Why protecting your personal information is important

1. Why protecting your personal information is important David A. Streat

2. Statement of the Problem Today private companies, government agencies and other organizations large and small are spending an enormous amount of time and money to protect growing collections of information and data. All the while, hackers, identity thieves, and terrorists remain one-step ahead of information security experts and information protection programs. As dependence on technology and the internet increases, information security experts fight an uphill battle to contain the overwhelming proliferation of identity theft schemes (Streat, 2010, p. 3).

3. Identity Theft Definition The 1998 Federal Identity Theft and Assumption Deterrence Act considers an individual to commit an act of identity theft when he or she “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable state or local law” (18 U.S.C. 1028, Pub. Law 105-318, 112 Stat. 3007). /

4. Early Days of Identity theft Impersonating Someone Else Pickpocketing Phone Scams Dumpster Diving Stealing Mail Counterfeiting and forgery

5. Identity Theft Laws • Arizona was the first state to adopt an identity theft law in 1996. • Identity Theft and Assumption Deterrence Act, 1998 This law was one of the first federal laws to single out identity theft. It specifically singles-out identity theft in two distinct ways. First, it strengthens laws related to identity theft and second, it focuses on consumers as the victims of identity theft. • Fair and Accurate Credit Transactions Act, 2003 This law was enacted December 4, 2003 to amend the Fair Credit and Reporting Act (FCRA) of 1970. FCRA is a law that outlined how an individual’s credit information could be used by businesses. • Identity Theft Enhancement Act, 2004 This law was enacted July 15, 2004. It was designed to establish penalties for those committing aggravated identity theft. It is divided into four areas called sections that addressed protection for all consumers particularly identity theft victims.

6. Statistical Analysis • Victims There were 10 million victims of identity theft in 2008 in the United States (Javelin Strategy and Research, 2009). 1 in every 10 U.S. consumers has already been victimized by identity theft (Javelin Strategy and Research, 2009). 1.6 million households experienced fraud not related to credit cards (i.e. their bank accounts or debit cards were compromised) (U.S. Department of Justice, 2005). Those households with incomes higher than $70,000 were twice as likely to experience identity theft than those with salaries under $50,000 (U.S. DOJ, 2005). 7% of identity theft victims had their information stolen to commit medical identity theft.

7. Statistical Analysis Continued Discovery 38-48% discover someone has stolen their identity within three months, while 9-18% of victims don't learn that their identity has been stolen for four or more years (Identity Theft Resource Center Aftermath Study, 2004). 50.2 million Americans were using a credit monitoring service as of September 2008 (Javelin Strategy and Research, 2009). 44% of consumers view their credit reports using AnnualCreditReport.com. One in seven consumers receive their credit report via a credit monitoring service. (Javelin Strategy and Research, 2009).

8. Statistical Analysis Continued • Recovery It can take up to 5,840 hours (the equivalent of working a full-time job for two years) to correct the damage from ID theft, depending on the severity of the case (ITRC Aftermath Study, 2004). The average victim spends 330 hours repairing the damage (ITRC Aftermath Study, 2004). It takes 26-32% of victims between 4 and 6 months to straighten out problems caused by identity theft; 11-23% of victims spend 7 months to a year resolving their cases (ITRC Aftermath Study, 2004). 25.9 million Americans carry identity theft insurance (as of September 2008, from Javelin Strategy and Research, 2009). After suffering identity theft, 46% of victims installed antivirus, anti-spyware, or a firewall on their computer. 23% switched their primary bank or credit union, and 22% switched credit card companies (Javelin Strategy and Research, 2009). Victims of ID theft must contact multiple agencies to resolve the fraud: 66% interact with financial institutions; 40% contact credit bureaus; 35% seek help from law enforcement; 22% deal with debt collectors; 20% work with identity theft assistant services; and 13% contact the Federal Trade Commission (Javelin Strategy and Research, 2009).

9. The importance of the study • Privacy invaded • Suffering the psychological trauma of having your reputation ruined • Incurring financial liabilities • undergoing tremendous transaction costs to restore your name. • During 2007, the FTC received 813, 899 consumer fraud and identity theft complaints, an increase of 21% over 2006 (Swartz, 2009, p. 38).

10. Information Management • Thieves do not need your credit card number in order to steal it. • All they need is one piece of information about you and they can easily gain access to the rest. • The nonfinancial personal information you reveal online is often enough for a thief. • Be careful of seemingly innocent personal facts that a thief could use to steal your identity. For example, never list your full birthday on Facebook. • Be careful with your snail mail. • For example, follow your snail mail carefully. Check your bills and when you order checks, pick them up at the bank instead of having them delivered to your mailbox. • Remove all bank and credit card statements each month, preferably once a week. • Watch for charges for less than a dollar or two from unfamiliar companies or individuals. • If an ATM or store terminal looks funny, do not use it. • The mouth of the receptacle on an ATM machine should be flushed with the machine or have only a very slight lip.

11. Information Management • Identity thieves love travelers and tourists. • Be alert to strangers hanging around whenever you use your credit card at an ATM or phone. Also, try to avoid public wireless internet connections unless your laptop has strong security activated. • There are a few simple things that you can do to protect your credit card if it falls into the wrong hands. “Sign your credit card with a Sharpie so your signature can not be erased and written over.” Also keep the “please activate sticker on it.” • Pay attention at the checkout line. • If a cashier or salesperson takes your card and either turns away from you or takes too long to conduct what is usually a normal transaction, she/he may be scanning you card into a handheld skimming terminal to harvest the information. • Go paperless in as many ways as possible. • Cut back on the mail you receive from banks and financial organizations by discontinuing paper bills and statements. • Identity theft insurance can pay off, but you need to read the fine print.

12. 24 Step Recovery • Step 1: Take a deep breath and act rather than react. • Step 2: Limit further disclosure of personal information. • Step 3: Change all passwords that you use online as you walk through the next 21 steps. • Step 4. Place a fraud alert on your credit reports. • Step 5. Obtain copies of your credit reports when you file the fraud alert. • Step 6: Create an ID Theft Report with attached Fraudulent Account Statement. • Step 7: Report stolen checks, and close unauthorized checking and savings accounts.

13. 24 Step Recovery Continued • Step 8: Begin to call companies for any information that can help you prove your identity theft. • Step 9: Close the accounts that you know, or believe, have been tampered with or opened fraudulently. • Step 10: Contact all your other creditors to notify them about the theft. • Step 11. Report stolen ATM, debit, prepaid, gas station, phone, department store, or any other cards. • Step 12. Contact the Social Security Administration. • Step 13: Notify the U.S. State Department about lost or stolen passports.

14. 24 Step Recovery Continued • Step 14: File a complaint with the Federal Trade Commission. • Step 15. File a report with your local police or the police in the community where the identity theft took place. • Step 16: Find all your bills. • Step 17: Question any callers who want your information. • Step 18: Begin to block information from your credit report. • Step 19: Stop businesses that may report information about you to a Credit Reporting Agency. • Step 20: Contest bills.

15. 24 Step Recovery Continued • Step 21: Expect to deal with false civil and criminal judgments. • Step 22: Seek legal advice. • Step 23: Secure all your personal information. • Step 24: Don't leave a stone unturned. • (Retrieved November 20, 2009 from http://www.yourcreditadvisor.com/blog/2007/03/your_identity_h.html).

16. References Buell, D. & Sandhu, R. (2003). Identity management. IEEE Computer Society, 1-3. Collins, J. M. (2003). Business identity theft: The latest twist. Journal of Forensic Accounting 1524-5586 (4), 303-306. Eloff, J. (2003). Information Security Management- A new paradigm. Proceedings of SAICSIT, 130-136. Holtfreter, R. E. & Holtfreter, K. (2006). Gauging the effectiveness of US identity theft legislation. Journal of Financial Crime. (13)(1), 56-64. Milne, G. R. (2003). How well do consumers protect themselves from identity theft? The Journal of Consumer Affairs, (37)(2), 388-402. Newman, G. R., & McNally, M. M. (2005). Identity theft literature review. Retrieved from http://www.uspi.org/identity%20theft.pdf