Your credit-card data is out there and criminals are buying and selling it in bulk. Credit card data theft is exploding, increasing 50% from 2005 to 2010, according to the latest figures from the U.S. Department of Justice.
Millions of card numbers are for sale. A single number might go for $10 to $50; a no-limit American Express card number for a consumer with good credit can sell for hundreds of dollars, said Monica Hamilton, marketing director at cyber-security firm McAfee Inc. in Santa Clara, California.
As a result, identity theft has become big business. The number of malicious programs written to steal your information has grown exponentially to an estimated 130 million from about 1 million in 2007, Hamilton said. The most successful identity thieves have learned that it’s more lucrative to hack into businesses, where they can steal card numbers by the thousands or even millions.
Losses suffered by the businesses they hack can be staggering — an estimated $150 to $250 for each card number stolen. Those costs come in the form of legal settlements, fees for consultants hired to remove malware, and personnel hours spent notifying customers. The costs are passed on to consumers in the form of higher retail prices and credit-card fees.
Identify theft, defined as the successful or attempted misuse of credit-card, bank-account or other personal information to commit fraud, is expected to surpass traditional theft as the leading form of property crime. Security analysts say everyone should prepare to become a victim at some point. Yet identity theft often goes unreported, and the crimes that are reported are rarely investigated.
Most local law enforcement lacks the personnel and expertise to investigate smaller identity crimes, and the FBI is only interested in massive cases involving hundreds of victims or more, Rasch said. According to some police, it is often impossible to locate the perpetrators of identity-related crimes, which makes them among the most difficult cases to solve.
“In identity theft cases it is difficult to identify the suspect(s) as they often use inaccurate information such as addresses and phone numbers,” it states. “Frequently the investigator cannot find evidence to prove who actually used the victim’s name and/or personal information over the phone or Internet.”
A 2012 study, by the Washington, D.C.-based Identity Theft Assistance Center, found that child identity theft is even more difficult to detect and resolve than adult identity theft. One problem is children often don’t find out until years later that their identities were stolen and their credit histories damaged.
Another disturbing aspect of child identity theft is the prevalence of “friendly fraud,” in which a family friend or relative — often the child’s own parents — steals the child’s identity, using the child’s pristine credit history to open credit-card accounts and take out mortgages and loans. According to the study, more than 70% of reported child identity fraud is friendly fraud.
Challenge for retailers
Individuals can have their identity stolen in a number of ways, including while swiping credit or debit cards at the cash registers of trustworthy retailers. Identity thieves use computer programs to infiltrate retail systems and begin siphoning off bank-card numbers when purchases are made. Point-of-sale system hacking is a serious and growing problem, according to business-security expert Kim Singletary.
Singletary, director of technical solution marketing at McAfee, said the security-software company has discovered about 130 million unique malware programs from across the Internet, up from just 1 million in 2007. Many of the programs are designed to infiltrate point-of-sale systems and steal customer data that can be sold or used to make fraudulent purchases, Singletary said. The fact is, no retailer can protect customer data with 100% certainty because every store, from huge chains to small mom-and-pops, relies on computer systems that are inherently vulnerable, she said.
“Software is fallible, and software can be compromised,” Singletary said.
Merchants, who usually incur the greatest losses from identity theft, often don’t pursue an investigation because it’s expensive, and the chances of solving the crime are slim, former federal prosecutor Rasch said. As a result, identity thieves usually get away with their crimes, Rasch said.
“They get to do this with impunity,” he said.
The upshot is that it’s easier and safer for an identity thief to steal $100,000 worth of credit-card numbers than it would be to shoplift an inexpensive item from the store, Rasch said.
“These crimes are going to become more numerous, and they’re going to become more sophisticated,” he said.
What thieves want
According to cyber-security expert Mark Pribish, identity thieves look for specific pieces of information:
- User names, passwords and PIN numbers.
- Social Security numbers.
- Phone and utility account numbers.
- Bank and credit account numbers.
- Employment and student identification numbers.
- Driver’s license and passport numbers.
- Professional license numbers.
- Insurance identification numbers.
- College or university financial-aid form information.
Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!*
*Click here to view the article source.
* Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.