The Top 10 Hot Identity Topics: A Smart Card Alliance Identity Council White Paper

An in-depth report on issues affecting identity management and protection

·         Hackingis the act of gaining illegal or unauthorized access to a computer system or network. Hacking is the most commonly used method for stealing an identity. Spyware on a computer can be considered hacking, even though the user may have authorized installation of the spyware. Spyware is defined as programs such as keystroke loggers and screen capture utilities, installed by a third party to monitor and observe online behavior or capture passwords and other information. Applications such as adware install themselves surreptitiously through “drive by” downloads or by piggybacking on other applications. They track users’ behaviors and take advantage of their Internet connection.  Users often unknowingly authorize spyware to be installed by clicking on the “Yes” button at the bottom of an end user license agreement.

·         Phishing is a cyber attack that directs people to a fraudulent website to collect personal information. A common phishing scam is to send an email message asking a user to update an account. The perpetrator uses an attractive lure—protecting privacy—and then asks users to verify their accounts by clicking on a convenient hyperlink. A phishing scam may also lure an individual by sending an alarming message stating that a desired service is about to be terminated. Phishers often use the services of spammers to reach the widest number of possible targets. There have been literally thousands of phishing scams on the Internet.

·         Pharmingis a cyber attack that involves a combination of ploys such as phishing, viruses, spyware, and domain name system (DNS) server cache-poisoning or spoofing. Pharming directs people to a fraudulent website by poisoning the DNS server so that web requests are redirected. Victims think they are entering personal information on a legitimate site when in fact they are not. A pharming site will often forward the web request on to the legitimate site so users see their real data.  By monitoring the traffic between the user and the intended site, a pharmer can eavesdrop on personal information and even manipulate transactions.

What Actions Are Government Taking against Identity Theft?

The Federal government and many state and local jurisdictions are passing laws and regulations requiring businesses to take certain actions against identity theft and to establish guidelines for notifying consumers when data breaches may have occurred. Governments are promoting consumer education and resources for preventing and, where necessary, recovering from identity theft.

What Are Businesses Doing to Prevent Identity Theft?

Identity theft causes substantial financial harm to private industry. Businesses incur costs to implement identity theft prevention measures and to replace the losses suffered by the victims of identity theft. These costs are absorbed by the industry and by insurance companies, but eventually they are passed on to the consumer in the form of higher prices for products and services, higher fees, and higher interest rates. Different industry sectors are tackling this problem in the manner most appropriate for that industry and for the specific patterns of theft. Being proactive, staying ahead of the professionals, and being current and diligent in security and privacy protections are critical. 

How Can Technology Help to Prevent Identity Theft?

Technology measures can prevent some types of identity theft. Businesses can require multi-factor authentication (two indisputable sources or elements that must be supplied to verify a person’s identity). Smart card-based implementations can be adopted, such as subscriber identification modules, which prevent cloning of phones and have eliminated telephone theft/fraud, or smart card-based employee IDs, which provide strong authentication, are difficult to counterfeit, and are tamper-resistant. Human intervention and resistance are required to successfully attack non-technical methods of identity theft such as dumpster diving and social engineering. In the case of dumpster diving, for example, a paper shredder can be used to destroy paper bills.

What Should Consumers Do to Protect Themselves?

Consumers should be aware of their rights and responsibilities for protecting themselves and request a free copy of their credit report. In the U.S., a recent amendment to the Federal Fair Credit Reporting Act requires that the national consumer reporting companies (Equifax, Experian, and TransUnion) provide consumers with a free copy of their credit report, upon request, once every 12 months. Consumers need to make this request through the FTC website, as this is the only authorized online source. Consumers are urged to monitor their reports routinely for unusual activity. Consumers are also encouraged to be proactive: