San Diego, CA - The American National Standards Institute (ANSI) and the Better Business Bureau (BBB) created the Identity Theft Prevention and Identity Management Standards Panel (IDSP). The ICFE is a panel member. The IDSP is designed to bring together the spectrum of standards and guidelines germane to ID Theft & Fraud Prevention and ID Management that exist across industries and sectors into a single resource, accessible to businesses of all sizes and types. As part of this process, the Panel identified standards that need updating and/or gaps where new standards work should be done.
The IDSP Newsletter provides information on identity related news items, either pulled from the headlines or submitted by IDSP participants. If you have news that you would like to share for a future issue, please send it to the IDSP Program Administrator.
All States Comply with Real ID, Intentionally or Not
The Department of Homeland Security (DHS) has "granted" 2009 compliance extensions to all states to comply with the Real ID Act. After a skirmish with the state of Maine in the late hours of the March 31 deadline for states to apply for an extension--Maine, along with a handful of other states, declined to comply with the act, much less ask for an extension--DHS announced April 2 that all jurisdictions in the United States had complied with and met the initial RFID (radio-frequency identification) requirements.
FTC Announces Settlements with Retailer TJX and Data Brokers Reed Elsevier and Seisint
Discount retailer TJX and data brokers Reed Elsevier and Seisint, in two unrelated Federal Trade Commission actions, have agreed to settle charges that each engaged in practices that failed to provide reasonable and appropriate security for sensitive consumer information. The settlements require that the companies implement comprehensive information security programs and obtain audits by independent third-party security professionals every other year for twenty years.
Auto Parts Retailer Reports Network Breach
Advance Auto Parts reported a "network intrusion" that exposed financial information of up to 56,000 people and was the subject of a criminal investigation. While the auto parts retailer did not specify how the access had been gained to its network, the company has notified its credit, debit and check processors. Advance Auto Parts is offering the affected customers a credit monitoring product from a national credit reporting agency at no cost for one year.
In a recent report to Congress, Nina Olson, the IRS national taxpayer advocate, identified identity theft as one of the "most serious problems" that taxpayers face. Already this year, the IRS says that taxpayers have forwarded 33,000 phishing-scam emails to the agency reflecting 1,500 different schemes. While the IRS says that they have made improvements to combat the problem, Ms. Olson says that the agency "has not done enough to improve identity theft procedures for victims of identity theft or to secure its filing system from fraudulent filers."
The Federal Trade Commission is warning consumers about scams involving the rebate checks the government plans to send. A typical instance involves the scammer calling or emailing consumers claiming to be from the Internal Revenue Service or the Social Security Administration. The scammer will then request personal information from the consumer needed to steal the government rebate. The FTC cautions against giving out personal or financial information in response to an unsolicited call or email. The IRS does not gather information for rebates by telephone, nor does it send unsolicited e-mail to taxpayers about tax account matters.
House stealing is a new kind of crime that is surprisingly easy to accomplish, according to the FBI. After selecting a home to steal, the con artist assumes the identity of the homeowner and creates fake identity documents. Next, the con artist goes to an office supply store and purchases forms that transfer property. Once these documents are forged they can be combined with the previously created fake identity documents and the con artist can file the deeds with the proper authorities. While this new crime is not too common at this point, the FBI is still keeping an eye out for any major cases or developing trends.
While medical identity theft only accounted for 3 percent of identity theft in 2005, according to the Federal Trade Commission, privacy experts worry that the push toward electronic medical records will lead to an increase in the incidence of medical identity theft. In the past, experts have attributed medical identity theft to solo operators in need of medical care; however, a new trend and accompanying theory is emerging that holds employees of the healthcare system responsible for stealing patients' information to make false insurance claims. One such case involved the theft of 1,100 Medicare beneficiaries' medical identities a few years ago by a front desk clerk who used the stolen information to make more than $2.8 million in false Medicare claims.
According to the non-profit Identity Theft Resource Center (ITRC), reported data breaches more than doubled in the first quarter of 2008 compared with the first quarter of 2007. The ITRC advises, however, that it is too early to draw the conclusion that more breaches are actually occurring. Factors potentially responsible for the increase may include state mandatory reporting laws, corporate integrity, or the fear of media exposure. In addition, those receiving breach letters are not being given enough information, according to IRTC.
The tech industry's out to thwart data breaches at supermarkets, on social networks, in banks and schools, and across government and business, but it has a long way to go to get out the word about available products. Identity theft remains a big issue, yet relatively few companies plan to use data loss prevention products on their computers. Makers of such products hope regulations will boost the market.
Quest Software, Inc, (Nasdaq: QSFT) has released the results of its Identity Management Government Survey of federal, state, local and municipal government IT professionals' perceptions on the progress of compliance with mandates such as HSPD-12, FIPS 201, and FISMA. The survey was conducted by Pursuant, a public opinion research firm. One of the findings shows that while most government IT professionals (69%) believe that identity management is "very important" to their organization or agency, even more (72%) believe it will increase in importance over the next five years.
According to M.E. Kabay of Network World, identity-theft rates are higher in the United States compared to some other countries in part because of the use and inadequate control of universal identifiers in the U.S., such as the use of social security numbers. The system of fraud recovery in the U.S. banking system as well as the practice of sending unsolicited, pre-approved application forms to millions of residents are cited as other root causes in the rise of identity theft.
HM Treasury has published Sir James Crosby's independent review, "Challenges and opportunities in identity assurance," which consists of contributions from twelve organizations from both the public and private sector. The review looks at how the most effective ID assurance systems and infrastructure can maximize the economic and social advantage to the UK. The terms of reference for the review were to: appraise the current and emerging use of identity management in the private and public sectors and identify best practices; consider how public and private sectors can work together, harnessing the best identity technology; and produce a report. The report supports the UK government's commitment to establish a national ID card scheme, recommends the government enable employers to quickly verify "right to work" for new employees, and supports efforts underway to provide a free service for the swift repair of compromised identities. With regard to that last aspect, see attached additional information provided by Susan Grant, Consumer Federation of America.
Please check the IDSP
Events Calendar for regularly updated event information.
For further information and updates on the Panel, please visit the
IDSP website.