Wednesday, February 15, 2006

Identity Theft via Internet Security Flaws

In 2002, federal investigators helped to crack an identity theft ring that had been going for almost three years. More than thirty thousand victims were involved in the problem. Eventually, three men were charged. They had caused more than two point seven million dollars in damage. The scam was the largest in the history of the United States. The entire scam started when the perpetrators worked for a company that collected information via the internet. The security flaws that existed then and currently exist helped the men to do their damage. Those security flaws can still be a problem today.

It is estimated that identity theft accounts for twenty-five percent of all credit card losses in the industry. Moreover, in some states, identity theft is not even illegal. It is relatively easy for a thief to get your identity. First, all a thief needs is your social security number; you birth date, and your contact information. Once he or she has any of this, they can get a fake ID, which will help them apply for credit, posing as you. Because so many lending institutions are eager to issue credit these days, information is not properly verified, and the first account leads to more accounts. This ruins your credit. It is simple for a thief to take the first step to get more information because of password protected sites where you have entered your information.
Industry analysts suggest that passwords are the weakest, most exploited form of protection in the internet industry. They are a serious security flaw. Once a password is created or issued, it is impossible to tell exactly who is using the password. It could be passed around from individual to individual without the company ever realizing a problem has occurred.

Even if thieves don't get your password, there are hundreds of other opportunities to start the processes with your contact information. Files about you exist everywhere. Your doctor has your contact information. Your lawyer has your contact information. Your banker has your contact information. Even your trash collection service probably has your contact information. If even a single person in any one of those offices decides to use or sell that information, an identity thief could be in business.

Identity thieves also exploit other internet security flaws to get your password. Phishing is one popular scam. In this model, you get an e-mail from a company you currently do business with asking you to verify your login and password through the link they've established in the e-mail. Once you click on that link and enter your name and password, you've just given your information to an identity thief without even knowing it. Another way thieves exploit security flaws is by hacking sites with poor security protocols. You can tell if the site you're dealing with has good security by looking at the address as you login. If the “http” turns to “https,” you're dealing with a secure site. If it does not, it would be wise not to submit your information to the site.

Once you become aware of the fact that you are a victim of identity theft, the first thing you should do is call the fraud division of all three credit bureaus. They can send you a free credit report so you can examine the damage that has been done. The next thing you should do is contact your creditors. You will need to do this both on the phone and in writing. They can give you the evidence you need to go to law enforcement personnel. Debt collectors may begin to call, and if they do, you must inform them immediately that you are a fraud victim, and that you cannot be held responsible for the account itself. If they persist, you should obtain the name and number of the collection service, as you can report them to the Federal Trade Commission. The next call you should make should be to local law enforcement personnel. Offer them all of the evidence you have collected, and make sure the police report lists the accounts that have been used. You will need a copy of the police report to settle the accounts in question. Finally, keep a case log of the entire process. You should include receipts for things like phone bills, postage, and all other costs associated with your fraud case. These could be useful in the future.