The Scary New World of Identity Theft: Grand Theft Identity   - 1,577 Views,

Newsweek recently ran an article entitled “The Scary New World of Identity Theft”, covering the rapidly evolving world of identity theft. It contained lots of info which was..well..scary. If you missed that article, they provide plenty of scary info in their press release:

Criminals Now Grab Identities By the Millions; ‘Instead of Selling Drugs, So Much Can Be Made So Quickly With Identity Theft,’ Says Security Consultant, ‘And the Likelihood of Getting Caught Is Almost Nil’

Exposures May Help Spur Long-Needed Reform

NEW YORK, June 26 /PRNewswire/ — In the July 4 Newsweek cover story, “The Scary New World of Identity Theft,” (on newsstands Monday, June 27), Senior Editor Steven Levy and Silicon Valley Correspondent Brad Stone examine how the problem of identity theft has become a nationwide epidemic and look at the steps companies can take to protect their customers’ personal information. Instead of losing our identities one by one, criminals are grabbing them in massive chunks — literally millions at a time, as in last week’s heist of a possible 40 million Discover, Visa, MasterCard and American Express numbers (along with the secret code numbers printed on the actual cards, which makes it easier to counterfeit new versions) from a company called CardSystems that was lax in protecting the credit cards from transactions it processed.

“Over the last nine years, criminals have gotten a better understanding of the power of information,” says Rob Douglas of PrivacyToday, a security consulting firm. “Instead of selling drugs, so much can be made so quickly with identity theft, and the likelihood of getting caught is almost nil.” The Department of Justice has reprioritized to fight the plague, but it’s a big challenge; Avivah Litan of research firm Gartner Group speculates that fewer than 1 in 700 identity crimes leads to a conviction, which goes a long way toward explaining why it’s the fastest-growing crime of this century.

Federal Trade Commission Chairman Deborah Platt Majoras herself discovered last week that hers was among more than a million credit-card numbers that DSW Shoe Warehouse stored in an ill-protected database. When hackers busted in, they got the information to buy stuff in her name — and 1.4 million other people’s names. “It’s scary,” Majoras says. “Part of it is the uncertainty that comes with it, not knowing whether sometime in the next year my credit-card number will be abused.”

As Newsweek reports, savvy computer users know the requisite defense against identity theft is never to respond to a request for personal information in an e-mail. But there are problems when it comes to companies charged with safeguarding millions of records: they leave it unencrypted on computers, where malicious hackers get hold of it; they inadvertently sell the data to crooks; they leave it on laptops that get stolen and they don’t monitor what insiders may do with it.

And now, an elaborate infrastructure of crime has emerged to collect and distribute stolen records. “It’s not the lone gunman of the past,” Chris Painter of the Department of Justice tells Newsweek. “There are highly structured criminal organizations operating.”

As bad as the recent exposures have been, they may well wind up helping spur some very long-needed reform, Newsweek reports. Though identity theft is a difficult crime to fight, the key to fighting these huge cyber-raids is making the databases that hold our private records more secure. “We have not built a culture of strong security around our data,” says FTC Chairman Majoras, and a big reason is that the companies charged with safeguarding the information don’t suffer the consequences when it’s compromised.

Sen. Dianne Feinstein is sponsoring a bill that would set a national standard for mandatory disclosure when consumer records are compromised. But that’s only a first step. “The notification law works by shaming the companies, and while that can be a good incentive, it’s dependent on publicity,” says Bruce Schneier, founder of the Counterpane security firm. “Since we’re seeing so many big breaches, there’s a higher standard for something to be newsworthy.”

A stronger solution would make the companies liable for its failings. Sens. Charles Schumer and Bill Nelson hope to pass a bill that, among other things, would slap fines on companies that lose records. Other approaches would invoke penalties if companies did not follow what are known as best practices in protecting information, like regular security audits and use of encryption.