The Top 10 Hot Identity Topics: A Smart Card Alliance Identity Council White Paper

An in-depth report on issues affecting identity management and protection

An individual’s identity is defined most simply by the set of characteristics that enable a person to be recognized or known. There are three ways of thinking about identity:

·         Identity from nature: characteristics given by the birth parents to the child (fingerprints, DNA, iris pattern)

·         Identity from status: characteristics assigned to individuals by other people in society (Social Security number, credit card number)

·         Identity from behavior: characteristics assigned to individuals by other people based upon the individuals’ actions (marking profile, credit rating, criminal record)

What Is Identity Theft?

Identity theft is the appropriation of another person’s personal information without permission in order to commit fraud, to steal the person’s assets, or to pretend to be the other person. Identity theft is the fastest-growing crime in the United States, according to the U.S. Federal Trade Commission (FTC). Between January and December 2004, Consumer Sentinel, the complaint database developed and maintained by the FTC, received over 635,000 consumer fraud and identity theft complaints. Consumers reported losses from fraud of more than $547 million. 

There are many types of identity theft, and many stakeholders besides the perpetrator and the victim are involved in identity theft. Identity theft affects all of society. 

How Does Identity Theft Occur?

To prevent identity theft, it is essential to understand who commits identity theft and how identity theft occurs. Typically, three types of people commit identity theft:

·         Someone close to the victim, who knows the victim’s habits and movements

·         Amateurs, who look for unsuspecting subjects and opportune moments

·         Professionals, who work independently or as part of an organized group.

There are many ways to commit identity theft, some simple and some very sophisticated. Simple methods are used mostly by persons close to the victim and by amateurs. The most common simple methods are dumpster diving and social engineering.  Dumpster diving is the practice of rummaging through garbage for a consumer’s personal information. Dumpster divers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting and discarding it. Social engineering methods generally use techniques that rely on human interaction to trick people. A perpetrator might try to gain the confidence of a colleague and then ask to “borrow” their user ID and password to access a secure network, or they might impersonate a utility representative and call an unsuspecting customer to “verify” the Social Security number associated with the account. There are countless examples of these simple methods, and even in today’s environment, they remain very successful.

Professionals use both simple and sophisticated methods to steal identities but tend to focus on methods that can be automated since such methods can be less time-consuming and more profitable. These automated methods are usually technology-driven and include techniques such as skimming, hacking, phishing, and pharming.

·         Skimmingis the practice of stealing credit card information by capturing it in some form of card reader. The thief employs methods such as swiping the credit card a second time during an actual purchase or attaching a reader to an ATM machine where the card is swiped. Skimming occurs infrequently because of the technology required, but when it does occur, damages can be substantial.