Get Real, Government Guidelines Do Little to Address Identity Theft

Ann All

The recent TJX data breach proved that thieves are becoming increasingly savvy at getting their hands on sensitive personal information like credit card numbers. Given that case, which involved a whopping 45.7 million customer records, it's a good thing the federal government has decided to address the growing problem of identity theft, right?

 

Not so much, as it turns out. Guidelines issued earlier this week by the President's Identity Theft Task Force do call for a public awareness campaign -- a fine idea -- but offer little else in the way of serious recommendations.

 

In fact, one of the ideas -- to reduce the use of Social Security numbers as an identifier -- strikes us and eWEEK columnist Evan Schuman as just a little silly.

 

Why? Government agencies and businesses alike have already begun scaling back somewhat on asking folks for their Social Security numbers with every simple transaction. The practice was so prevalent for so long, however, that millions of numbers are already populating countless databases. Asking folks to stop using SSNs as identifiers now isn't going to change that.

 

Credit card issuers last year introduced the PCI Data Security Standard, a regulation much stiffer than anything proposed by the federal government. Problem is, as Schuman points out, few merchants are in compliance with PCI, even as the June 30, 2007 deadline fast approaches.


 

"If the retail industry cannot get compliant with its own security rules, it's silly to think that federal rules have much of a chance of having an impact," says Schuman.



Add Comment      Leave a comment on this blog post
Apr 26, 2007 2:02 AM Michael Durnack Michael Durnack  says:
It did take the commission almost one full year to put together those 120 pages. The corporate televised white collar Enron "perp walks" will be replaced with televised raids of teenagers in their bedrooms yelling for mom, when the FBI bangs through the door with a ram. You are correct, that everyone's SSN is probaly in dozens of databases right now. Real legislation should be to purge or convert any data over a few years old to a non SSN format. We have to stop adding to that informtion. Recently I was asked by the orthodontist for my SSN when starting a payment plan for ortho work on my kids via a credit card. I asked why? They said we just need it. Ok then, at the risk of not getting completed treatments, I provided a nice random mix of numbers. Problem solved. Reply
Apr 26, 2007 9:00 AM bms bms  says:
It makes sense to praise what is good in the report, and give constructive criticism with actual suggestions for weak points or red flags. Scaling back the use of ssn is good. However, it will most likely be replaced by another piece of identifying information, and that other identifying information will become the new problem.... Hence, it makes sense to render whatever information ends up in the wrong hands useless.The strength of the report is in its recognition of the fact that ID theft is an international problem, and must be addressed so. Several recommendations for how to deal with international ID theft centers were good, and could be strengthened by incorporating them into the internaitonal private sector, as opposed to only the government sector.The red flags are about privacy issues, and state jurisdiction....An extensive article evaluating all these points is at http://www.creditlock.com Reply
May 2, 2007 2:42 AM krishna krishna  says:
Yes the strength of the report is in its recognition. But it is the fact that ID theft is an international problem. Several recommendations for how to deal with international ID theft centers were good, and could be strengthened by incorporating them into the internaitonal private sector. Reply
May 2, 2007 2:44 AM krishna krishna  says:
Yes the strength of the report is in its recognition. But it is the fact that ID theft is an international problem. Several recommendations for how to deal with international ID theft centers were good, and could be strengthened by incorporating them into the internaitonal private sector.So we provide a better seccurites. Plz vist our web site http://www.bwsi.com Reply
May 3, 2007 3:21 AM Jim Jim  says:
Although I have not had the privilege of reading the report, but would like to. If anyone can point me in the right direction, it would be appreciated.I would like to add to the issue of doctor's offices asking for your Drivers License, and making a copy of it to put into your medical records. I have found no good reason for this, where your SSN and DL # should be in the same place. How dangerous is that? I used to think that administrative personnel within a doctor's office could be paid to make copies of records with personal info, and provide that to unsavoury characters, but I found it to be much worse than that.Everytime you visit your doctor, they ask you to verify your insurance information, which contains your SSN, amongst other sensitive info. What these offices do, is have you sign the form, and they place it in your record. What you don't see is that they pull out the form you signed from last visit and throw it in the trash. Crooks don't even have to pay to have admin folks copy the records....everything they need is now on one sheet of paper that gets thrown in the trash. When questioned, they told me that they shred everything. Not good enough for me.Suggestion: Ask for the old form back and shred it yourself. Do not give a copy of your DL to them for copying. If they need a picture ID, give them a gym membership card, or something else with your picture on it. Having your SSN and DL is carte blanche for these thieves. Reply
Mar 15, 2008 7:00 AM pranav shah pranav shah  says:
Primetech Software aims to contribute its technical know-how in providing various IT integrated services across the globe such as Customized Software Development, website solution,Application Development,Web Hosting,Website Designing,E-commerce Solution, Search Engine Optimization (SEO), Standard Software Reselling (tally9/salesmartz), IT Consultancy etc Reply
Apr 20, 2009 6:29 AM Pankaj Sonkusre Pankaj Sonkusre  says:

Yes the strength of the report is in its recognition. But it is  the fact that ID theft is an international problem. Several recommendations for how to deal with international ID theft centers were good, and could be strengthened by incorporating them into the internaitonal private sector.

Reply
Oct 15, 2010 11:05 AM Malcom Reynolds Malcom Reynolds  says: in response to Michael Durnack

I like your story. Excellent way to avoid giving sensitive information to strangers. And really, if a random set of nine numbers works, then do they REALLY need your SSN? I think not.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.