One of the most frightening things about identify theft is that the perpetrator doesn't have to be a computer whiz to pull it off. All he or she has to be is resourceful, reasonably clever and persistent. This Scientific American piece was written by a software developer who had the permission of a friend to try to break into her bank account. It's true that the individual is an expert, but none of the methods and strategies he used involves hacking or cracking. The piece is an interesting and distressing account of the step-by-step and methodical approach that person took to achieve his goal.
The subject, who seems to do about as much on the Internet as the average person, was tremendously vulnerable. It wasn't hard to use the data she had floating around to have her bank login reset to one chosen by the ersatz identity thief. The situation is particularly frightening in light of the shortcomings of identity theft monitoring services described in a report released last month by the Privacy Rights Clearinghouse that was described at IT Business Edge.
This National Post piece describes the identity theft situation in Canada, which doesn't seem significnatly different than in the U.S. The basic idea is that organized criminal gangs are flexible, not averse to delving into new technology and know a good thing when they see it. Identity theft is just that. The piece was written about a press conference just before the opening of the annual conference of the Canadian Association of Chiefs of Police. The writer partially attributes the rise in identity theft to insider theft and general consumer carelessness.
The Internet is rife with articles about how to avoid and respond to identity theft. Two good ones are at Hosting Pro and PC Magazine. PC Magazine begins with two pieces of good news: The total number of thefts is slowing (from 10.1 million in 2003 to 8.4 million last year, according to Javelin Strategy), and the time it takes to rectify the situation is heading downward (from 40 hours in 2006 to 25 last year, according to the Privacy Rights Clearinghouse). The story offers three lists: how to avoid identity theft, what some of the signs are that a theft has occurred, and what to do if a theft indeed has taken place.
Guardian Analytics has come up with an interesting way to combat identity theft. eWEEK reports that the company's FraudMAP 2.0 looks at the totality of how the online user is interacting with the Internet to determine if something is amiss. The software looks at the history of the user to determine if a current transaction fits with the established pattern, and considers such elements as where the connection is being made from and the type of connection being used. All of these factors are considered and an assessment made on whether the current transaction raises any yellow flags.