Identity Theft First of All,

Identity Theft

First of all, it makes good business sense for American citizens to take all available precautions to protect their credit cards, debit cards, and indeed, their identity. There are criminals - hackers and other software geeks - at work 24 hours a day with high levels of sophistication in matters of computer technology and the Internet, and their prowess is often a step or two ahead of software developers' ability to protect the average online user.

Secondly, for persons who believe identity theft will likely never happen to them, be advised that it recently happened to a United States Senator, Senate Minority Leader Harry Reid. According to the publication Congress Daily (quoting CNN.com) Reid's MasterCard number "...was used to charge about $2,000 at stores in North Carolina."

When Senator Reid opened his bill, he discovered the expenditures; "It's not a tremendous inconvenience for me," he told CNN.com, but he admitted that he had no idea how someone stole his credit card number. In any case, if a U.S. Senator can become a victim that easily, average ordinary people should understand that they, too, are vulnerable.

Meanwhile, thirdly, there are mixed messages being given out regarding the actual dollar amounts that computer users are losing through identity theft-related rip-offs. Indeed, Business Week magazine (Foust, et al., 2006) reports "...as many as 88 million Americans - more than one in four - had digital data exposed in the past 18 months." And as frightening as that should be to any online user who is paying attention, it is not as bad as it seems to be, journalist Foust continues. The article explains that while having one's digital data "exposed" certainly puts a person at risk, it rarely results in "actual financial losses."

Indeed, Foust continues, "...Actual losses may be a little more than a tenth of the $48 billion annual estimate that often gets thrown around." Law enforcement officials "...braced for a wave of financial fraud..." The article asserts, following reports that companies like Time Warner, Wells Fargo, LexisNexis and others admitted that their customers' records and some employee personal information had "...fallen into the wrong hands." But the head of the FBI's Internet Crime Complaint Center, Daniel Larkin, said, "what we've seen has not been significant...we would have expected to have seen more" theft of individuals' identities.

The article also points out that due to the "media frenzy" created by security breaches, many people immediately call their credit card companies and banks, canceling any credit cards that may have been violated. And also, criminals just don't seem to follow through once they have obtained bank and credit card records. "Theft of information is out of control," according to Avivah Litan, senior analyst at Gartner Inc., a research firm based in Stamford, Connecticut, "but use of that information to commit fraud is not out of control," Foust explains.

Moreover, if any business could expect to be hit, and hit hard, by criminals stealing the identities and person information of customers, it would be banks, right? Well, not according to the Business Week article; the senior vice-president of processing for Visa USA Inc., Jean Bruesewitz, reports that in "relative terms, fraud losses have declined sharply." In fact, in 1991, fraud losses amounted to 19 cents for every $100 of credit card spending; but that has dropped (as of the first quarter of 2006) to just 7 cents per $100 of spending.

And Bruesewitz adds, "No more than 2% of all credit card and debit accounts exposed in a security breach have seen any unauthorized spending as a result." Part of the reason for the drop in credit and bankcard rip-offs is that banks "...have implemented sophisticated screening systems that can now monitor purchases and new account applications in real time." Visa has created "algorithms that provide its member banks with a rating of the odds that every individual transaction is fraudulent," Foust's article points out.

Meanwhile, a very recent article in Networks Update explains a new technology that will reportedly allow IT managers to "improve productivity by reducing the cost and complexity of an identity management deployment" and in the process integrate "Identity Management" (IdM) and "Information Access" technologies in a single security technology. The system that Networks Update critiques is IMAG ("Identity Managed Access Gateway") by Apere, Inc.

The way it works is by an innovative way of permitting or denying access to applications that are critical to a business; the IMAG systems knows who should and who should not have access to those critical files and applications because it has "auto discovery capabilities" that immediately click into place when any attempt is made to enter into privileged files.

But what makes this system unique - in an IT world that already has firewalls and other seemingly effective preventative measures - is that, according to the Mark Rhodes-Ousley, author of the book Network Security, The Complete Reference, IMAG automatically creates and manages "...access policies based on all sources of identity information in the network," and avoids wasteful use of IT resources "for manual network access provisioning and policy management."

While the future success of innovations like IMAG is positive and hopeful but yet to be proven, there are other ongoing efforts to come up with ways to safeguard identity security for individuals. One of those efforts is the new research center - the Center for Identity Management and Information Protection - being developed at Utica College (Kiernan, 2006). According to the Chronicle of Higher Education, the center is necessary because - in the words of Thomas Longstaff, deputy director for technology at the center - there are some viable research projects ongoing and run by experts, but they're "few in number and widely scattered."

Said Longstaff: "We desperately need coordination." The executive director of the center, Gary R. Gordon, calls the center a "clearinghouse for research conducted by others" who are working on identity theft issues. The center will "shed light on practices and technologies that could block identity theft from happening in the first place," said Gordon. The annual budget at the start of the center's operation is only $500,000 - half of which comes from federal grants and the rest from two corporate sponsors, LexisNexis and IBM.