User Blogs

User Blogs

Discussions and Blogs

May 24

Identity Theft Still On the Rise

Posted by: Robert Siciliano in MyBlog

Tagged in: Identity theft

Robert Siciliano

For the 12th year in a row, identity theft complaints top the list of consumer complaints [PDF] received by the Federal Trade Commission. 15% of more than 1.8 million total complaints filed in 2011 involved identity theft.

Javelin Strategy & Research estimates that nearly 12 million Americans were victims of identity theft in 2011—a 13% increase over 2010. Interestingly, but not surprisingly, Javelin attributes this increase to the proliferation of smartphones and the popularity of social media, in addition to several major data breaches resulting in tens of millions of records being leaked.

Websites like Facebook certainly provide a great deal of data that can be used to help criminals crack knowledge-based passwords, and websites like LinkedIn make it easy for criminals to gather additional intelligence in order to conduct social engineering scams. Meanwhile, smartphones have become the keys to many of our digital lives now that we use them for social media, online shopping, and online banking. Smartphone users are even more likely to be victimized if they neglect to password-protect their devices, which are often lost or stolen.

Access to so much sensitive data has allowed criminals to take over existing credit accounts and quickly turn that data into cash. The most popular strategies are for fraudsters to add their own names as registered account users, or changing the physical address for a stolen account.

Account takeover or hijacking could be detected and prevented if online banking and shopping websites integrate a real-time device reputation check at the point where profile or account information is being updated. The power of this check raises red flags when certain business rules are triggered, such as exceeding a business’s predetermined threshold.  Examples might be when an account is being accessed from a brand new country, or too many different devices are accessing an account, or even when the device making account updates has exceeded the number of accounts that it is associated with at that bank or retailer. By customizing and weighting real-time business rules to prevent bad actors from accessing your customer accounts, this early detection might mean the difference in keeping a good client’s account safe, keeping that good customer’s business, and keeping bad actors out.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association.

Comments (0)add comment

Write comment


Subscribe via Email

 Your Email:

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer IT Tips contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud Cross-Device Security Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft Identity theft Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security Litigation Malware marathon mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online gaming online identity online privacy online safety Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy Prize Draw QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social network Social Security SOX spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax scams Tech tech support technology Threat Management Tokenization TQM Twitter typosquatting Virus VPN wallet web Webcast Q&A Wi-Fi WIFI WiFi password wireless