Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Microsoft's Charney Agrees That Information Security and Privacy Pros Must Work Together | Main | APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams »

Many Kinds of Identity Theft Cause Many Types of Long Lasting Negative Impacts

I want to revisit the blog posting I made a few days ago, "Average Cost of ID Theft Per Victim is $31,356"

Some folks gave me some feedback, saying that they thought this cost was way too high based upon their own experiences when someone had used their credit cards and "it only took a matter of minutes to call the credit card company and report it, cancel the card/number, and get a new card, along with the $50" that they were responsible for.

It is important for organizations and individuals to realize that there are many other types of identity theft beyond just someone using someone else's credit card. Most people probably think of it almost exclusively, though, because of the preponderance of commercials and articles that talk about thieves stealing and using credit card numbers.

Here is a brief overview of four types of identity theft:

* "Account Takeover": In "Account Takeover" identity theft, the criminal uses stolen personal information, such as a credit card number, to gain access to existing accounts. The thief will typically change the address for the account and then run up a huge bill before the true account owner realizes the thief has gotten his or her information. This typically takes less time, effort and money to repair.

* "True Name": In "True Name" identity theft, the criminal assumes your complete identity using your personaly identifiable information (PII) and then uses your PII to open new accounts (such as credit cards, bank accounts, lines of credit, and so on) or obtain services (such as cell phone and so on). This type of identity theft requires a significant amount of time, resources and money for the victim to repair the damage. This type of identity theft can take years of work by the victim to recover from.

* "Criminal Identity Theft": This type of identity theft doesn't occur quite as often as those previously mentioned, but has devastating and long-lasting impacts on the victims; criminal identity theft. Criminal identity theft occurs when an a criminal gives another person's name and personal information (e.g., drivers' license, date of birth, Social Security number (SSN) and so on) to a law enforcement officer during an investigation or upon arrest, or when the criminal gives law enforcement a counterfeit license containing another person's PII. Victims of this type of identity theft are typically unaware of the criminal activity until they are denied employment or terminated from employment, or even arrested during a routine traffic stop or other encounter with law enforcement. It takes a great amount of time, effort and money to get this mess fixed...and it can usually never be completely corrected completely.

* "Medical Identity Theft": Medical identity theft, which I've blogged about before here and here, can not only have negative impacts such as those previously described, it can also have true negative health and safety impacts upon the individuals who were victimized.

All of the above not only can have long-lasting impacts on the victims, causing years and years of trying to fix credit reports and ratings that were ruined as a result of the incidents, but they also may not be discovered by the victims until the criminals' activities have had wide-spread and insideous impacts on the victims' PII within large numbers of bogus accounts, and having the information subsequently being imported into criminal records, medical records, and a limitless range of other databases throughout which they continue to be perpetuated.

One of the saddest and most despicable identity theft stories I heard was of the estranged father who stole his baby son's identity using the infant's social security number to repeatedly open accounts, obtain rentals, and a wide range of other activities, and no one knew until the son grew up and went to college and got turned down for a credit card because of his horribly bad credit rating.

Sadly, identity theft by family members is not that uncommon. Recently a man stole his 11-year-old son's identity to get a driver's license, a $14,000 truck, and a credit card that he had charged $1600 to before being caught, and in another case a creepy dad stole his two-year-old's identity to get a loan to buy a $20,000 car.

Here are some good sites for more information about identity theft, not only for individuals, but also for businesses to help prevent identity theft through by strengthening their security practices:

* FTC Identity Theft Resource Center

* Privacy Rights Clearinghouse

* Identity Theft Resource Center

* Identity Theft Info

* Identity Theft Prevention and Survival

* World Privacy Forum Medical Identity Theft site


The numbers of these diverse identity theft incidents are huge. Keep this in mind when you think about the impact to each identity theft victim.

Tags:                  
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on October 26, 2007 3:14 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/556

Comments

The Federal Trade Commission has a website devoted to Identity Theft. It contains information for consumers. I would review that site if you think that you may be a victim of identity theft.

Posted by: consumer feedback about lifelock identity | May 9, 2008 4:58 AM

Providing your personal or financial information through an organization’ s secured website only. While not fool proof, a lock icon on the browser’ s status bar or a URL for a website that begins“ https:” (the“ s” stands for secure), may provide additional security.

Posted by: identy theft | May 9, 2008 11:03 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.