IN A PERFECT WORLD when someone attempted to use data that is not theirs, the hurdles and roadblocks to successful authentication would prevent the illegal use of that data. It would be like finding a key, but not having the matching lock to use it with - what good would having the key do you then?
The FTC recently noted that identity theft was the biggest consumer complaint again for data collected in 2007...no surprise there. What was interesting in the data was that although credit card fraud was top of the list in terms of percentages (23%) - as well as the usual suspects (loan fraud) - the surprising info for me was the significance of other fraud: phone or utilities fraud (18%), employment fraud (14%) and government documents / benefits fraud (11%).
IN THE REAL WORLD this data tells me that fraudsters are either setting themselves up for more sophisticated identity theft schemes by further compromising a stolen person's identity, or, ordinary people who do not have some basic resources and coverages are misrepresenting their identity to get a job, a health claim paid, or to get cable or phone service. Some of it is due to outright fraud, obviously, but I suspect a lot of it is due to the fact that some people either have no credit or lousy credit and cannot get some service or job on the merit of their own credit history and have taken the low road to use someone else's good credit history. Either way, it still is a warning signal to us that our personal data is still subject to compromise and misuse in so many ways that may be not as evident as receiving your monthly Visa card bill showing a new flat panel TV just purchased from Best Buy (that you didn't buy).
Studies of identity theft show that the perpetrators of this crime are typically people who are known to the victim (friend, family, tenant), as well as by people who have physical access to the data. Rare is the cliched situation where the hacker, wearing a skimask and 5-day stubble, intercepts your data via an online transaction. As security guru Bruce Schneier has said, making the data hard to get is not as practical an approach as making stolen data hard to use.
What do you think?
