By Francis Adams
This is an attempt to dig into the nature and scope of data and identity theft. In the first of the four-part series, the writer delves on how the threat is affecting individuals and companies
Inspite of unwavering vigilance and surveillance by both government and private watchdogs, backed by the use of advanced technology in stonewalling such incidence, data and identity theft in the United States and India -- the world's oldest and largest democracies -- are reported to be on the rise.
Ernst & Young, among the world's top four accounting firms, revealed in its ‘Fraud & Corporate Governance: Changing Paradigm in India’ report that data or information theft, along with IP infringement were among the top five frauds in the country. In the United States, a survey by California-based research company Javelin Strategy & Research, unraveled that about 11.6 million citizens were victims of identity theft in 2011, compared to 10.2 million the survey had revealed in the previous year.
Last week, the U.S. Immigration and Customs Enforcement homeland security agents and the Secret Service arrested 19 people operating in a transnational ring that involved data and identity theft of victims from Europe, the Middle East, Asia and the United States, prompting an official to dub it "Operation Open Market".
A Federal Bureau of Investigation report, on March 13, said six people pleaded guilty to charges of identity theft after they had attempted to defraud the United States by filing fake tax returns in the names of deceased taxpayers. The conspirators apparently sent the US Treasury checks obtained by fraudulent returns to co-conspirators in Ohio, who then sold and distributed them to businesses and banks.
Days after Ernst & Young released its fraud survey report has come Monday's news that two call centre staff in India were busted by undercover reporters from the United Kingdom while trying to sell critical personal information -- names, addresses, phone numbers and credit card details -- of millions of Britons for tuppence, or twopence or two Old British pence. The report claimed that the stolen data belonged to few of Britain's large financial companies and banks, such as NatWest and HSBC.
In its survey, Ernst & Young has revealed that besides the regular targets from the banking, non-banking financial companies, real estate and telecommunication sectors, an increasing number of data and identity theft cases have now emerged from companies in infrastructure, IT/ITes and consumer products.
"The motive of committing a fraud now has shifted from “need” to “greed” making the perpetrator perform fraud to support opulent lifestyle. A typical fraudster today is in his 30's, generally from the middle management of a company. He/she is ambitious and comfortable with technology, sitting at a remote location generally working in the procurement or sales departments of companies," said the report.
Javelin Strategy and Research, which uses a broad definition for identity theft, that is, "any time a transaction occurs using a victim’s name or account information without authorization", found that certain social media and mobile phone behaviors are also easy preys for identity thieves.
"Despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity. Surprisingly those with public profiles (those visible to everyone) were more likely to expose this personal information. Specifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—all are prime examples of personal information a company would use to verify your identity. Smartphone owners experience greater incidence of fraud—The survey found seven percent of smartphone owners were victims of identity fraud," the report said.
Edward John Maher, a fugitive from England was last month arrested and indicted by the United States Attorney for the Western District of Missouri for using a Social Security card, not issued lawfully in his name, as an identification document for employment verification, last year. The indictment also claimed that Maher used the identification knowing full well that it belonged to another person. "This charge is related to Maher’s alleged use of a Missouri driver’s license in the name of his brother, Michael Maher, on Oct. 12, 2011," according to an FBI report.
While protecting personal information on social media and on mobile phone is primarily the individual owner's responsibility, safeguarding customers' personal information lies on the head of the respective company. In the United States, many states, led by California in 2002, have enacted laws that put the burden of tackling identity theft cases on businesses. The law in California requires that companies inform customers when their Personally Identifiable Information or PII -- as it is used in information security -- have been stolen or compromised. Today, about 45 states and U.S. territories have put such a law in place.
"More and more companies are taking cognizance of the changing regulatory scenario. We are seeing an increased focus on corporate governance. Also companies are increasingly now taking proactive measures against fraud, bribery and corruption," the Ernst & Young report has noted about the scenario in India.
The author can be reached at francisadams2010@gmail.com and on +91 9916484564
No comments:
Post a Comment