ChipCenter Questlink
SEARCH CHIPCENTER
Search Type:
Search for:




Knowledge Centers
Product Reviews
Data Sheets
Guides & Experts
News
International
Ask Us
Circuit Cellar Online
App Notes
NetSeminars
Careers
Resources
FAQ
EE Times Network
Electronics Group Sites

  Analog Avenue

    Editorial

Editorial Archives | Feedback

ID Theft: The Dark Side to Online Finances

by Paul O'Shea

Let's face it, we all love the convenience of making transactions online. We can purchase items while searching for the best price, sell items or pay our creditors by simply sending electrons from one place to another. Wow, is this great or what? It's "great" and "or what" because there is a downside to the simplicity. The unfortunate side of the convenience is that there are people who have learned how to tap into financial institutions and steal your account numbers, money, and worse - your identity.

There are organized hacking syndicates targeting financial institutions around the world. Reports are that these groups are growing at a disturbingly fast rate. Amazingly, banks don't want to let you and I know and are willing to pay these high-tech extortionists hush money to protect their reputations.

This is important to know because online banking is projected to grow in both industrialized and non industrialized countries. According to a report by the World Bank, online banking will rise from 8.5% in 2001 to 50% by 2005 in industrialized countries and from 1% to 20% in emerging markets. Also in 2001, there were 53,000 hacking attacks with 57% of those on financial institutions. As you might expect, there's no indication that these attacks on our financial institutions will slow down in the next few years. In fairness to the financial institutions, they are very aware that there are problems, but mostly they see the problem as theirs and not yours or mine. They think that way because we don't incur the loss of money (or very little) when someone steals an account number. However, you and I have to deal with the theft of our identity, which means at best we have to replace our credit cards with newly numbered accounts and at worst we have to change our social security number, and possibly even our names - just to protect our reputation and credit worthiness.

How Does Online Theft Happen?
Methods of electronic fraud by hackers include extortion of the bank (by reputation), stock manipulation, identity theft, theft a little at a time, and fund transfers. Reports by the World Bank indicate that 50% of electronic security intrusions are carried out by insiders. Banks don't report these incidents mainly because they want to maintain customer and investor trust.

There were thousands of attacks on financial institutions just last year. Many were insignificant in the amount stolen (and that's only insignificant if it didn't' happen to you). Some of the big thefts in 2001 included extortion of Visa for $20 million (I couldn't find out any details but that's no surprise), and the penetration of the systems run by S1 Corp., an Atlanta-based provider of electronic finance services to the financial industry. The incident led to the simultaneous compromise of more than 300 banks, credit unions, insurance providers and investment firms. Another, more well-publicized event, was the attack on California's state employees data base, which included 265,000 account names, social security numbers and payroll information about employees ranging from office workers to judges. The state authorities in this case took a lot of heat for taking their time (close to 2 months) before reporting the break-in to those employees. That means these employees could have had their identities stolen and financial status ruined because no one told them to protect themselves.

The one that really bothers me is the attack on Experian, a credit reporting agency - you know, the company that tells how credit worthy you are and what interest rate you can get for a loan. Thieves stole 13,000 confidential records from the Costa Mesa, California-based credit reporting agency. There's no money to steal directly, but all those people and their identities could have been damaged.

All these break-ins occurred over wired systems - just imagine what could happen with wireless devices. Recently, to prove this point, amateur WLAN sniffers used a freeware package called NetStumbler to detect hundreds of insecure business and home WLANs. After they detected the WLAN they used an application programming interface to capture, create, and transmit arbitrary packets on a wireless LAN using the IEEE 802.11b standard. The program allows hackers to capture TCP/IP packets or inject them into a network. Other wireless attack tools are also expected to become available that exploit flaws in the Wired Equivalent Privacy (WEP) protocol, allowing a hacker to determine encryption keys and packet generators. These tools inject noncompliant packets into a network in an attempt to crash systems that can't handle unusual packet structures. No doubt other tools will become available for creating more problems and businesses and individuals will also need to know how to defend against their theft of money and identity.

Identity Theft
Identities are stolen in many ways. For example, thieves can steal your mail, go through your garbage to retrieve account numbers, steal your wallet or purse, pose as your employer or bank representative and ask for information to update records, and they can get information from Internet sites that aren't secure. Thieves have even been known to complete a change of address form at the post office or steal information from checks passed at a grocery store.

Once the thief has access to your personal information, they may open a new credit card account in your name providing the newly created billing address. The new credit card bills will not go to your address and you probably won't be aware of the new account. When the thief does not pay the bills, the credit card company will report this to your credit file, and unless you check your credit file, you still won't know what happened. The thief may also open up bank accounts in your name and write bad checks, apply for services in your name or request a replacement card be sent to the new address. Unless the financial institution informs you of the situation at your original address, you still won't know that your credit rating has tanked. It's something of a Catch-22 situation because taking quick action can help overcome some of the difficulties caused by identity theft, but you can't respond quickly if you don't know about it.

However, according to the Privacy Rights Clearinghouse, help is available. According to the organization, these are the steps to take immediately, should you become a victim:

Contact the fraud division of the three major credit reporting agencies to let them know you have been a victim of identity theft. Agencies and phone numbers are: Equifax: 800-525-6285, Experian: 888-397-3742, and TransUnion: 800-680-7289.

Request a "fraud alert" be placed on your file. This alert will warn lenders to be especially careful in authenticating identity of anyone claiming to be you. It will mean that you cannot open instant credit, for example, at a retail store. But that is a minor inconvenience in light of the damage identity theft can do.

File a report with your local police department and make sure you get a copy.

Contact each credit grantor who has allowed a fraudulent account and tell them you did not open that account. Have them close these accounts. If you open new accounts, make sure to place a password on the account.

Call the Identity Theft Toll-Free Hotline at 1-877-IDTHEFT (1-877-438-4338). This is the central point of contact within the federal government for reporting incidents of identity theft. Finally, document all these contacts with dates, names and phone numbers for your records. Good luck.

Test Your "Identity Quotient" for Risk of Identity Theft
(From the Privacy Rights Clearinghouse)

Take this short quiz to get a picture of how much risk you're at for having your identity (and more) stolen.

  • I receive several offers of pre-approved credit every week. (5 points)
  • Discard pre-approved credit offers without shredding before putting them in the trash. (5 points).
  • I carry my Social Security card in my wallet. (10 points)
  • My state driver's license has my SSN printed on it, and I have not contacted the Department of Motor Vehicles to request a different number. (10 points)
  • I do not have a PO Box or a locked, secured mailbox. (5 points)
  • I use an unlocked, open box at work or at my home to drop off my outgoing mail. (10 points)
  • I carry my military ID in my wallet at all times. (10 points)
  • I do not shred or tear banking and credit information when I throw it in the trash. (10 points)
  • I provide my Social Security number (SSN) whenever asked, without asking questions as to how that information will be safeguarded. (10 points)
  • Provide SSN orally without checking to see who might be listening. (5 points)
  • I am required to use my SSN at work as an employee ID or at college as a student ID number. (5 points)
  • My SSN is printed on my employee badge that I wear, or posted on my time card in full view of others, or is on other documents frequently seen by many others in my workplace. (10 points)
  • I have my SSN and/or driver's license number printed on my personal checks. (10 points)
  • I am listed in a "Who's Who" guide. (5 points)
  • I carry my insurance card in my wallet and either my SSN or that of my spouse is the ID number. (10 points)
  • I have not ordered a copy of my credit reports for at least 2 years. (20 points)
  • I do not believe people would root around in my trash looking for credit or financial information. (10 points)

    Scoring

    100 + points - You are at high risk.
    Privacy Rights recommends taking the following action to reduce risk:
    Purchase a paper shredder
    Become more security-aware in document handling
    Start to question why people need your personal data.
    (More than 500,000 people will become victims of ID theft this year.)

    50-100 points - Your odds of being victimized are about average; higher if you have good credit.

    0-50 points - Congratulations. You have a high "IQ." Keep up the good work and don't let your guard down now.

    The Identity Theft IQ Test was developed by the Privacy Rights Clearinghouse, www.privacyrights.org , and the Utility Consumers' Action Network, www.ucan.org.

    Resources:
    - Electronic Security: Risk Mitigation in Financial Transactions
    http://www1.worldbank.org/finance/assets/images/Global_Dialogue_2002-final3.pdf

    - Identity Theft Prevention and Survival
    http://www.identitytheft.org/id_theft_kit.htm

    Return to Poll

    Analog Main | Product of the Week | Columns | Editorial | Tech Notes

    Click here to get your listing up.

    • Copyright © 2003 ChipCenter-QuestLink
    About ChipCenter-Questlink  Contact Us  Privacy Statement   Advertising Information  FAQ