Your credit-card data is out there and criminals are buying and selling it in bulk. Credit card data theft is exploding, increasing 50% in a five year period, according to the figures from the U.S. Department of Justice.
Millions of card numbers are for sale. A single number might go for $10 to $50; a no-limit American Express card number for a consumer with good credit can sell for hundreds of dollars, said Monica Hamilton, marketing director at cyber-security firm McAfee Inc. in Santa Clara, California.
As a result, identity theft has become big business. The number of malicious programs written to steal your information has grown exponentially to an estimated 130 million, Hamilton said. The most successful identity thieves have learned that it’s more lucrative to hack into businesses, where they can steal card numbers by the thousands or even millions.
Losses suffered by the businesses they hack can be staggering — an estimated $150 to $250 for each card number stolen. Those costs come in the form of legal settlements, fees for consultants hired to remove malware, and personnel hours spent notifying customers. The costs are passed on to consumers in the form of higher retail prices and credit-card fees.
Identify theft, defined as the successful or attempted misuse of credit card, bank account or other personal information to commit fraud, is expected to surpass traditional theft as the leading form of property crime. Security analysts say everyone should prepare to become a victim at some point. Yet identity theft often goes unreported, and the crimes that are reported are rarely investigated.
Most local law enforcement lacks the personnel and expertise to investigate smaller identity crimes, and the FBI is only interested in massive cases involving hundreds of victims or more, Rasch said. According to some police, it is often impossible to locate the perpetrators of identity-related crimes, which makes them among the most difficult cases to solve.
“In identity theft cases it is difficult to identify the suspect(s) as they often use inaccurate information such as addresses and phone numbers,” Rasch states. “Frequently the investigator cannot find evidence to prove who actually used the victim’s name and/or personal information over the phone or Internet.”
A study by the Washington, D.C.based Identity Theft Assistance Center, found that child identity theft is even more difficult to detect and resolve than adult identity theft. One problem is children often don’t find out until years later that their identities were stolen and their credit histories damaged.
Another disturbing aspect of child identity theft is the prevalence of “friendly fraud,” in which a family friend or relative — steals the child’s identity, using the child’s pristine credit history to open credit card accounts and take out mortgages and loans. According to the study, more than 70% of reported child identity fraud is friendly fraud.
Challenge for retailers
Individuals can have their identity stolen in a number of ways, including while swiping credit or debit cards at the cash registers of trustworthy retailers. Identity thieves use computer programs to infiltrate retail systems and begin siphoning off bank card numbers when purchases are made. Point-of-sale system hacking is a serious and growing problem, according to business-security expert Kim Singletary.
Singletary, director of technical solution marketing at McAfee, said the security software company has discovered about 130 million unique malware programs from across the Internet. Many of the programs are designed to infiltrate point-of-sale systems and steal customer data that can be sold or used to make fraudulent purchases, Singletary said. The fact is, no retailer can protect customer data with 100% certainty because every store, from huge chains to small mom-and-pops, relies on computer systems that are inherently vulnerable, she said.
“Software is fallible, and software can be compromised,” Singletary said.
Merchants, who usually incur the greatest losses from identity theft, often don’t pursue an investigation because it’s expensive, and the chances of solving the crime are slim, former federal prosecutor Rasch said. As a result, identity thieves usually get away with their crimes. “They get to do this with impunity,” he said.
The upshot is that it’s easier and safer for an identity thief to steal $100,000 worth of credit card numbers than it would be to shoplift an inexpensive item from the store. “These crimes are going to become more numerous, and they’re going to become more sophisticated,” Rasch said.
What thieves want
According to cyber security expert Mark Pribish, identity thieves look for specific pieces of information:
- User names, passwords and PIN numbers.
- Social Security numbers.
- Phone and utility account numbers.
- Bank and credit account numbers.
- Employment and student identification numbers.
- Driver’s license and passport numbers.
- Professional license numbers.
- Insurance identification numbers.
- College or university financial aid form information.
*Click here to view the article source.