Saturday, January 02, 2010

Will 2010 be a Banner Year for Identity Thieves?

For the past six months or so, this blog was put on hold. I could come up with a lot of excuses why it was put on hold -- such as increased workload and job responsibilities -- but I probably just needed a break from writing.

Now that I am taking a look at getting back into blogging, it doesn't appear much has changed in the fraud arena or that the news is getting better. Of course, I probably already knew that. After all, I didn't get much of a break from all the fraud that is going on out there, I merely wasn't writing about it.

For instance, Jay Foley at the Identity Theft Resource Center did a recent interview with Tom Field at Bank Info Security and is predicting some scary trends for 2010. Two of the predictions are that medical identity theft and too good to be true scams will be on the rise.

I can attest to the too good to be true schemes being on the increase. They happen all over North America on a daily basis. Strangely enough, the scams seem to recycle themselves and use the same bogus financial instruments, over and over, again.

"Well, first and foremost we are going to see a lot more scams. Because of the tough economic times, we are seeing a lot of scammers come out of the woodwork and try to suck you into this quick job, that quick job, here make a little extra money, and invariably what happens is you find yourself on the hook for greater debt and greater problems because you went to work with these scammers," according to Jay Foley.

Besides this, Jay is predicting an increase in medical identity theft, which struck me as "interesting" given all the media attention on health care legislation. Apparently, he is seeing a lot of people, who are without insurance, use some else's name and social security number to piggyback on someone else's benefits. In the article (also a podcast), Jay aptly points out that the medical industry has been plastering social security numbers on just about every document they create for years.

It should be noted -- especially as move towards digital medical records -- that in the wrong hands these records can be used for more than medical identity theft. The same information can be used to commit a host of financial crimes, including scamming the government and the insurance companies. In case you missed it, the WSJ did a story on the subject, where an insider (employee) downloaded 1100 records, which were later used by his cousin to commit $2.8 million in fraud.

There is no doubt that medical records have been identified as an easy place to steal information by the criminal element. The "trillion" dollar question right now is if making these records digital is going to make the problem worse? Only time will tell.

Estimates on medicare fraud vary greatly, but some go as high as $80 billion a year. Please note this is an estimate on medical fraud in the public sector and doesn't account for the fraud directed at the private sector. The NHCAA (National Healthcare Anti-Fraud Association) is a good place to see all the different aspects of this growing problem. The end result is a monetary loss that we all end up paying for, whether as a taxpayer or a consumer.

It's pretty hard to get an accurate estimate of how much fraud occurs, we can only guess what it might be based on the known incidents. The reality is the more successful frauds are never discovered. After all, most of the people committing fraud go to great lengths to keep their activities anonymous. It is bad for business, otherwise.

So far as industries that will be targeted, Jay predicts the payment services industry and medical industry will be the most attractive to information thieves. Is this because the payment services industry is where there is instant access to money and the medical industry has an abundance of easily accesible information to steal?

Also predicted is that the scammers, hackers and identity thieves behind these schemes are going to be much younger. Citing the urban legend status given to Albert Gonzalez (28), who has now been identified as being a member of the Shadow Crew and behind the TJX, Heartland and Dave and Buster's breaches as a fueling factor. According to Jay, his group is seeing a trend where teenagers are putting up fake e-commerce sites etc. etc. to steal payment information and steal money.

Jay also points out that most information theft is being done by insiders, or people who are given access to it. I've always said that you can have the best security systems out there -- but if you give the wrong person access -- even the best systems can be redered useless. With information being worth money, people can be recruited or even planted in organizations to steal it. While the Albert Gonzalez types make good news stories, if an organized crime group (or lone crook) wants to get in a system, it's a lot easier if they have an inside connection.

Perhaps we need to take a step back and realize that the human being is the most important part of any security equation. Human beings are on both side of the equation, whether they are the victim or the victimizer. As long as we continue to maintain information in easily accesible places (to make money) and send it (electronically) all over the place, we are going to have a problem.

You can read more about Jay Foley and the Identity Theft Resource Center (highly recommended), here.