Curated by: Luigi Canali De Rossi

Thursday, November 11, 2004

Identity Theft: It's So Inconvenient

Online identity theft is a rapidly growing global phenomenon, with banks and online retailers struggling to keep on top of the problem.

But it's not surprising that identity theft has been growing so quickly. According to a recent report published in the US by the International Association of Privacy Professionals (IAPP), the Ponemon Institute and EDS, a technology consulting firm, called the Privacy and Identity Management Survey, people still know very little about the risks inherent in disclosing personal information online, or over the phone.

Even when the risks are acknowledged, most people are more concerned about convenience than enhanced security. In other words, if you have to do more (inconvenience) to be more secure, then it's unlikely that you will bother.

Here are the Survey's key findings:

1. People like an easy life. Most often choose convenience over security, while still expecting security. They want identity management to be easy and efficient. They don't want to face complex passwords or access controls.

2. Finger printing and voice recognition (biometrics) are strongly supported, as they're perceived to be high convenience/high security.

3. There is overwhelming support for a private and secure credential, possibly supplied by a trusted intermediary, such as the United States Postal Service or a financial institution. Biometrics would provide the additional authentication needed.

4. Not surprisingly, people are more willing to provide more personal information to a business they trust, rather than one with which they have no existing relationship.

5. The number of people giving out information such as social security and credit card numbers is relatively low, as this is recognized widely as one of the main ways to steal IDs. However, people are still relatively unaware that other kinds of information can be used in identity theft or fraud, such as other account numbers, address, postal code and telephone number.

6. Phishing and telephone scams are not widely known about.



7. People are willing to share private information about themselves, even when the contact is unsolicited.

8. In the event of a security breach, people expect to be notified by phone or email. Interestingly, 16% don't expect to be notified.

9. People want to understand what information is being used to verify their identity.

10. Most people are happy to allow an organization to use information they have provided to market its products and services to them.

The report then outlines a number of recommendations to help people manage their identities more securely.

  • Never provide your personal information in response to an unsolicited request. Be wary of phone calls you receive.

  • Similarly, be wary of emails you receive asking you to click on a link in the e-mail to visit a company site and re-enter information such as your social security number, account number or credit card number. These e-mails may appear to come from a company with which you have an established relationship but may be part of a phishing scam. Reputable companies will never ask you to re-enter information they already have.
  • Always ask or look for contact information on unsolicited requests. If you believe the content may be illegitimate, contact the company yourself to verify. By law, all U.S. companies must now include their full mailing address and a mechanism for consumers to unsubscribe in all emails they send to consumers.
  • Review your account statements regularly to ensure all transactions are in order.
  • Check your credit report regularly to ensure no new credit accounts have been opened in your name.
  • Do not use information that can be used to steal your identity - such as social security numbers, account numbers, birth dates, names, addresses, email addresses or telephone numbers - as passwords or account numbers.
  • Review privacy and security policies of the companies you do business with. Review the privacy policies or statements posted on Web sites to ensure you understand how the information you provide will be used and shared with other organizations.
  • Be sure you are applying patches and updates to your PC's operating system on a regular basis download and install new critical updates.
  • Ensure you have anti-virus and firewall software installed on your PC. Run virus scans regularly and remove any spyware found. Be sure you have anti-virus and firewall software installed, and update the signature files regularly (preferably using the auto update capability). Run virus scans at least weekly to detect any adware and spyware that might have been installed. Remove any spyware found to ensure information being keyed is not captured and forwarded to an illicit Web site.
  • If you suspect a breach, act quickly, contacting the companies you do business with immediately.

Readers' Comments    
blog comments powered by Disqus
posted by on Thursday, November 11 2004, updated on Tuesday, May 5 2015

Creative Commons License
This work is licensed under a Creative Commons License.




Real Time Web Analytics