Protect Yourself Against ID Theft – The Laws May Not

By: CJMcKinney  //  Investigative Reports, Tech

Did you know that January 13 – 17 was Identity Theft Awareness Week? If you didn’t, you aren’t alone. Turns out that although ID theft losses top $20 billion annually, most Americans really don’t know much about it – or how to protect themselves from becoming victims. And since current ID theft laws have serious limitations, it’s up to consumers to learn what they need to do to protect sensitive personal information from today’s savvy data thieves.

What’s Identity Theft Anyway?

Because of incidents like the recent data theft that affected millions of shoppers at Target department stores, most people think identity theft is a problem of the digital age. But it’s been around as long as people have had identities. Assuming the name of a dead person for the sake of an inheritance or other monetary windfall is an old strategy, well documented in history and literature. And with the advent of documentation such as birth certificates and social security cards, stealing identifies actually got easier, with a longer reach.

Identity theft is relatively easy on every level. Fraud experts and consumer advocates say that the majority if ID theft cases happen the old fashioned way – credit cards or bills are swiped from mailboxes, or a family member, friend or caregiver lifts a victim’s card numbers or checkbook for some quick cash. That kind of fraud is relatively easy to report and prosecute.

But it’s true that the age of the Internet, with easy transactions and sharing of everything from birthdates to bank account numbers, ushered in a whole new dimension of identity hijacking. Identity theft has gone global thanks to online shopping, wider use of point of sale credit and debit card processing, and general sharing of personal information on social media sites. What’s more, identity thieves aren’t just part of the neighborhood any more. They’re sophisticated international data hackers who collect and sell personal information worldwide.

Anyone Can Be At Risk

Although the kinds of data theft that make headlines usually involve commercial transactions, cybersecurity professionals say one of the most vulnerable sectors for mass data hacking is the medical industry, where hospitals and clinics store data of all kinds from patients past and present. While data thieves may not care if a person had a mole removed, they can still find out that patient’s name address, social security number, methods of payment and insurance information.

Nonprofit organizations are also high on the list for potential data theft, precisely because they don’t expect to be. Many of these organizations don’t recognize the risk posed by their highly desirable databases and so don’t bother to put in place aggressive safeguards. But lists of current and potential donors and supporters – who likely have substantial money – are easily available to a determined information thief.

Government databases, especially those related to tax filings, are also a goldmine for identity thieves because these databases usually use outdated technology and don’t encrypt users’ social security numbers – a failure that led to the massive data breach of taxpayer information in South Carolina last year.

Of course the Target incident highlighted the identity theft trap that most Americans in a recent survey were aware of – credit card numbers stolen at point of sale. That’s a failure, experts say, of card security, which in the US relies on outdated magnetic strips. And a variety of viruses, malware and direct hacks can pull information from computers, mobile devices and card processors anywhere.

Laws Lag Behind Technology

Legal protections for victims of fraud have been around for years. The Fair Credit Reporting Act of the 1970s was the first of these to acknowledge the potential of credit card abuse, and for years it was the only legislation of its kind. But by the mid-1990s it was becoming clear that the provisions of the FCRA simply didn’t address the new breed of digital identity theft.

It wasn’t until 1998 that the ID Theft Assumption and Deterrence Act made identity theft in its own right a federal crime. Identity theft was addressed in 2004 by the ID Theft Penalty Enhancement Act, which established penalties for so-called aggravated identity theft, and in 2008 the Identity Theft Enforcement and Restitution Act allowed victims to seek restitution for the time spent recovering from identity theft.

Other measures have appeared along the way, too, such as the government’s creation of an ID Theft Task Force and the Red Flag Rule, which requires businesses to report and share information on data breaches. But the legal landscape is still a patchwork of acts and laws created to fill new holes as they appear.

New measures to address the constantly evolving problem of identity theft are now moving through Congress – but critics say they’re still too weak to do much good. Among the areas needing more teeth: requirements for better encryption of government databases, improved sharing of information with foreign governments and investigators, and the implementation of microchip technology to replace the old, hackable magnetic strips on most US credit and identity cards.

Take Charge of Your Own Data

In the end, though, the first line of protection against identity theft is an aware, educated consumer. And though many Americans say they worry about ID theft, only a relative few actually take simple, practical steps to protect themselves. Consumer advocates and security professionals recommend:

• Make bill and credit card payments via secure, encrypted online sites rather than through the mail
• Use hard to hack passwords for all devices and accounts, and change them frequently
• Refuse to provide personal information to unfamiliar email addresses
• Check credit reports and account statements regularly and thoroughly
• Don’t leave credit card numbers “on file” with retailers
• Promptly report any suspicious activity to the FTC or local authorities

Identity theft in some form can happen to anyone, with potentially serious costs in terms of time and money. As laws aimed at protecting consumers struggle to play catch up with increasingly sophisticated data thieves, it’s up to individuals to stay alert and aware all the time – not just during Identity Theft Awareness Week. (Carla McKinney – VNN) (Image: Flickr | International Real Estate Listings)

Sources:

Breyault, John D. “The State of identity Theft in 2013.” Politico Guest Post. Politico.com.  11 Dec 2013.

Levin, Adam . “ID Theft 2013: Battle for Your Data.” Credit.com via Good Morning America Online. GMA.com.  23 Dec 2012.

Parrish, Steve. “Beyond Identity Theft: Why You Need to Protect Your Digital Assets.” Forbes Entrepreneurs. Forbes.com.  10 Feb 2014.

US Department of Justice. “Identity Theft and Identity Fraud.” Us Department of Justice Fraud Section. Justice.gov.  17 Feb 2014.

US Federal Trade Commission. “Identity Theft Consumer Information.” FTC Consumer Information. FTC.gov.17 Feb 2014.