UK credit reference agency Experian recently revealed that the rise it has seen in identity fraud has coincided with an increase in organized cyber crime. The agency’s data has also revealed that a surprisingly large number of consumers were unaware of identity fraud committed against them until they were informed by a financial services firm, which throws up the issue of data theft reporting.
We are hearing more about the theft of corporate data – TK Maxx (reported in the US because of federal regulations) and the Halifax are two very recent occurrences. However, how many more thefts are taking place? The launch of the UK’s Serious Organised Crime Agency (SOCA) in 2006 coincided with the scrapping of the Confidentiality Charter, which let organizations report IT crime in confidence directly to the police.
It is estimated that, today, around one third of losses of corporate data go unreported, which appears frustrating and of no use to anyone. It is, however, understandable, on the grounds that the negative publicity received by these organizations is undesirable in the extreme.
In the second half of 2006, Experian’s Victims of Fraud service was contacted by 2,124 people for the first time – a 69% increase on the same period in 2005. Experian attributes some of the rise to organized criminal gangs operating global identity fraud rings. Present address fraud (as opposed to previous address fraud) requires sophisticated methods involving mail interception or redirection, and accounted for 45% of all cases reported to Experian in that period.
Interestingly, 49% of the individuals who contacted Experian did not realize that they were a victim until they were contacted by a financial services company. The second largest proportion, 41%, became aware that they had been targeted when they obtained a copy of their credit report and saw that fraudulent accounts had been opened or applied for in their names.
According to Experian, the lifestyles of some individuals make them more susceptible to identity theft; for example, people who travel a lot, staying in hotels and using restaurants, are more likely to have their details stolen. Financial services firms will, in general, have stronger security capabilities, and so the risk of identity theft via this route should be minimized. However, hotels and restaurants (for example) do not tend to have equally strong security capabilities, and thus organized gangs can obtain information used for identity theft more readily.
Removing the Confidentiality Charter has been of little or no benefit, leaving many businesses reluctant to report data theft, and therefore not informing their customers. Those organizations that do report corporate data theft should be applauded, provided that they learn the lessons and do not repeat the same mistakes. Unreported crimes result in the criminal winning, and the customers of the organization that had the data stolen end up losing.
Source: OpinionWire by Butler Group (www.butlergroup.com)