Protect yourself from identity theft, where the new age criminal steals your identity, your money, your credit and your life as you own it
A marketing executive was recently pick-pocketed. His wallet contained his debit and credit cards, it took him a few minutes to realise what had happened and approximately 30 minutes to block each card. But by then it was already too late, for he had lost Rs 78,000 on his credit card and another Rs 35,000 from his debit. Not too long ago, a software engineer in Bengalooru was arrested, he had been making online transactions using various peoples credit card details, purchasing products from one place and auctioning them off online to various pother locations. A college-going boy travelling in the Delhi subway was using his mobile to pay off his phone bills, which got credited to his visa card. Unknown to him, one of the guys standing behind him, had seen him enter his credit card number. Before the boy reached home, his card had been maxed out, with over Rs 1,20,000 worth of goods being bought. All the above instances share one common thread; they were all cases of identity theft. This is the fraud of the new millennium and can be committed by anyone, anywhere and at anytime. Understanding and protecting yourself from falling prey to such disaster which you or may not be able to withstand, is prudent and a must in this new era.
Have you ever been sent emails, claiming you have won lotteries you never played, received large donations in wills from people you have never heard of, or been required to revalidate online banking facilities you never used? Well so have I. They seem genuine, the email address the mail comes from, the url provided by them and the steps they ask you to follow. However, these are not real and should be ignored and deleted as soon as possible. This method used by cyber crooks to gather ones personal information, which is used to transfer funds, apply for credit cards and loans all in your name, is commonly known as identity theft. This method used to get personal information from victims is known as phising.
While the Indian cyber crime unit have been hesitant to reveal the number of cases reported, that wouldn’t really give a true picture of the scenario. Since, most of these cases are never even registered. Firewalls, anti-spyware softwares, secure and password protected pages and documents may all offer you protection. However, once your 12 digit card number, 15 digit account number and basic information has been typed out in cyberspace, there is no turning back. We are all sitting ducks in the hands of sophisticated criminals who want to make “quick-money”.
What is identity theft?
Identity theft is a term used to refer to fraud that involves stealing money or getting other benefits by pretending to be someone else. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator’s actions. At one time the only way for someone to steal somebody elses identity was by killing that person and taking his place. It was typically a violent crime. However, since then, the crime has evolved and today’s white collared criminals are a lot less brutal. But the ramifications of an indentity theft are still scary.
As per the non-profit Identity Theft Resource Center, identity thefts can be sub-divided into four categories. These are financial identity theft, criminal identity theft, identity cloning, and business/commercial identity theft.
In many cases the victim is not even aware of what is being done till it is already too late. Identity theft may be used to facilitate crimes, including illegal immigration , terrorism , and espionage . It may also be used as a means of blackmail. There have also been cases of identity cloning to attack payment systems, including online credit card processing and medical insurance. Sometimes people may impersonate others for non-financial reasons too. This is often done to receive praise or attention for the victim’s achievements. This is sometimes referred to as identity theft in the media, and is a common trend seen by look-a-likes.
One does not have to think too far back before re-collecting a probable victim of identity theft in India. An American
national named Ken Haywood, whose most likely fault is, that his wi-fi internet conection was hacked, was only recently under the scanner for involvement in the Ahemdabad terrorist attacks. The sad part remains, while speculators and the cyber crime unit suspect foul play and hacking, not once has the term identity theft or identity protection been suggested. And, this just goes to show our current level of awareness towards a threat so obvious.
The current situation
The biggest case of identity theft ever seen, took place in August of this year. Eleven people, including a US secret service informant, had been charged in connection with the hacking of nine major retailers and the theft and sale of more than 41 million credit and debit card numbers! This data breach is believed to be the largest hacking and identity theft case ever prosecuted by the US Department of Justice, which announced that the suspects were charged with conspiracy, computer intrusion, fraud and identity theft. Three of those charged are US citizens, while the others are from places such as Estonia, Ukraine, Belarus and China.
The areas of data protection and securitsation are still very weak. How else could 11 people whose nations barely get along, pull of a heist involving a whooping 41 million credit card and debit card numbers. Yes, one can argue that this happened half-way across the globe and India is so much safer. But is it really? Forget the Ken Haywood incident, one might pass it off as an extreme case still in the grey area. But, last year when there was a duplicate Axis bank web page created, which was “phising” for unsuspecting baits on the internet, the victims and crime was a lot closer home. Or, a while before that when Kingfisher Airlines was duped of Rs 17 crore caused by an online ticket booking fraud, caused by credit card bookings. These credit card details were obtained by the thieves from various places like shopping mall, restraunt and petrol-pump emplyees who swipe these cards, felt the officers working on this case.
“Data loss is a burning issue that should be on the mind of every C-level executive and board member—if it isn’t already. Every day we read about companies suffering millions of dollars in losses due to security breaches. Those losses directly hurt the innocent stakeholders of those companies, including hardworking employees and shareholders. Opportunity for data loss is everywhere, and intentional or otherwise, data that ends up in the wrong place can do tremendous harm. It might be at the hands of a single disgruntled employee with a flash drive, or a forgetful member of your finance department leaving a CD-ROM on the subway. But however it happens, data loss can be devastating, and it’s only a matter of time before a high-profile company, perhaps a squeaky clean one bursting with integrity and good will, is brought to its knees by a breach” feels Dave DeWalt, McAfee, president and CEO, in McAfees and Datamonitor’s latest research report.
In India there are currently no laws in place to protect and safeguard oneself against identity theft. Nor, do organisations that are in possession of sensitive data, have procedures for data protection, flow and securitisation they have to adhere to. The IT Act 2000 currently has no specific provision to deal with identity theft. However, the Expert Committee on Amendments to the IT Act 2000 (whose report is still being considered by the government) had recommended amending the Indian Penal Code (IPC) by inserting in it, two new sections. Section 417A that prescribes punishment of up to 3 years imprisonment and a fine for cheating, by using any unique identification feature of any other person. And, section 419A, which prescribes punishment of up to 5 years imprisonment and a fine for cheating by impersonation, using a network or computer resource. Sections 417A and 419A comprehensively cover identity theft and their incorporation into the IPC would place India amongst the few nations to have specific provisions to counter the bane of identity theft.
In many cases, victims discover the identity fraud has hit them only after their credit card or bank statements reach them. The time gap between the crimes and their discovery sometimes get too large to trace out the perpetrator. Thus, to proactively counter identity theft, consumers should be kept informed about any significant changes in their credit accounts as soon as possible. Credit bureaus like the Credit Information Bureau (India) Ltd should inform consumers in case of any significant change in their credit account status.
The Unisys Security Index is a social indicator that measures consumer concern in relation to four areas of security: national, financial, internet and personal safety. “Fears about identity theft and financial fraud are top global concerns for consumers” as per the latest results of the Unisys Security Index . Identity theft is the primary security concern cited among respondents in nine out of 14 countries, while misuse of credit or debit card information ranks as the first or second greatest fear in 12 out of the 14 countries. Compared to 2007 global findings, the current Unisys Security Index again shows that consumer concern is highest in Asia.
Today there are a lot of anti-spyware, anti-virus, and even anti-phising software’s available, which can help protect you to an extent against identity theft. These software’s, while they do not guarantee your safety, they do offer protection against third party fraudsters online. In some countries there are also identity theft protection software’s and companies, which, not only guard your computer from external attacks, but also regularly do your credit analysis to check for irregularities. While, such software is yet to launch of in India, it will not be too long before we too take steps in that direction.
Another tool that is available in many countries, which face identity theft problems is identity theft insurance. An identity theft insurance policy covers you for the expenses you might incur if your identity is stolen. These might include anything from legal fees to defend any charges associated with identity theft, telephone calls, postage, rejected loan application fees and lost wages if you have to take time off work to reclaim your identity. A monthly or annual fee is usually attached to your identity theft protection policy. These policies also include assessing your credit report and will notify you if any changes are made to your credit rating.
Identity management is something financial institutes and banks are looking to imbibe into their system, hoping to prevent identity theft and data loss. Electronic identity management is defined as the management of user credentials and the means by which users might log on to an online system. It entails creating a work and data flow system, with password protection and restrictive accessibility of data, and end-to-end lifecycles of user identities across all areas of the company.
At the end of the day, while things have gotten a lot more hi-tech and savvy these days, making us prone to attacks from various places, the key to survival still remains the same as it was in the Wild West. It is the survival of the fittest, smartest and best protected, hence unless ignorance is the bliss you wish to dwell in, the next time your dealing with personal information that is important to you, take a moment to consider what exactly it is you are doing. For, whether we like it or not, a new age brings a new criminal, one that we may know or even like. So, be safe, protect your personal information and beware of the evil twins waiting to spring an attack on you.
Tips for identity theft protection
The following tips can help you lower your risk of falling victim to identity theft
* Beware of phising
Scam artists “phish” for victims by pretending to be banks, stores or government agencies. They do this over the phone, in e-mails and in the regular mail. Banks/ Financial Institutions will never ask you to update your account information online. Banks employ secure back-ups for all their servers holding important customer information, so, there is no question of any banks server failing and causing a loss of data, which you need to update online.
* Learn to shred
Shred bank and credit card statements, canceled checks and bills with account information and papers with personal information before you throw them away. Shred credit card offers that you don’t use. Do not be enticed by offers of rewards and lotteries that you get in an e-mail.
* Shield your computer
Use firewall, virus and spyware protection software that you update regularly. Download free software only from sites you know and trust. Set your browser security to at least “medium.”. To check your PC’s vulnerability to various online threats and to make it more secure .
* Click with caution
* Check your statements
Open your credit card bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals and report them immediately. Call if bills don’t arrive on time. It may mean that someone has changed contact information to hide fraudulent charges. Cancel all credit cards that you do not use or have not used in the past six months.
* Browse intelligently
Use a secure browser like Internet Explorer version 7 or Mozilla Firefox version 220.127.116.11. These browsers come embedded with technology that helps fight phishing frauds, and will warn you in most cases. You can also install the Netcraft anti-phishing toolbar as an add-on to your regular browser.
* Question ?
Ask questions whenever you are asked for personal information that seems inappropriate for the transaction. Ask how the information will be used and if it will be shared. Ask how it will be protected.
* Passwords too need protection
Be careful at ATMs and while using Phone Cards. “Shoulder surfers” mat try to get your account and PIN numbers. Commit them to memory, do not write them down. If you store them, you must encrypt the files. Put passwords on all your accounts.
Credit Sudhaar is India’s first Credit Health management & improvement company whose goal is to help clients to Restore, Enhance and Protect their Credit and make them credit healthy.
CS IdentityShield helps you to Monitor, Protect and Recover your Identity from multiple risks.
Courtesy: Financial Express