United States: Identity Theft Protection: A Public Priority, An Employer Opportunity

The Problem, Issues, Solutions, and Benefits
Last Updated: November 17 2005
Article by Peter Marshall

The Identity Theft Threat

Identity theft is the number one consumer crime in America, and still growing rapidly. In 2004, almost one in twelve households were victimized by some form of identity theft, and surveys indicate that approximately one fifth of Americans have been victims at one time or another. The total amount of identity fraud in 2004 reached a staggering $200 for every man, woman, and child in the US. Estimates of actual individual losses vary widely, but figures of approximately $500 average out-of-pocket loss, plus another $800 in recovery expenses per incident are considered reliable. In addition, identity recovery activities typically take scores or hundreds of hours, and often drag on for years. Once stolen, identity information enters an enormous international marketplace, and is often sold and resold many times, used again and again in a variety of scams, posing a recurring, persistent threat and hassle for the victim. This year alone, over 50 million identities have been stolen from public and private databases, and many experts worry that a wave of fraud should be anticipated over the coming months and years, as this information is sold into the criminal world and used to perpetrate increasingly sophisticated frauds.

Smart identity thieves go after major assets and quick scores, extracting large sums using a victim’s identity, and then moving on. Homes, and to a lesser extent cars, boats, and other high value assets provide a perfect opportunity. As the average value of a home in the United States has skyrocketed, the following relatively simple scam that drains your home’s equity has become all too frequent . and is just one example among many.

The thief obtains a copy of a homeowner’s Social Security number and a phony driver’s license in the homeowner’s name. Using this fake identification, the thief forges a quitclaim deed, which transfers the homeowner’s interest in a property to a third party. The property can then be transferred to anyone the thief chooses. Once the transfer has taken place, the thief applies for a home equity loan, takes the money, and quietly walks away. In another variation of this scam, the thief simply sells the house and pockets the money. Property transfers of this type can often be accomplished without drawing undue attention. Imagine the shock of the rightful homeowners - often with a fully paid-off home - when they attempt to sell their home or get a loan, and discover that their equity has been stolen! Or even worse, when an enthusiastic home buyer shows up, expecting to move in! Similar scams can occur with other real assets, such as boats, land, cars, etc. This type of high-value theft can cause irreparable financial harm, as well as a lifetime of hassles with credit.

A Gathering Storm

Not too many years ago, before computers and telecommunications revolutionized the way business and personal transactions took place, identity theft was a difficult and dangerous proposition. Forgery of legal documents was time-consuming work, and required rare expertise and equipment. Identity impersonation was a dangerous activity, fraught with personal risk on every attempt. And even in the early years of the information age, things were hardly easier for an identity thief, because identity data was maintained in only a few databases, with very high levels of security. For all practical purposes, the process of stealing and using a false identity was just as difficult as it had been in the paper era, or the handshake and look-in-the-eye era before that. The Internet and related recent developments have changed all that. In the blink of an eye data is everywhere, everything is connected, and transactions take place in the virtual anonymity and speed of cyberspace. Your identity is scattered in thousands of databases; only a hacked password away from being stolen, transmitted and sold around the world, and used by legions of criminals in an untold number of impossible-to-trace fraudulent transactions. Over a few short years, a huge underground marketplace has blossomed to trade data stolen from mailboxes, payroll files, online accounts, and credit databases, and new scams are unearthed daily to capitalize on the stolen identities. Although legislators are starting to become aware of the problem, and slowly working on laws to improve consumer notification of thefts, and limitations of liability for certain fraudulent charges, the truth is that the problem will continue to get worse before it gets better.

Identity thieves have become much more sophisticated in recent years, taking advantage of the windfall created by the combination of massive database breaches and new technology. The perfect storm of opportunity has formed from:

  • Recent successful thefts of tens of millions of identities from huge financial databases
  • The ease of assembling a complete profile of an individual using simple web resources and public information
  • The instant worldwide market for stolen identity information
  • New printer technologies that enable cheap document forgery
  • Online transactions, which enable easy impersonation while using stolen data

The Ingredients of Effective Solutions

Identity theft is an enormous challenge. Dealing with it effectively requires a comprehensive approach - prevention of a wide variety of rapidly evolving threats, constant monitoring of numerous sources for exposure, insurance against losses and expenses, and if necessary, expert guidance and support through the identity recovery process, provided rapidly and efficiently.

The first step in stopping identity theft is to assess the areas where you are at risk, so that you can take effective steps to protect yourself. In many ways, this is the most important step - basic awareness and understanding are absolutely critical in helping you to focus on the problem areas and take the simple steps that will provide the greatest protection. The Identity GuardianTM includes detailed assessment tools in each of the major risk areas, measuring each user’s unique exposure profile, and providing customized recommendations that address the specific weaknesses identified.

The next step is to safeguard your data from exposure. Computer-based thefts of data are becoming ever more sophisticated, and directed at larger and larger populations. Every day, security experts discover new threats and uncover new storehouses of stolen data - often in the millions of records - so sound information security practices coupled with quality anti-hacking tools are critical. Thefts of private information from mail, discarded papers, online sources, and public records are another huge danger, and attention to some simple recommendations will produce a dramatic reduction in your risk.

Although many people are generally aware that viruses and their younger electronic cousins - spyware and adware - are dangerous, most are worried primarily about the potential damage to their computer or the loss of valuable data. But while these are valid concerns, they overlook the big picture. Although a small percentage of the authors of viruses and other intrusive software - collectively termed "malware" - are just pranksters trying to wreak a little havoc, the vast majority of them use these and other electronic attacks to steal personal information from target computers, or to breach security to steal information held by companies.

The volume of these attempted break-ins is enormous - enough so that almost every unprotected PC has tens or hundreds of infections. In a very large number of cases, the intrusions are specifically intended to steal identity information from you, or from other computers in your network. And the threat only grows every day, with the rapid spread of wireless Internet connections, the increasing sophistication of malware, and the continuing vulnerability of Windows and the Internet Explorer browser. It is imperative that users protect themselves with an upto- date electronic shield of anti-virus and anti-spyware tools, a firewall, and other practices designed to secure their computer. The Identity GuardianTM includes access to a range of advanced and effective tools in each of these categories.

Although identity theft has received a great deal of publicity, most people still do not pay enough attention to basic preventive measures. Safeguarding your identity requires disciplined vigilance to ensure that your various identity records contain "the truth, the whole truth, and nothing but the truth". You must verify that the information in all the important sources is correct, and then regularly monitor any changes that might indicate identity theft or some other error, and respond to any suspicious activities quickly, thoroughly, and properly.

Navigating the vast and growing universe of identity databases, verifying their information, and keeping up with changes in each of them can be an overwhelming challenge, unless you have well-organized, accurate, and comprehensive guidance. The Identity GuardianTM provides a complete program for you to follow, and the tools to ensure that each critical action is completed on schedule, and each data source properly managed.

Maintaining your privacy is all about preventing others from getting access to your private information. That means:

1) Reducing the number of people who have access to your information down to the very few with a legitimate "need to know".

2) Preventing even those few from releasing it to any third party without your knowledge and permission.

3) Preventing anyone else from getting access to it, either electronically or physically.

Eliminating unwanted contacts is an important first step in reducing the number of people who have access to your private information, and the opportunities for theft:

  • It eliminates most opportunities for thieves to steal your information from mail, email, or telephone interactions.
  • It limits the spread of your contact info and identity info to third party databases.
  • Eliminating this huge volume of intrusions - and the spread, sale, and exposure of your information that goes with it - can reduce by perhaps 10x the number of exposures of your identity info, and thus drastically reduce the opportunity for theft.

Next, reduce to a bare minimum the number of parties that have your identity data, and restrict them from releasing it to anyone else. It is easy to lose sight of the tremendous number of institutions that have your information, including schools, professional associations, credit providers, employers, etc, but if you follow simple practices to control your information, your exposure to identity theft will be drastically reduced.

However, if you neglect these practices, it is only a matter of time - and not much time, at that - before you join the huge and rapidly growing population of identity theft statistics.

Finally, you must prevent people from getting direct access to your data from discarded or stolen documents, available online sources, or by cracking your passwords or PINs. In addition, you should take simple precautionary steps that will minimize your risk of identity fraud if your wallet or purse is lost or stolen. And if a loss or theft does occur, switch into recovery mode immediately to prevent losses and safeguard your identity from damage or misuse.

The explosive development of the Internet means that in less than a decade, most of us have gone from a situation where little or none of our private data was visible to the general public, to one where our profiles are available to anyone on dozens of websites, including identity thieves who seek out this information. While many people are dimly aware that their personal information can be searched out with a little effort, most have not adjusted their security consciousness and behavior to reflect the radical new threats that the Internet has enabled. This understandable, but misguided carelessness is one of the most important factors leading to identity theft.

Most people manage their online persona, including personal websites, photo sites like flickr.com, personal blogs, and online communities they participate in, as if they and their friends are the only ones who have access. In fact, professional identity thieves seek out these sites, mining them for bits of information they can use to steal identities. Personal data like SSN, birth-date birth-place, and driver’s license number should obviously be removed, but even less sensitive information, like the names of family members, pets, etc., can be exploited by thieves, who will use these personal details to contact financial institutions, the DMV, and others, pretending to be you.

The rule of thumb for your identity data is to provide it only on a "need to know" basis. Many vendors ask for this information, because they can use it for marketing, or sell it to others, or because it makes some process easier for them, but very few actually need it. Remember, it is you who bears all of the risk and cost of identity theft, not the vendor, so it is vital that you take responsibility for limiting your exposure.

You should also carefully review the information on your credit report, as well as medical, driving, social security, and other public sources, and financial account records. Inaccuracies in these records can cause you serious financial or other harm, and are an excellent indicator of identity fraud. You should establish a regular schedule for checking and verifying this data, and, most important, you should carefully review your account statements and bills each month. The Identity GuardianTM walks you through this process step by step, and provides tools to assist with each one. Once you have completed that stage, you are ready to take advantage of monitoring tools, including credit monitoring. We offer two types of monitoring, including a unique and highly effective address change detection and alert service, as well as a high quality credit monitoring offering, which together will provide you with the earliest possible detection and warning of any identity theft.

There are two basic types of identity fraud. The first, which is easier to detect and resolve, is when a thief simply uses your existing accounts and credit cards to make fraudulent purchases. These charges will show up on your account statements, and with a little attention can be quickly detected, and then contained by closing the accounts. In most cases, your maximum liability will be $50 per account if the false charges are detected and addressed in a timely fashion. The second type is when the thief uses your identity to open new accounts, receive loans or lines of credit, or take fraudulent ownership of assets, while using an address different from yours. This type of fraud is much harder to detect, and can potentially lead to much greater financial losses and be much more difficult to resolve. A variation on this type is when the thief runs up charges on your existing accounts, but changes the billing address in the account profiles, or files a change-of-address with the post office. In all these cases, the key is that by using a different address, the thief makes it difficult for you to ever know that the fraudulent activity is taking place.

Fortunately, there are a number of massive reference databases that track your address and other information whenever accounts are opened or updated, or major assets are bought or sold. If a thief uses your identity to open or update any kind of account, loan, credit, or asset with a different address, that new address will show up in the reference databases, linked to your identity.

The Identity GuardianTM provides a unique, proprietary service that monitors these databases, giving you visibility to the data, and alerting you to any changes that might indicate identity fraud. This is a very effective tool for early detection of the second, more dangerous type of identity theft, and a very important part of your protection program.

Credit monitoring services are heavily advertised, and many people have the impression that, by themselves, they will provide a high level of protection against identity theft. This is a serious misconception, which is important for consumers to understand, so that they will pay proper attention to less sexy practices that provide more effective security. While monitoring services have their place in a comprehensive identity protection arsenal, they are by no means the most important arrow in the quiver.

The major credit reporting agencies track information related to credit history, for every individual in the United States with a record of credit activity. Any time a financial account or credit card is opened, a loan is extended, or ownership of a major asset is transferred, a credit inquiry will be recorded with at least one of the agencies, and an update will be made to the credit record of the owner. Credit monitoring services can therefore be a very effective tool for detecting that an identity thief is doing any of these things in your name. The Identity GuardianTM includes access to one of the top credit monitoring services.

The Identity Guardian

Identity theft is a complex problem, with threats coming from many directions. Understanding and prevention of these multiple exposures is critical, and The Identity GuardianTM is the only solution that deals effectively with each of the major risk areas, including computer vulnerability, online data, personal information, public and private identity databases, and credit reports. And The Identity GuardianTM includes constant updates in each of these areas, to deal with fast-evolving threats, and ensure that customers have the most current, expert, and complete protection possible.

But prevention is only part of the solution: continuous monitoring of new exposures is also vitally important, including key databases that provide early warning of suspicious theft activity. Credit monitoring is useful, but often flags activity precious weeks or months after the fact, and is therefore only part of the required equation. The Identity GuardianTM includes a proprietary program to monitor major reference databases for suspicious activity, and provide real-time alerts, along with access to a leading credit monitoring service. Finally, of course, a real solution must deal effectively with thefts when they do happen. The Identity GuardianTM provides $25,000 in identity theft coverage from AIG, the world’s largest and most experienced insurer, with an additional $2000 in coverage for damage to computer hardware or software. AIG’s expert case workers will also navigate identity theft victims through a thorough and efficient process to recover and protect their identity going forward.

Identity theft has been the subject of a great deal of hype, but there’s a lot of fire along with the smoke. The growing threat, the heavy cost, and the long-term impact are real. But almost all of the purported solutions that emerge daily - capitalizing on the atmosphere of fear that the hype has raised - are seriously inadequate, missing most of the key elements. The complexity and fast-changing nature of the problem make it difficult for consumers to separate the wheat from the chaff, and many are seduced by a brand name or by scare tactics, throwing good money away on ineffective solutions. An effective identity theft protection program should include:

1) Prevention, across all of the major risk areas, including online and offline threats

2) Monitoring - constant scanning and alerts for exposures, including credit and other sources

3) Insurance - the right level of coverage is key. Too much will be a waste, never used. Too little leaves you vulnerable.

4) Recovery - expert guidance and assistance through the entire process

Only The Identity GuardianTM includes all of these critical elements, and at an extremely competitive price - actually lower than most of the alternatives that provide far less.

The Benefits of Protection

Many employers are beginning to realize that identity theft protection can be a highly valuable addition to an employee benefits program, and The Identity GuardianTM has been developed to respond to that need.

Recent surveys indicate that identity theft is at the top of the list of financial concerns of Americans, especially for professionals, who have more exposure and more to lose. Over 40% of consumers have reduced their online ecommerce in response to this threat. Over 75% consider identity theft to be a serious threat to them personally. And a similar percentage have indicated a willingness to pay for effective solutions - a recent study found most willing to pay $88 per year for insurance coverage alone.

In this context, free or discounted access to a leading identity theft protection program can be a highly marketable competitive differentiator in the employee marketplace - attracting and retaining the best people. This offering can be especially compelling in areas where employees are most aware of the threat, such as financial services, technology, and other professional domains. And the ongoing hype cycle around identity theft only reinforces the appeal of this benefit.

Importantly, identity theft protection also has a real and significant return on investment (ROI) for the employer, as well as for the employee. Conservative estimates yield a calculated return for the employer of approximately $180 per year per employee, based on avoidance of time lost to recovery alone. Other factors like reduction of redundant computer security expenses, identity protection training costs, and others can increase this return substantially. Our highly favorable pricing for employer-sponsored programs yield a payback period of 5 months or less. The value to employees is even greater, including the avoidance of significant out-of-pocket losses and expenses, resulting in an average financial value of well over $300 per year per employee - 3 times the cost of even the purely voluntary, non-sponsored benefit.

In addition to being the most comprehensive and effective program on the market, The Identity GuardianTM is specifically designed to meet the needs of benefit programs.

1) The Identity GuardianTM offers special discounts for benefit programs - lower than through any other publicly available channel. So even as a completely voluntary, non-sponsored benefit, employees get special reduced pricing they cannot get anywhere else.

2) The Identity GuardianTM program has been designed by highly experienced Benefits experts for maximum operational ease and security. We offer turnkey setup and operation, either directly to an employer or through an intermediate Benefit Administrator. We provide secure audit reports and full 24x7 support.

3) The Identity GuardianTM is uniquely secure. No private employee or employer data is required at any point in the process. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Topics
 
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions