Identity Thieves Not Big On Technology 94
alphadogg sends us to Network World, as is his wont, for a summary of a new study of identity theft based on the outcomes of more than 500 Secret Service cases from 2000 to 2006. Here is the study report (PDF). The AP has coverage emphasizing other slants on the findings. Among the surprises: just 51% of convicted ID thieves were sent to prison. Only 20% of the cases involved use of the Internet, and such cases may be on the decline. More perpetrators used good old-fashioned dumpster diving and stealing stuff out of mailboxes.
Lies, Damn Lies, and Statistics... (Score:5, Insightful)
Did they catch everyone? (Score:1, Insightful)
You're making a poor assumption (Score:5, Insightful)
Re:Three words (Score:5, Insightful)
If Credit Card companies really cared about identity theft, then why do they mail out millions of unsolicited, pre-approved credit card offers every year? Even if someone signs up for the 'opt-out' list, some unscrupulous lenders will ignore the list and send unsolicited offers in the mail.
What percentage of identity theft occurs from someone stealing one of those little envelopes, I wonder.
Alternate explaination: (Score:5, Insightful)
Law enforcement is becoming less and less effective at identifying and prosecuting electronic identity theft. After all, only 20% of thieves who got caught used the internet.
Re:Three words (Score:3, Insightful)
That's why, when you get 'em, you shred 'em.
Security is not absolute. It's always about probabilities. You reduce the chance of a breach, but you can never make it absolutely impossible.
Mod parent up! (Score:4, Insightful)
That seems to indicate that only cases that had been SOLVED were used in this "study".
Of course, which case would be easier to solve?
#1. Someone in Russia stealing your ID via a keylogger installed on your workstation.
#2. Someone in your apartment building breaking into your mailbox.
Re:Three words (Score:0, Insightful)
You aren't taking the long view. (Score:5, Insightful)
Here, you know what databases are, right? Think of a database of every possible Social Security Number.
Then, think about a criminal organization filling in the information they can find from various sources.
SSN - FName - LName - DoB - MomMaiden - Address - SpouseLink - Child1 - Child2
Fill in enough of that information and you can use it to get info on the numbers you don't have filled in.
Now, they are you, as far as any financial institution is concerned. They can take out a second mortgage on your house. They can buy a car in your name. They can steal more from you than you have in any of your accounts.
They can even try to cash out your 401k. They are you.
Wrong Statistic (Score:4, Insightful)
I don't really care if some mope dug through my dumpster, stole my credit card pre-approvals, and got caught using the fake card running up $200 worth of porn purchases. The case I worry about is the single criminal or criminal organization that systematically steals millions of pieces of credit card data and efficiently exploits each piece to the maximum extent possible.
If the investigation of each of those scenarios is one case then they have equal weight under the statistic used by the article. In terms of actually combating identity theft the latter example and the resultant prosecution is much more important and effective. Unless they discuss the loss amounts associated with cases of each case, this statistic, the conclusions based on it, and the entire article are missing the point and not talking about actually fighting identity theft and are instead talking about looking like you are fighting identity theft.
The other comments are completely on the money pointing out that this is only closed cases and the difficulty of actually closing an international investigation.
All in all another wholly misinformed article about the real threat of identity theft and online financial fraud.
Re:Three words (Score:4, Insightful)
This would be a really easy one to fix with just a bit of legislation really. The consumer credit contract should be like applying for any other major loan, consumer signature required for contract to be valid or the contract is void and all claims arising out of it are also void (i.e. the credit issuer or backer shoulders all of the responsibility for loaning out money to a phantom that they couldn't verify). This would place all of the risk for verifying identity and preventing theft on the credit card issuers. Some people might complain that this would make credit harder to get for "deserving borrowers" but really the last kind of credit that those marginal borrowers need is yet another unsecured, high rate, short term borrowing instrument (i.e. the credit card). So what if credit is a bit more expensive because we actually implement security and sound verification practices? The easy credit binges are what brought us the housing bust, the subprime mortgage meltdowns, the dotcom crash and a host of other financial disasters. Do you help an alcoholic with a hangover by giving him another drink? Do we have to give pre-approved credit card offers in the mail to everyone who is breathing and has a pulse? Who needs it?
No surprise... (Score:2, Insightful)