telecommunications fraud (cellular and hard wire); computer fraud; fraud targeting automated payment systems and teller machines; direct deposit fraud; investigations of forgery, uttering, alterations, false impersonations or false claims involving U.S. Treasury Checks, U.S. Saving Bonds, U.S. Treasury Notes, Bonds and Bills; electronic funds transfer (EFT) including Treasury disbursements and fraud within the Treasury payment systems; Federal Deposit Insurance Corporation investigations; Farm Credit Administration violations; and fictitious or fraudulent commercial instruments and foreign securities.

Laws Covering Identity Theft

Laws covering identity theft have been enacted at the Federal and State levels to codify what defines identity theft, as well as the penalties that result from unlawful behavior. Laws continue to be written, but cyber-criminals continue to find new ways to stay one step ahead of the laws that are passed. Below are a few of the laws that cover current identity crimes. Identity Theft and Assumption Deterrence Act, 18 USC 1028(a)(7)Theft and Assumption Deterrence Act, 18 USC 3/9/2014

Identity Theft
Identity theft is a criminal offense. It occurs when a person knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit or to aid or abet any unlawful activity that constitutes a violation of federal law or that constitutes a felony under any applicable state or local law.

RCW 9.35.020 Identity Theft.

1. No person may knowingly obtain, possess, use, or transfer a means of identification or financial information of another person, living or dead, with the intent to commit, or to aid or abet, any crime. 2. Violation of this section when the accused or an accomplice violates subsection (1) of this section and obtains credit, money, goods, services, or anything else of value in excess of one thousand five hundred dollars in value shall constitute identity theft in the first degree. Identity theft in the first degree is a class B felony punishable according to chapter 9A.20 RCW. 3. A person is guilty of identity theft in the second degree when he or she violates subsection (1) of this section under circumstances not amounting to identity theft in the first degree. Identity theft in the second degree is a class C felony punishable according to chapter 9A.20 RCW. 4. Each crime prosecuted under this section shall be punished separately under chapter 9.94A RCW, unless it is the same criminal conduct as any other crime, under RCW 9.94A.589.

5. Whenever any series of transactions involving a single person's means of identification or financial information which constitute identity theft would, when considered separately, constitute identity theft in the second degree because of value, and the series of transactions are a part of a common scheme or plan, then the transactions may be aggregated in one count and the sum of the value of all of the transactions shall be the value considered in determining the degree of identity theft involved. 6. Every person who, in the commission of identity theft, shall commit any other crime may be punished therefor as well as for the identity theft, and may be prosecuted for each crime separately. 7. A person who violates this section is liable for civil damages of one thousand dollars or actual damages, whichever is greater, including costs to repair the victim's credit record, and reasonable attorneys' fees as determined by the court.

8. In a proceeding under this section, the crime will be considered to have been committed in any locality where the person whose means of identification or financial information was appropriated resides, or in which any part of the offense took place, regardless of whether the defendant was ever actually in that locality.
3/9/2014

Identity Theft

9. The provisions of this section do not apply to any person who obtains another person's driver's license or other form of identification for the sole purpose of misrepresenting his or her age. 10. In a proceeding under this section in which a person's means of identification or financial information was used without that person's authorization, and when there has been a conviction, the sentencing court may issue such orders as are necessary to correct a public record that contains false information resulting from a violation of this section.

3/9/2014

Identity Theft

10

Works Cited
Bjorhus, J. (2014, February 2). Digital Underground Believed to be Behind attack on Target. Retrieved from Tampa Bay TImes: http://www.tampabay.com/incoming/digitalunderground-believed-to-be-behind-attack-on-target/2163841 Commision, F. T. (2014). TAKE CHARGE: Fighting Back Against Identity Theft. Retrieved from Business ID Theft: http://www.businessidtheft.org/Portals/0/Docs/FTC%20%20ID%20Theft%20Guide.pdf Employment Fraud. (2014, March 10). Retrieved from Identity Theft Facts: http://www.identitytheftfacts.com/articles/employment-fraud/ Gerber, M. (2013, January 30). Ex-Michigan Justice Pleads Guilty To Bank Fraud, Faces Prison TIme. Retrieved from Los Angeles Times: http://articles.latimes.com/2013/jan/30/nation/la-na-nn-ex-michigan-judge-pleadsguilty-20130130 Justice, D. o. (2014). Identity Theft and Identity Fraud. Retrieved from The United States Department of Justice: http://www.justice.gov/criminal/fraud/websites/idtheft.html Patterson, E. (2013, April 03). Hang Up On New Utility Bill Phone Scams. Retrieved from Better Business Bureau: http://www.bbb.org/blog/2013/04/hang-up-on-new-utility-bill-phonescam/ Service, U. S. (2014). Criminal Investigations. Retrieved from United States Secret Service: http://www.secretservice.gov/criminal.shtml Stempel, J. (2014, March 7). JPMorgan whistleblower get $63.9 million in mortgage fraud deal. Retrieved from Reuters: http://www.reuters.com/article/2014/03/07/us-jpmorganwhistleblower-idUSBREA261HM20140307 Technology, M. I. (2014). Protecting Data. Retrieved from Information Systems & Technology: http://ist.mit.edu/security/protecting_data

3/9/2014