What Exactly Is Identity Theft?

In today's society, there is a white-collar crime that has greatly risen in popularity among criminals. This crime is identity theft. Hundreds of thousands of people have their identities stolen each year. According to the Federal Trade Commission, "...over 1.1 million people were the victim of identity theft in 2006." With this number, it is very evident that identity theft is one of the fastest growing crimes in our country. This paper will define identity theft, show ways of securing business premises and networks, and client documents.

What exactly is identity theft? Identity theft is a crime in which one person gets key pieces of personal and confidential information about another person without their knowledge such as Social Security numbers, credit card numbers, or driver's license numbers. Those who steal this information want these numbers to create a new identity for themselves based on the person they stole the information from. Identity theft not only affects us personally but it can effect us professionally as well. Identity thefts related to organizations are increasing in number and details. Identity theft is one of the biggest crimes effecting businesses today. The thieves' goal is to ruin the business from the inside out. "Financial crime has ruined businesses and destroyed people's lives." (Coghlan, pg. 1) Phishing is tricking a person or persons out of their confidential information in order to defraud them. "In its August 2006 Phishing Trends Report, the Anti Phishing Working Group (APWG) cited 26,150 unique phishing attacks for the month of August, nearly double the number reported in August 2005. In addition, the APWG detected almost 10,091 unique phishing Web sites during the month." (Klein, Andrea, 2007, p.74)

Identity theft often goes beyond the use of personal data. When someone with a relationship to a business becomes a victim of identity theft, the business becomes a potential risk. Identity theft can have a momentous impact on the management, operations, bank accounts, public credibility, and income of a business. "The business, in its entirety, can become a victim of identity theft. Privacy or security breaches will leave a business struggling to address the ensuing employee and client public relations crisis. The impact to the business can be versatile in terms of lost business, lost work time, regulatory issues, fines, legal expenses, and civil law suits" "(McCarthy, pg. 26).

Security breaches are one of the major concerns within corporations. These breaches usually start from the outside and work their way inwards. These breaches of security usually come from disgruntled employees and, or cleaning staff. It is commonly assumed that identity theft only affects individuals and comes primarily through the internet. The increase in business-based identity theft crimes has been well documented in the recent years. With the increase in these crimes businesses are getting more and more worried that crimes to their clients can come from the outside the United States. "Trafficking in personal data goes beyond US borders: the New York Times reports that stolen financial information is often distributed among participants of online trading boards, and the buyers are frequently located in Russia, Ukraine, and the Middle East"(McCarthy, pg. 26). Computers and communication devices such as laptops and PDA's can be stolen from offices, cars, and homes and individuals and companies are rightly concerned that their personal and business information is out there for the world to use. Too often such stolen items are unencrypted and it is easy to access personal and business information. Businesses should be required to have a data security plan set in place. "Your data faces just as much risk, if not more, from old fashioned physical theft. Consequently, your data security plan should consider the risks of physical theft and damage by insiders (such as disgruntled employees and cleaning staff) and professional thieves."(McCarthy, p.27)

The reason that most thieves inside a company go for these items are that they are in plain view and there are no security devices to prevent theft. "Financial institutions are by far the most targeted, enduring 92 percent of all attacks. Furthermore, smaller financial institutions, such as credit unions and community banks, tend to bear the brunt of these attacks, as their systems are often easier to infiltrate." (Klein, Andrea, 2007, p.74-75)

There are ways to prevent property theft that most companies don't think about. One way is to hire a firm that will secure business equipment inside the company. Such a security company will identify security exposures and risks. Once identified, the firm can then implement "layers of protection." Solutions to these identified problems can include door contacts, motion detectors, door card readers, and so on. Digital cameras can be installed and programmed to start recording if an event occurs that is not common, such as a door being opened after hours or when an alarm is triggered. Another way to protect company equipment items from being stolen is to restrict access to specified areas and record an audit trail for employee access to those areas. An example of this is the door to a server room or client file room that can be equipped with a card reader or keypad lock requiring a unique combination for each employee authorized to enter the room. "That technology provides an audit trail. It shows the last person in and out of the room in case records are missing or there is damage to the servers. You can also combine that protection with a digital camera that starts recording when someone enters the restricted area." (McCarthy, p.27)

But unfortunately no security system is perfect. With security measures in place companies can't always keep employees out of areas they aren't authorized to be in. Cameras or access controls can help detect intrusions with, and they can document a break in, but they cannot stop it from happening. If someone wants to get in, they generally find a way to do it. Because items can be stolen and taken off property, security measures need to be effective and in place off premises as well. Software must be put on laptops that allow employees to create an encrypted virtual drive on a laptop that will serve as data storage safe. All confidential documents, such as personal information, tax information, and any other confidential information should be stored on these encrypted storage units. Another way to protect information off site is by placing backup files on a cd and encrypting the data on the disc so that no one can access it without the encryption code.

Identity theft is often discovered some time after the occurrence.