Lose Yourself Online: Identify Theft and the Internet

Steven Champeon
2004-09-23

Identity theft is one of the fastest growing crimes in the United States.

Tonight, when you get ready to retire for the evening, do me favor. Take your wallet — complete with social security card, credit cards, driver's license, and what the heck, throw in the family pictures — and leave it at the edge of your driveway. Then sleep well. “What?!?!? That's insane. Someone might steal it.” you exclaim. Am I surprised by your reaction? Well, no, I agree wholeheartedly — if you leave your most important personal belongings in a relatively public location — light bulb moment  — someone might steal it. This is such an intuitive reaction for us in the world of the “tangible,” but make it “virtual,” and we're leaving our wallets all over everyone's driveways — free for the taking. All I can ask is — what are we thinking?

Identity theft is one of the fastest growing crimes in the United States. The Federal Trade Commission estimates that 9.9 million US consumers were swindled out of approximately $437 million in 2003, up about $100 million from 2002. Of which, $200 million can be attributed to Internet fraud. And don't think that businesses and financial institutions are immune — losing nearly $48 billion to identity theft in 2003. Is this surprising? No, not when you consider that in 1995, there was only one bank that had a Web site capable of processing financial transactions, and by 2000, this figure had skyrocketed to 1,850 financial institutions. Not surprising — when Forrester Research predicts that by 2004, online commerce will reach $6.8 trillion. In essence, the wide open nature of the Internet and its explosive growth in commerce has made it very easy for identity thieves to apply for credit and make purchases by using any well-sourced personally identifiable dataset from almost any location.

With the biggest threat to companies and individuals being the illicit capturing of information, there are two elements to consider in protecting online financial activity: fraud detection (stopping theft in its tracks) and security (keeping out those who do not belong). To guard against fraud, software programs use encryption and detection strategies that are sophisticated enough to isolate most damaging crime schemes within a matter of seconds. The tougher goal to accomplish is the security of the overall system that processes online payments, because as protective software becomes more “intelligent,” so do the cyber criminals who seek to manipulate them for evil. Therefore, security should be viewed as a process — it is not a problem solved with a single solution, but rather an ongoing situation that requires vigilant monitoring and software modification to address the specific needs of a business.

As an individual, there are several things you can do to protect your identity online:

  • Turn off or delete cookies from your computer. Cookies are small text files placed on your computer by Web sites. Cookies basically create a profile of where you go on the Internet.
  • Develop an alter ego. Many Internet Service Providers allow you to create more than one account. This allows you to have one account for personal email, and another for commercial purposes.
  • Surf or buy anonymously. There are online privacy protection companies that will allow you to surf and shop on the Web anonymously, sometimes for a fee. One such example is Freedom.net — a Canadian company whose software allows you to protect your PC from being hacked; remove ads from your Web browser; manage your cookies so that you can delete them at will; send and receive untraceable, encrypted email (using your regular email account), and anonymously browse and chat.
  • Buy a Mac and avoid using Microsoft Outlook for email. It's not that crackers (evil hackers) can't scam Mac users, but it's a game of numbers — and the simple fact is the larger number of PC users make them a more attractive target. The Mac is also a more secure platform, primarily because it doesn't have a command shell or allow remote logins.

    The same is true of Outook — great program with great features — but almost every email worm, bug, and virus is designed to bring it down.

  • Avoid storing important information on Internet accounts. This includes: any type of password, social security numbers, credit card numbers, bank/brokerage names and account numbers, and any other piece of personal information that you absolutely want to keep private.
  • Replace Internet Explorer. IE is highly insecure, because it's the most widely hacked Internet browser on the market. Being the preferred browser on 97% of the world's computers implies that its security flaws once breached will affect the majority of the world's computers. Switching to Mozilla or another browser with few or no security holes could significantly improve your Internet security.
  • Install an anti-virus program and firewall. The anti-virus program will keep unwanted spy programs out of your computer, while the firewall will protect your Internet connection. And speaking of connectivity, if you have broadband, cable, or DSL, do not leave your computer on for extended periods of time when you are not using it
  • Pay attention. Don't enter credit card information online, unless you're sure it's a secure site. Be very skeptical of Web sites that request too much personal information as part of the registration process. Report to your Internet Service Provider any suspicious attempt to get you to reveal personal information. Keep up to date on online privacy and security — two great sites to bookmark: www.privacyfoundation.org and www.epic.org .

For companies, security means keeping dangerous hackers out of the company's backend databases. Success is the result of employees implementing the aforementioned practices, as well as the company establishing and adhering to a sound security policy. It is an essential — and should be flexible enough to allow employees some freedom to work creatively, but firm enough not to compromise the company's data. To do so:

  • Know what's going on in your network. Use security tools to monitor activity and adjust to threats as they evolve. But don't play Big Brother — your staff will resent it.
  • Be flexible. If employees complain that the security restraints are affecting their productivity, find a way to relax the constraints without compromising security.
  • Remember, security is a process, not a product. Hire professionals to vet the network, and don't disregard their analysis. Update your software and your policy as necessary.
  • Realize that some unapproved software can be good for your business. For example, instant messaging can be a productivity sapper and a security threat, but it can also save a lot of time. If your employees want it, then look for a secure messaging system designed for corporate environments.

As the Internet continues to mushroom in size, scope, and complexity, so too do the issues related to the access, usage, and protection of Internet-based information — both personal and corporate. Corporations can anticipate that, on average, 6% of their IT spending must go toward security. But ultimately, it is the choice and responsibility of the individuals and corporations to determine to what degree they wish to establish security. Common sense and the various issues covered here are enough to get you started. Just remember that Internet security is an ongoing process that requires a multitude of approaches that vary with the nature of the underlying threat — find a level of security that works for you, but do not ignore it or it will be costly.