Identity Theft

MIS Training Institute, Inc. Section X - Slide 2 CS1 053©Network Security Services, LLC

Outline

Definitions Methods used Ways to prevent What if it happens US Laws on Identity Theft and Privacy Organization that help

MIS Training Institute, Inc. Section X - Slide 3 CS1 053©Network Security Services, LLC

What is Identity Theft

Fastest growing crime in America Affect everyone regardless of age,

gender race, or status Almost 10 million American victimized

last year 41% increase over the last year Cost to the economy $53 Billion

MIS Training Institute, Inc. Section X - Slide 4 CS1 053©Network Security Services, LLC

What is Identity Theft (Cont.)

Two classes of crime related to identify theft Account takeover

Thief acquires person’s existing credit Used to purchase products and services Victim discovers on monthly statement

2. Identity theft (Application fraud / true name fraud) Thief uses SSN etc. to open new accounts Used to purchase products and services Victim unaware for extended periods of

time

MIS Training Institute, Inc. Section X - Slide 5 CS1 053©Network Security Services, LLC

Methods Used

Dumpster diving Stealing mail Fraudulent access of credit files Work place access Shoulder surfing at ATM, phone booths Personal data from online sources

MIS Training Institute, Inc. Section X - Slide 6 CS1 053©Network Security Services, LLC

Three most important things

1. Carefully check your credit report twice a year

2. Sign-up for credit monitoring service

3. Regularly check your public records• Government Records

• Google search

MIS Training Institute, Inc. Section X - Slide 7 CS1 053©Network Security Services, LLC

Sources of Risk

Know your personal information

Personal Identification y Number (e.g., USA SSN)

Driver’s license Credit cards Bank account Mothers maiden name Address and phone

number Anything else that

helps impersonate you

MIS Training Institute, Inc. Section X - Slide 8 CS1 053©Network Security Services, LLC

Key Elements

Personal Identifier (SSN) is the key to many accounts

Release SSN only when necessary Do not carry SSN card in your wallet Avoid putting SSN on checks and drivers

license Don’t allow merchants to add it to checks by

hand If asked for SSN, ask if there is an alternative If government asks, look for privacy notice Don’t use it for PINs and Passwords

MIS Training Institute, Inc. Section X - Slide 9 CS1 053©Network Security Services, LLC

Things You Can Do

1. Remove your name from marketing lists of the three main credit bureaus Equifax, Experian, Trans Union by calling (800) 5-OPTOUT

1. Limit pre-approved credit offers

1. If tossed into garbage – gold mine for ID theft

2. Install a locked mailbox at your home• Limit postal theft

MIS Training Institute, Inc. Section X - Slide 10 CS1 053©Network Security Services, LLC

Things You Can Do (Cont.)

3. Use SSL or other encryption when shopping on-line (www)

4. Phone calls

3. Never give SSN, Credit card number, personal data over the phone.

4. Scams - Today is your lucky day

5. Document Storage• Store personal information security in

your home (safe)

MIS Training Institute, Inc. Section X - Slide 11 CS1 053©Network Security Services, LLC

Make Your Data Secure

Encrypt electronic data when possible Shred or otherwise destroy paper copies When shopping – take credit card receipts

Never toss them in public trash cans Carry receipts in wallet not the bag Avoid business that are careless with your data

Avoid using credit cards where the risk is high

Some web sites

MIS Training Institute, Inc. Section X - Slide 12 CS1 053©Network Security Services, LLC

If It Happens

Act quickly Assess the situation Trace the problem Call the credit card company or credit

bureau They will have a fraud department to

advise you

MIS Training Institute, Inc. Section X - Slide 13 CS1 053©Network Security Services, LLC

If It Happens (Cont.)

Log all conversations Credit card companies Law enforcement

Include dates, names and phone number

Note time spent and expenses incurred Send critical correspondence by

certified mail with return receipt requested.

MIS Training Institute, Inc. Section X - Slide 14 CS1 053©Network Security Services, LLC

If It Happens (Cont.)

Ask credit bureaus for names of credit grantors of fraudulent accounts

Ask, in writing, to remove inquiries generated due to fraud

Get copy of credit report every few months for the next year

Contact, in writing and via phone, all creditors involved in fraud

Get replacement credit cards

MIS Training Institute, Inc. Section X - Slide 15 CS1 053©Network Security Services, LLC

If It Happens (Cont.)

Report crime to your local police Contact the passport office May need legal help, consumer law if:

Debtors won’t respond Credit bureaus will not help

Contact bank Stolen check, fraudulent bank accounts

Post office If thief has filed change of address form

MIS Training Institute, Inc. Section X - Slide 16 CS1 053©Network Security Services, LLC

U.S. Laws and Regulations

18 U.S.C. 1028 "The Identity Theft and Assumption Deterrence Act of 1998"

State Laws: http://www.lawresearch.com/private/identitytheft-State-Law.htm

California: Civil Code 1798.29 –Residents Civil Code 1798.82 – Business Requires reporting database break-

ins

MIS Training Institute, Inc. Section X - Slide 17 CS1 053©Network Security Services, LLC

In Short

Know you are at risk Take positive actions to prevent

identity theft If it happens, act quickly Know your rights Document your steps

MIS Training Institute, Inc. Section X - Slide 18 CS1 053©Network Security Services, LLC

Additional Resources

http://identitytheft911.com http://www.privacyrights.org http://www.usdoj.gov/criminal/fraud/

idtheft.html http://www.identitytheft.org/ http://www.idtheftcenter.com/

index.shtml

MIS Training Institute, Inc. Section X - Slide 19 CS1 053©Network Security Services, LLC

Magazines To Stay Current

SC Magazine: www.scmagazine.com Disaster Recovery Journal: www.DRJ.com Information Security

www.infosecutitymag.com Access Control & Security Systems:

www.securitysolutions.com