http://msnbc.msn.com/id/5015565/?GT1=3391
Study: ID theft usually an inside job
Up to 70 percent of cases start with employee heist
By Bob Sullivan
Technology correspondent
MSNBC
Updated: 7:03 p.m. ET May 21, 2004
A soon-to-be-released study reveals what some identity theft experts
have hinted at for years -- the crime is largely the work of insiders.
In a study of more then 1,000 identity theft arrests in the United
States, Michigan State professor Judith Collins has discovered that
perhaps as much as 70 percent of all identity theft starts with theft of
personal data from a company by an employee.
"It used to be that shrinkage (theft) was the biggest cost to employers
after payroll and healthcare. Today what we have to think about, in the
information age, is employees stealing information," Collins said. "Why
steal merchandise when they can steal data and get money?"
Collins, director of an identity theft program at Michigan State,
randomly selected 1,037 cases from around the country, then
painstakingly traced each incident to its origins. In 50 percent of the
cases, the victim's identity was originally pilfered by a company
employee. In another 20 percent of cases, evidence strongly suggested
dirty play by an insider.
Her results contradict the conventional vision of identity thieves
hacking Web sites or digging through dumpsters. But some experts said
the results could have been anticipated.
"You don't have 10 million victims a year by people going through the
trash," said Joseph Ansenelli, an executive at information security firm
Vontu Inc.
Perhaps the greatest surprise: a large number of the identities were
stolen not by an employee -- but by the business owner.
Linda Foley, executive director of the San Diego-based Identity Theft
Resource Center, actually began the non-profit agency after her identity
was stolen by her employer four years ago. She said Collins' findings on
insider theft is consistent with reports she hears from victims who call
her hotline.
"It only makes sense. A majority of the information is in the hands of
corporate America," she said.
'Crime of opportunity'
Most of the crimes began at health care or financial companies, Collins
found in her study. In most cases, temporary workers or employees
stealing data from other departments were to blame. That suggests
companies need to tighten up data security practices, she said.
Rob Douglas, an identity theft consultant in the banking industry, said
Collins' results weren't a complete surprise. About two years ago, bank
regulators issued a string of warnings about insiders committing crimes
at banks. One such notice, published by the Office of the Comptroller of
the Currency at the Treasury Department, warned that organized crime
rings were placing members in low-level teller jobs at banks in order to
commit identity theft and other crimes.
"There is always a lot of concern about hacking," Douglas said. "But the
demonstrable number of mass hacks pales in comparison to the easy old
method of insider theft. It's a crime of opportunity. The information is
right there. I always tell banks I talk to, information equals cash."
Collins' study, which will be published later this year, comes at the
same time federal lawmakers are beginning to focus attention on the
insider ID theft issue. The "Identity Theft Penalty Enhancement Act,"
now working its way through the House of Representatives, includes
additional jail time for criminals who steal data on the job.
Rep. John Carter, R-Texas, who advocated for the insider theft
provision, said the idea was generated largely from an infamous incident
in Texas last year, when a student employee at the University of Texas
allegedly stole 55,000 Social Security Numbers.
"It's an extra two years if you are an insider, and steal data, and that
data is used for a crime. We compare it to aiding and abetting a crime,"
Carter said. "We hope the word will get out, and this will act as a
deterrent."
Ansenelli called the legislation "a step in the right direction." But he
advocates for a national standard for all firms that store personal
data. Carter's legislation has no provisions for corporate liability
when employees steal data.
Collins' findings also included surprising insights into the
perpetrators of identity theft. Unlike most crimes, about half the
criminals in her study were women -- suggesting identity theft is a new
kind of equal opportunity crime.
"This crime is much different than any other crime," Collins said. "Men
tend to be more risk-takers, and committing crime is high risk. But ID
theft is low risk. For example, credit card fraud can be committed
online. ... So we're probably going to continue to see as many women as
men commit the crime."
© 2004 MSNBC Interactive
Stoney
"Designated Rascal and Rapscallion
and
SCAMPERMEISTER!"
When in doubt, SCAMPER about!
When things are fair, SCAMPER everywhere!
When things are rough, can't SCAMPER enough!
/end humour alert
alt.atheism military veteran #11
{so much for the 'no atheists in foxholes' rubbish}
.
|
