Identity Theft 101 and Beyond. Bryan Stanwood, CPCU, ARM Enumclaw Insurance Group. Statistics. Nationally, in 2004, 1 in 33 households had experienced some type of identity theft within the last six months (3.6M households) Costs US consumers roughly $53 billion a year
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Identity Theft 101 and Beyond Bryan Stanwood, CPCU, ARM Enumclaw Insurance Group
Statistics • Nationally, in 2004, 1 in 33 households had experienced some type of identity theft within the last six months (3.6M households) • Costs US consumers roughly $53 billion a year • Businesses typically see a loss averaging $4,800 per victim • Washington ranked #8 in 2004, with 5,600 residents identified as victims, an increase of over 20% since 2003
How Bad is it? • www.privacyrights.org, a great resource and provider of a chronology of data breaches found: • 223,738,446 file breaches in the US alone from 2005 through April 14, 2008 • There have been 96 separate corporate or public breaches reported in 2008, with individual records in the 10s of millions • Many are happening in colleges and government offices/websites—ideas why? • WA Attorney General website is also a great tool www.agt.wa.gov
What is Identity Theft? • Identity theft is a crime where an imposter obtains key personal information from another for the purpose of using that information for personal gain • Information stolen can encompass: • Drivers license numbers • Social Security Numbers • Personal Identification Numbers • Credit Card, Bank Account Numbers • Passwords • Mother’s Maiden Name
Categories of Identity Theft • True Name • Use information to open new accounts • Credit card, cell phone, checking accounts • Account Takeover • Use information to take over existing accounts • Change address of the account • Start spending
How Does It Happen? • Phishing • Dumpster Diving • Shoulder Surfing • Company Hacking and Targeting • Pickpockets
Phishing • Looks legitimate, but is not • Generally emails asking for personal, sensitive information from what appears to be a known business • Asked to enter data electronically, although sometimes via phone as well • PayPal, Banks, EBay, etc. are very common • Anti-Spamming legislation is in place and offenders are being sued and put in jail—however, prevention is the best cure
Dumpster Diving • Searching for information carelessly discarded that can be used to create or access accounts • The practice of Dumpster diving is also known variously as urban foraging, binning, alley surfing, Curbing, D-mart, Dumpstering, garbaging, garbage picking, garbage gleaning, skip-raiding, skip diving, skipping, skip-weaseling, tatting, skally-wagging or trashing
Shoulder Surfing • Criminals can literally look over shoulders, or use cheap closed circuit TV cameras hidden in areas to recover data. Common areas of concern are when consumers: • fill out a form • enter their PIN at an automated teller machine or a POS Terminal • use a calling card at a public pay phone • enter passwords at a cybercafe, public and university libraries, or airport kiosks. • enter a digit code for a rented locker in a public place such as a swimming pool or airport • Red Box recently
Company Hacking and Targeting • Black hat hacker gets into secured company systems; • OR, computer laptops are targeted for theft What they want?! • Relevant personal information, such as Social Security Numbers, Drivers License Numbers, Bank Account Numbers, Credit Card Numbers, PINs, Financial Account access • Hacker than uses or sells this information worldwide
Pickpockets • Second oldest profession? • Typically distraction is the key to getting away with it
General Prevention Habits • Do not give your Social Security number, mother's maiden name or account numbers to strangers who contact you, especially by phone, Internet or mail. • Put passwords on your credit card, bank and phone accounts. • Do not carry PIN numbers, birth certificates, Social Security cards or passports unless absolutely necessary. • Review your credit card and other credit statements each month and make sure you know exactly what you're being billed • Guard your mail from theft. • Tear up or shred documents containing personal information before throwing them away.
General Prevention Habits • Eliminate credit cards you rarely or never use • Contact your card issuer to find out if any of your cardholder information can be given to partners or affiliates (third parties) of the card issuer • Contact the three major credit bureaus and ask to "Opt Out“ of pre-approved credit card offers • Remove your name from marketer's unsolicited mailing and calling lists • Be cautious about "trial memberships” • Check your credit report to make sure it is accurate (Provided by the WA Office of the Attorney General)
Specific Prevention—Phishing • When asked to verify any information, contact company directly to legitimize • Look for typos or syntax problems • Most companies will use members usernames vs. general introductions • Type in known website address vs. using hyperlinks • Do not give any information without verification!
Specific Prevention - Other • Dumpster Diving • Shred, shred, shred ANYTHING with personal information • Shoulder Surfing • Block all entering of PINs, completion of forms or other privacy related actions from prying eyes • Be aware of people around you—vigilance • Pickpockets • Secure valuables in front pockets or money belts • Be constantly aware; do not get distracted • Minimize ostentatious displays • Look confident, not lost
What if You are a Victim? (www.privacyrights.org) • Notify credit bureaus, establish fraud alerts, security freezes, monitor reports • Report the crime to police • If new accounts are opened, immediately contact companies and fill out fraud paperwork • Once resolved, get letter from company that account is closed and debts discharged • If existing accounts, contact immediately, in writing, request replacement card with new numbers • Checks stolen? Report them to bank, place stop payments, complete fraud affidavits, close accounts and open new ones
What if You are a Victim? • Debit cards—report immediately, fraud affidavit, get new cards with new passwords • Monitor, monitor, monitor all accounts and notify immediately of any suspicious charges • Contact DMV to see if anyone has ordered a license with your name or number • Phone service is often part of identity theft—contact the company to determine appropriate steps • Get involved in legal process if person is caught • KEEP GOOD RECORDS • DO NOT GIVE IN
Coverage Options - ISO • In essence, $15,000 for coverage of expenses incurred due to Identity Theft after a $250 deductible • What is covered? • Costs for notarized fraud documentation or whatever is required • Costs for certified mailings • Costs for time away from work, up to $200 a day and maximum of $5,000 • Loan application fees • Reasonable attorneys’ fees • Charges for long distance phone calls
Coverage Options – Company Limits • More companies are offering internal limits • Companies are contracting with companies to assist in this exposure (Identity Theft 911; LifeLock) • Either charge a premium or it is free • The biggest difference between these companies and the ISO endorsement? • Assist with the entire process of re-establishing credit vs. just reimbursing for expenses • Advocates assigned to help or handle the process
Ideas for Customers • Put ideas here under your logo and provide to new customers, develop newsletters to include for existing customers • Have a shredding party! • Run a contest (get a company to help pay for it) for referrals to get a nice shredder • Become a subject matter expert and sell more policies by making Identity Theft ‘POP’ for customers • Sell companies on adding endorsements or providing coverage for advocacy vs. expenses