SlideShare ist ein Scribd-Unternehmen logo

National Consumers League 2013 State of ID Theft Report

N
nationalconsumersleague

Identity theft remains a pernicious threat to consumers. While the federal government and private sector have done much to address this issue, it is important that legislators and regulators remain vigilant to protect consumers from this ever-evolving fraud.

1 von 14
Downloaden Sie, um offline zu lesen
© National Consumers League 2013 1 The State of Identity Theft in 2013 A National Consumers League White Paper Examining Fifteen Years of Federal Anti-Identity Theft Consumer Protection Policies Prepared by John D. Breyault Vice President of Public Policy, Telecommunications and Fraud National Consumers League1 Thesis: Identity theft remains a pernicious threat to consumers. While the federal government and private sector have done much to address this issue, it is important that legislators and regulators remain vigilant to protect consumers from this ever-evolving fraud. Executive Summary May 3, 2006 was a typically beautiful spring day in Washington, DC, with temperatures in the mid 70’s, a slight breeze and clear skies. As the workday wound down, a data analyst from the Department of Veterans Affairs took home a laptop and an external hard drive, as he had done regularly for the previous four years. That night, however, the laptop and hard drive were stolen during a burglary of the analyst’s Maryland home.2 The two devices contained unencrypted information -- including names, dates of birth, Social Security Numbers and medical information on more than 26.5 million active duty members of the military, National Guardsmen, Reservists, veterans and their spouses. This theft followed a highly publicized data breach at data broker ChoicePoint in February 2005.3 That same month, Bank of America announced that it had lost tapes containing the Social Security Numbers and account information of more than 1.2 million                                                                                                                 1 This white paper was underwritten by an unrestricted educational grant from Google, Inc. 2 Electronic Privacy Information Center. “Veterans Affairs Data Theft.” Online: http://epic.org/privacy/vatheft/ 3 “ChoicePoint: More ID Theft Warnings,” CNN/Money. February 17, 2005. Online: http://money.cnn.com/2005/02/17/technology/personaltech/choicepoint/
© National Consumers League 2013 2 federal employees, including some members of the Senate.4 In each case, the breaches exposed Americans to possible identity theft. This spate of high-profile data breaches prompted President George W. Bush to issue Executive Order 13402 on May 10, 2006. The order created the federal Identity Theft Task Force, charging 15 federal departments and agencies with crafting a comprehensive national strategy to combat identity theft. In April 2007, the task force issued its strategic plan, which included 31 recommendations ranging from small incremental steps to broad policy changes.5 More than a year later, in September 2008, the task force released a report describing the progress of the seventeen member agencies in implementing the task force’s recommendations. While many of the recommendations had been successfully implemented, the report noted that the implementation of others were still in progress.6 Many of the reforms prompted by the task force have had an impact, but it remains unclear if the federal government’s policies are keeping up with the threat of identity theft, which continues to evolve. The scope of identity theft is massive. Every year for more than a decade this form of fraud has been the single largest source of complaints to the Federal Trade Commission.7 While the number of consumers affected has decreased significantly from 2009-2010, more recent data shows that this scam is once again trending in the wrong direction. In 2012, identity fraud affected 5.26% of American consumers or 12.6 million people, the second straight year the incidence of identity fraud increased. Losses from identity fraud also increased from $18 billion in 2011 to $20.9 billion in 2012.8 Clearly, identity theft perpetrators are becoming more professional and more networked. Sophisticated identity theft black markets exist to facilitate the buying and selling of compromised identities. These black markets are supplied by growing numbers of data breaches affecting organizations from small retailers to large banks and government agencies                                                                                                                 4 Nowell, Paul. “Bank of America Loses Tapes With Federal Workers’ Data,” The Washington Post. February 26, 2005. Online: http://www.washingtonpost.com/wp-dyn/articles/A54823-2005Feb25.html 5 The President’s Identity Theft Task Force. Combating Identity Theft: A Strategic Plan. April 2007. Online: http://www.identitytheft.gov/reports/StrategicPlan.pdf 6 The President's Identity Theft Task Force. Task Force Report. September 2008. Online: http://www.idtheft.gov/reports/IDTReport2008.pdf 7 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 8 Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013.
© National Consumers League 2013 3 at every level. These breaches have caused millions personal records to be compromised, allowing identity thieves to conduct their crimes with greater ease than ever before. Progress, to be sure, has made in a number of areas. Identity thefts affecting existing consumer accounts (e.g. credit cards, bank accounts) appear to have decreased in frequency, and the time and expense necessary to recover from identity theft has decreased. Despite these advances, however, the changing face of identity theft presents consumers with new worries. However, the increasing prevalence of new account fraud, tax-related and medical identity theft suggest that identity thieves are increasingly seeking fraud that can remain undiscovered for longer time periods. For instance, it appears that identity thieves are becoming adept at aggravated identity theft, particularly involving the creation of new accounts.9 A significant concern is the increasing use of stolen identities to commit tax-related identity theft. Government documents or benefits fraud is by far the largest and fastest-growing category of identity theft complaints, increasing from 19.2% of identity theft complaints in 2010 to 46.4% in 2012.10 Tax or wage-related fraud complaints make up 93.5% of this category, up from 81.3% in 2010.11 This much is clear: the threat of identity theft is not going away anytime soon. It is therefore critical that the successes achieved by the President’s Identity Theft Task Force, new consumer protection laws and private sector data security efforts not be taken for granted. Instead, policymakers in Congress and the Executive Branch should consider a range of reforms to address the evolving identity theft threat. These include: 1. The President’s Identity Theft Task Force Report should be updated to reflect reforms undertaken since 2008. 2. Congress should pass comprehensive data breach notification legislation.                                                                                                                 9 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf 10 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 11 Ibid.
© National Consumers League 2013 4 3. The Federal Trade Commission should collect and publish data on the effectiveness of the Red Flags Rule in preventing identity theft. 4. Those who shape U.S. foreign policy should set as a key goal achieving additional Memoranda of Understanding on identity theft with foreign governments. 5. The Federal Trade Commission and Internal Revenue Service should launch a comprehensive effort to improve consumer protections for tax-related identity theft. 6. The Obama Administration should explore stronger incentives and penalties to encourage private sector businesses to better protect the personally identifiable data they collect. I. Identity Theft Continues to Affect Millions of Consumers and Cost the U.S. Economy Billions Identity theft is a serious, pernicious threat to millions of consumers annually. According to Javelin Strategy, which publishes one of the few longitudinal studies tracking identity fraud, 12.6 million consumers were affected by identity fraud in 2012. Losses stemming from identity fraud are estimated to total $20.9 billion annually.12 To put this total in context, $20 billion in identity fraud losses annually is equivalent to the insured cost of a Hurricane Sandy hitting the economy every year.13 Consumers reported in an April 2013 Zogby poll that identity theft was their biggest concern about the Internet (39%), higher than viruses and malware (33%), government surveillance of                                                                                                                 12 Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. 13 Holm, Erik and Scism, Leslie. “Sandy’s Insured Loss Tab: Up to $20 billion,” The Wall Street Journal. November 2, 2012. Online: http://online.wsj.com/news/articles/SB10001424052970204712904578092663774022062
© National Consumers League 2013 5 data (12%) or cyber-bullying and stalking (5%).14 This consumer concern about identity theft is reflected consistently in polling. When asked to name the most significant privacy-related threat, 61% of consumers named identity theft.15 Similarly, a 2012 Forrester survey found that consumers’ primary privacy, safety and security concern when it comes to the Internet is having their identities stolen.16 The fallout from identity theft victimization is especially destructive for confidence in small businesses. Fifteen percent of identity theft victims changed their behaviors and avoided smaller online merchants. Larger merchants are not as affected by this behavior change.17 Data breaches are a major source of the compromised personal information that fuel identity theft. Such breaches occur in a myriad of ways, including phishing schemes, insider attacks, and sophisticated hacking attacks. The total impact of these breaches is massive. One study recorded more than 2,500 incidents since 2004, affecting 1.1 billion records.18 The scope and size of the data breach issue is directly relevant to identity theft because consumers whose data is compromised by a breach are significantly more likely to be victims of fraud than those who are unaffected by a breach. In 2011, 5.3% of all consumers were victims of identity fraud, while 22.5% of consumers whose data was compromised became victims of fraud.19 Data breaches clearly increase the risk of consumers becoming victims of fraud, but it appears that identity thieves may be using stolen identity information in new and more egregious ways. For example, the number of identity theft cases filed and the number of defendants convicted both decreased in 2009 and 2010 relative to 2008. However, the numbers of aggravated identity theft cases filed and defendants convicted have continued to increase.20                                                                                                                 14 Digital Advertising Alliance. “Poll: Americans Want Free Internet Content, Value Interest-Based Advertising,” Press release. April 18, 2013. Online: http://www.aboutads.info/DAA-Zogby-Poll 15 Ponemon Institute. 2012 Most Trusted Companies for Privacy. Pg. 2. January 28, 2013. Online: http://www.ponemon.org/local/upload/file/2012%20MTC%20Report%20FINAL.pdf 16 Enright, Allison. “Consumers worry about online privacy, but shop anyway,” Internet Retailer. May 11, 2012. Online: http://www.internetretailer.com/2012/05/11/consumers-worry-about-online-privacy-shop- anyway 17 Javelin Strategy & Research. “2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters,” Press Release. February 2013. Online: https://www.javelinstrategy.com/brochure/276 18 Verizon RISK Team. 2013 Data Breach Investigations Report. Pg. 4. May 2013. Online: http://www.verizonenterprise.com/DBIR/2013/ 19 Source: Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. 20 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf
© National Consumers League 2013 6 Identity theft has been the most common fraud complaint to the Federal Trade Commission for the past thirteen years.21 In response, the Commission has rightfully made the fight against identity theft a top priority. However, trends in the complaint data are suggestive of changes in how identity thieves are monetizing stolen information. At one time, compromised identity data was used most often to commit credit card fraud. Now the broad category of government documents or benefits fraud has become by far the largest and fastest-growing sub-category of identity theft complaints. In 2010, complaints about this type of scam accounted for 19.2% of identity theft complaints to the FTC. By 2012 this number had risen to 46.4%, outpacing credit card fraud, bank fraud, employment-related fraud, phone or utilities fraud and loan fraud, combined.22 This should be a wake-up call for the Obama Administration, Congress and state authorities. Fig. 1 Source: Federal Trade Commission. Consumer Sentinel Network Data Book (CY 2008-12)                                                                                                                 21 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 22 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf
© National Consumers League 2013 7 Within the government documents/benefits fraud category, the use of stolen identity information to file fraudulent tax returns has historically been the dominant type of scam. Over the past seven years, this scam has grown ever more popular among identity thieves, increasing from 63% of all government documents/benefits fraud complaints in 2006 to 93.53% of such complaints in 2012. Tax identity theft theft occurs when thieves use personal information, such as a consumer’s Social Security Number and full name to submit fraudulent tax returns and obtain refunds to which they are not entitled. In 2011 alone, approximately 1.1 million suspicious tax returns were identified, resulting in $3.6 billion in potentially fraudulent refunds paid by the IRS due to identity theft.23 Fig. 2 Source: Federal Trade Commission. Consumer Sentinel Network Data Book (CY 2008-12)                                                                                                                 23  Treasury  Inspector  General  for  Tax  Administration.  “Identity  Theft:  IRS  Detection  Has  Improved,  Yet   Billions  Still  Lost  in  2011  Returns,”  Press  Release.  November  7,  2013.  Online:   http://www.treasury.gov/tigta/press/press_tigta-­‐2013-­‐39.htm    
© National Consumers League 2013 8 While the nature of identity theft is changing, the scope of the problem clearly remains massive. Consumers are still concerned about the threat of identity theft and rightfully so. While the direct cost to consumers of being a victim in money and time have decreased, the indirect costs to the economy, taxpayers and confidence in the Internet are no less worrisome. II. Background On Federal Anti-Identity Theft Efforts Since the 1970s, consumers have benefitted from legislation that safeguards their finances from misuse, providing a basic level of identity theft protection. For example the Fair Credit Reporting Act imposes a duty on consumer reporting agencies to ensure that the information they report is accurate. The FCRA also gives consumers right to file suit for violation of the Act. The Fair Credit Billing Act provides consumers with an opportunity to receive an explanation and proof of charges that may have been made by an imposter. The FCBA also gives consumers the right to have unauthorized charges removed from their accounts. Finally, the Electronic Funds Transfer Act limits consumers’ liability for unauthorized electronic fund transfers as long as they notify their financial institution in a timely manner. The cumulative effect of these 1970’s-era laws is that much of the financial cost of fraud stemming from identity theft is borne not by consumers themselves, but by financial institutions instead. By the late 1990’s, the rise of Internet-fueled identity theft exposed the limitations of these laws. Congress took an important first step in attacking the identity theft problem with the passage of the Identity Theft Assumption and Deterrence Act of 1998, which made identity theft a federal crime. This was followed by the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which directed the FTC to work with credit card issuers to improve security procedures.24 FACTA also gave consumers the right to request a free credit report from each of the major credit reporting bureaus every twelve months and to have a fraud alert placed on their credit reports if they suspected identity theft. In 2004, the Identity Theft Penalty Enhancement                                                                                                                 24 FACTA’s requirement that the FTC work with businesses to implement security safeguards led to the creation of the Red Flags Rule. This Rule requires many financial institutions and creditors to implement written Identity Theft Prevention Programs to identity the warning signs (“red flags”) of identity theft in their day-to-day operations. The Red Flags Rule went into effect on December 31, 2010. For additional information, see the Federal Trade Commission's “Fighting Identity Theft with the Red Flags Rule: A How- to Guide for Business.” Online: http://www.business.ftc.gov/privacy-and-security/red-flags-rule
© National Consumers League 2013 9 Act established additional penalties for aggravated identity theft. Most recently, the 2008 Identity Theft Enforcement and Restitution Act authorized restitution for the time spent by victims recovering from the harm caused by an actual or intended identity theft. In addition to legislative action increasing consumer protections against identity theft, significant reforms have been undertaken by Executive Branch agencies to address the threat of data breaches and the resulting danger of identity theft. In 2006, following a spate of high-profile data breaches, President George W. Bush issued Executive Order 13402. The Order created the federal Identity Theft Task Force, charging 15 federal departments and agencies with crafting a comprehensive national strategy to more effectively combat identity theft. In April 2007, the task force issued its strategic plan, which included 31 recommendations, ranging from small, incremental steps to broad policy changes.25 Notable recommendations from the Task Force included: ● Reducing the use of Social Security Numbers by federal agencies; ● Establishing national standards for private sector protection of personal data; ● Promoting a nation data breach notification standard; ● Implementing a broad and sustained consumer, industry and public sector awareness campaign regarding identity theft; and ● Creating a National Identity Theft Law Enforcement Center to coordinate enforcement resources targeted at identity theft. A progress report released by the task force in September 2008 detailed the federal government’s progress in implementing the strategic plan. Notable reforms undertaken as a result of the Task Force’s recommendations included (but were not limited to): ● Task Force member agencies have significantly reduced their use of Social Security Numbers; ● Federal agencies have increased the use of encryption technology on laptops and other mobile data devices containing agency data;                                                                                                                 25 The President’s Identity Theft Task Force. Combating Identity Theft: A Strategic Plan. April 2007. Online: http://www.identitytheft.gov/reports/StrategicPlan.pdf
© National Consumers League 2013 10 ● Congress passed the Identity Theft Enforcement and Restitution Act, which addressed a number of deficiencies in the federal criminal related to identity theft while giving consumers an avenue for restitution for losses stemming from identity theft; ● Numerous identity theft databases (e.g. the FTC’s Identity Theft Data Clearinghouse) and joint enforcement coordination efforts have been undertaken to make enforcement efforts more efficient; and ● Identity theft coordinators have been established in each U.S. Attorney’s Office to coordinate anti-identity theft efforts between these offices and the Department of Justice.26 While a number of the task force’s recommendations had been successfully implemented, many were still in progress as of the publication of the 2008 report. A notable example is the failure of Congress to pass a comprehensive national data breach notification law. As of November 2013, 46 states as well as the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands have passed state data breach notification laws.27 This has created significant challenges given the national scope of many data breaches.28 The implementation of these consumer protections has correlated with a significant reduction in the incidence of certain types of identity theft, particularly schemes involving credit card fraud, bank fraud and loan fraud. This trend is also reflected in federal identity theft cases filed and defendants convicted, the rates of which peaked in 2007 and declined in each of the following three years.29 Whether these trends are a direct result of the new protections implemented by the federal government is unclear. However, we know that identity thieves tend to seek out schemes that offer the most profit with the least risk, so it seems plausible that these reforms are having an effect on the broader problem.                                                                                                                 26 See generally: The President’s Identity Theft Task Force. Task Force Report. September 2008. Pgs. 6- 49. Online: http://www.idtheft.gov/reports/IDTReport2008.pdf 27 National Conference of State Legislatures. “State Security Breach Notification Laws.” Online: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification- laws.aspx 28 For additional discussion on this topic see: Geer, David. “Data breach notification laws, state and federal: A review with commentary for security C-levels,” CSO. November 1, 2013. Online: http://www.csoonline.com/article/742430/data-breach-notification-laws-state-and-federal?page=1 29 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf
© National Consumers League 2013 11 III. Recommendations for Responding to Evolving Identity Theft Threats Consumers and law enforcement agencies have powerful tools at their disposal to attack the identity theft problem. However, as with other types of cyber crimes, identity thieves are nothing if not resilient and adaptable. For example, they appear to be shifting their activities towards tax- related identity theft, potentially as a way to avoid stronger countermeasures at financial institutions. Significant structural challenges that enable identity theft also remain an issue. In particular, the raw fuel for identity theft − compromised personal information − is more widely available than ever thanks to the explosion of data collection by the private and public sector. More information under the control of more organizations necessarily means that more data will be compromised. It should not be surprising, then, that reports of data breaches are becoming an almost daily news item. Since 2005, the non-profit Privacy Rights Clearinghouse has recorded more than 4,000 data breaches -- more than one per day for nine straight years.30 It is a near-certainty that many more breaches have gone unreported.31 The glut of data breaches may even be driving down the price of stolen identities in the cybercriminal underground due to oversupply.32 The professionalization of identity theft also poses new challenges. Whereas in the past identity theft may have been about establishing bragging rights within the hacker community, today it is                                                                                                                 30 Privacy Rights Clearinghouse. “Chronology of Data Breaches,” (Accessed November 24, 2013). Online: https://www.privacyrights.org/data-breach 31 A dramatic visualization of the growing number of of data breaches was recently created by London- based author and data-journalist David McCandless who plotted the world’s biggest data breaches on a time scale to illustrate the growing threat. Online: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 32 Higgins, Kelly Jackson. “Glut in Stolen Identities Forces Price Cut in Cyberunderground,” Dark Reading. November 19, 2013. Online: http://www.darkreading.com/attacks-breaches/glut-in-stolen- identities-forces-price-c/240164089
© National Consumers League 2013 12 a thoroughly organized moneymaking criminal enterprise.33 Numerous black markets for stolen identity information exist online, some even featuring help desk support.34 While There are steps that consumers can take to mitigate their risk of identity theft, the onus must not be on the individual consumer - weak passwords are not the cause of massive ID theft. Consumers of course should monitor credit reports, install anti-virus software, keep computer operating systems up-to-date and maintaining strong passwords to name but a few. However, given the explosive growth of data breaches, the ability to control vulnerability to identity theft is largely out of consumers’ control. Given these operational and structural challenges, policymakers must adapt to ensure that the gains made over the previous seven years of anti-identity theft work are not reversed. To begin a dialogue on this issue, we urge policymakers to consider the following recommendations: 1. Update the President’s Identity Theft Task Force Report. This will enable policymakers and advocates to better evaluate the impact of actions taken in response to the Task Force’s recommendations since 2008 and discuss new reforms that may be necessary given the changing nature of identity theft. 2. Congress should pass comprehensive data breach notification legislation. The 46 state data breach notification laws frequently conflict and may confuse consumers who receive notifications. Given the national (and in many cases, international) scope of data breaches, a national standard for notification is warranted. The most stringent state data breach notification laws should serve as the basis for a federal standard. 3. The Federal Trade Commission should collect and publish data on the effectiveness of the Red Flags Rule in preventing identity theft. A key provision of FACTA directed the FTC to work with the private sector to create a Red Flags Rule to enhance protections against identity theft in the business community. The full enforcement of the Rule was delayed until the end of 2010. The FTC should evaluate whether the Rule is affecting identity theft rates and, if necessary, consider strengthening the Rule to improve consumer protections.                                                                                                                 33 McAfee Security Advice Center. “The Evolution of Cybercrime,” Spring 2011. Online: http://home.mcafee.com/advicecenter/?id=rs_na_sp11article1 34 Higgins, Kelly Jackson. “Glut in Stolen Identities Forces Price Cut in Cyberunderground,” Dark Reading. November 19, 2013. Online: http://www.darkreading.com/attacks-breaches/glut-in-stolen-identities-forces- price-c/240164089
© National Consumers League 2013 13 4. Those who shape U.S. foreign policy should set as a key goal achieving additional Memoranda of Understanding on identity theft with foreign governments. The international nature of much identity theft demands cooperation between U.S. law enforcement agencies and their foreign counterparts. This is greatly facilitated when there are clear rules and procedures governing the sharing of information between international partners. 5. Federal regulators should launch a comprehensive effort to improve consumer protections from tax-related identity theft. Identity thieves taking advantage of the U.S. tax collection system has become a major cause for concern. Consumers should be empowered to take preemptive action to protect themselves from tax-related identity theft. The IRS should expand the availability of PIN technology to consumers that request it, not just identified victims of identity theft. 6. Explore additional incentives and penalties to encourage private sector businesses to better protect the personally identifiable data they collect. Limiting consumer liability for fraudulent credit and debit card purchases has been a key driver of improved fraud protection in the financial services industry. Policymakers should explore whether similar reforms would incentivize the private sector to increase data security standards.   IV. Conclusion Identity theft is a pernicious threat that affects millions of American consumers annually, costs the U.S. economy and taxpayers billions of dollars, and reduces confidence in the Internet and small businesses. It has been more than fifteen years since Congress passed its first law specifically targeting the identity theft problem. It has been more than seven years since a Presidential level task force was convened to improve the federal government and private sector’s response to the problem of identity theft. While these efforts have shown some success, it is clear that identity theft remains a problem of massive proportions. It is therefore imperative that policymakers, advocates and the general public recommit themselves to reducing the plague of of identity theft. There are a number of reforms that would help to achieve this objective, several of which are discussed in this report.
© National Consumers League 2013 14 We urge Congress and federal regulators to consider the continuing threat of identity theft and maintain their vigilance against this serious crime.

Empfohlen

The State of Identity Theft in 2013
The State of Identity Theft in 2013The State of Identity Theft in 2013
The State of Identity Theft in 2013nationalconsumersleague
 
Obama moves forward with internet id plan by batteryfast
Obama moves forward with internet id plan by batteryfastObama moves forward with internet id plan by batteryfast
Obama moves forward with internet id plan by batteryfastbattery-fast. com
 
Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Carolyn Kopf
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfBucacci Business Solutions
 
ISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingAdriana Sanford
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015James Sheehan
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7
 
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERSPREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS- Mark - Fullbright
 

Empfohlen

The State of Identity Theft in 2013
The State of Identity Theft in 2013The State of Identity Theft in 2013
The State of Identity Theft in 2013nationalconsumersleague
 
Obama moves forward with internet id plan by batteryfast
Obama moves forward with internet id plan by batteryfastObama moves forward with internet id plan by batteryfast
Obama moves forward with internet id plan by batteryfastbattery-fast. com
 
Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Carolyn Kopf
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfBucacci Business Solutions
 
ISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingAdriana Sanford
 
Cyber Review_April 2015
Cyber Review_April 2015Cyber Review_April 2015
Cyber Review_April 2015James Sheehan
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7
 
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERSPREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS- Mark - Fullbright
 
Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014- Mark - Fullbright
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues- Mark - Fullbright
 
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015Andy Kim
 
Identity Theft
Identity TheftIdentity Theft
Identity Theftsarakr00
 
Identity theft
Identity theftIdentity theft
Identity theftMuncie_Library
 
Libraries And Legal Research By Lance M Werner Libraries And
Libraries And Legal Research By Lance M Werner Libraries AndLibraries And Legal Research By Lance M Werner Libraries And
Libraries And Legal Research By Lance M Werner Libraries Andlegalwebsite
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
SayanMitra.pdf
SayanMitra.pdfSayanMitra.pdf
SayanMitra.pdfTanayMalhotra
 
RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB CybersecurityAndy Kim
 
US Data Privacy Laws
US Data Privacy LawsUS Data Privacy Laws
US Data Privacy LawsIDG Connect
 
Fraud and Error in Government
Fraud and Error in GovernmentFraud and Error in Government
Fraud and Error in GovernmentNigel Robinson
 
Business Ethics: The impact of technology
Business Ethics: The impact of technologyBusiness Ethics: The impact of technology
Business Ethics: The impact of technologyRakesh Mehta
 
Who Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government RequestsWho Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government Requests- Mark - Fullbright
 
Gibson final
Gibson finalGibson final
Gibson finalJennaHajhassan
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020- Mark - Fullbright
 
INFORMATION SECURITY STUDY REGARDING PII
INFORMATION SECURITY STUDY REGARDING PIIINFORMATION SECURITY STUDY REGARDING PII
INFORMATION SECURITY STUDY REGARDING PII- Mark - Fullbright
 
Regan final
Regan finalRegan final
Regan finalJennaHajhassan
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agendanationalconsumersleague
 
GSM Based Wireless Load-Shedding Management System for Non Emergency Condition
GSM Based Wireless Load-Shedding Management System for Non Emergency ConditionGSM Based Wireless Load-Shedding Management System for Non Emergency Condition
GSM Based Wireless Load-Shedding Management System for Non Emergency ConditionEditor IJMTER
 
Hardware prototype of smart home energy management system
Hardware prototype of smart home energy management systemHardware prototype of smart home energy management system
Hardware prototype of smart home energy management systemeSAT Journals
 

Weitere ähnliche Inhalte

Was ist angesagt?

Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014- Mark - Fullbright
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues- Mark - Fullbright
 
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015Andy Kim
 
Identity Theft
Identity TheftIdentity Theft
Identity Theftsarakr00
 
Libraries And Legal Research By Lance M Werner Libraries And
Libraries And Legal Research By Lance M Werner Libraries AndLibraries And Legal Research By Lance M Werner Libraries And
Libraries And Legal Research By Lance M Werner Libraries Andlegalwebsite
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB CybersecurityAndy Kim
 
US Data Privacy Laws
US Data Privacy LawsUS Data Privacy Laws
US Data Privacy LawsIDG Connect
 
Fraud and Error in Government
Fraud and Error in GovernmentFraud and Error in Government
Fraud and Error in GovernmentNigel Robinson
 
Business Ethics: The impact of technology
Business Ethics: The impact of technologyBusiness Ethics: The impact of technology
Business Ethics: The impact of technologyRakesh Mehta
 
Who Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government RequestsWho Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government Requests- Mark - Fullbright
 
INFORMATION SECURITY STUDY REGARDING PII
INFORMATION SECURITY STUDY REGARDING PIIINFORMATION SECURITY STUDY REGARDING PII
INFORMATION SECURITY STUDY REGARDING PII- Mark - Fullbright
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agendanationalconsumersleague
 

Was ist angesagt? (20)

Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014Identity Theft: Trends and Issues January 16, 2014
Identity Theft: Trends and Issues January 16, 2014
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues
 
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
FIS article - FFIEC Cybersecurity Assessment - by Andy Kim - Summer 2015
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Libraries And Legal Research By Lance M Werner Libraries And
Libraries And Legal Research By Lance M Werner Libraries AndLibraries And Legal Research By Lance M Werner Libraries And
Libraries And Legal Research By Lance M Werner Libraries And
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
 
Data Breaches
Data BreachesData Breaches
Data Breaches
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare Industry
 
SayanMitra.pdf
SayanMitra.pdfSayanMitra.pdf
SayanMitra.pdf
 
RIB Cybersecurity
RIB CybersecurityRIB Cybersecurity
RIB Cybersecurity
 
US Data Privacy Laws
US Data Privacy LawsUS Data Privacy Laws
US Data Privacy Laws
 
Fraud and Error in Government
Fraud and Error in GovernmentFraud and Error in Government
Fraud and Error in Government
 
Business Ethics: The impact of technology
Business Ethics: The impact of technologyBusiness Ethics: The impact of technology
Business Ethics: The impact of technology
 
Who Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government RequestsWho Has Your Back 2014: Protecting Your Data From Government Requests
Who Has Your Back 2014: Protecting Your Data From Government Requests
 
Gibson final
Gibson finalGibson final
Gibson final
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
INFORMATION SECURITY STUDY REGARDING PII
INFORMATION SECURITY STUDY REGARDING PIIINFORMATION SECURITY STUDY REGARDING PII
INFORMATION SECURITY STUDY REGARDING PII
 
Regan final
Regan finalRegan final
Regan final
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agenda
 

Andere mochten auch

GSM Based Wireless Load-Shedding Management System for Non Emergency Condition
GSM Based Wireless Load-Shedding Management System for Non Emergency ConditionGSM Based Wireless Load-Shedding Management System for Non Emergency Condition
GSM Based Wireless Load-Shedding Management System for Non Emergency ConditionEditor IJMTER
 
Hardware prototype of smart home energy management system
Hardware prototype of smart home energy management systemHardware prototype of smart home energy management system
Hardware prototype of smart home energy management systemeSAT Journals
 
Digital Environment Home Energy Management System
Digital Environment Home Energy Management SystemDigital Environment Home Energy Management System
Digital Environment Home Energy Management Systemmdda
 
Energy Management Systems in the Home: Gateway to the Customer HAN
Energy Management Systems in the Home: Gateway to the Customer HANEnergy Management Systems in the Home: Gateway to the Customer HAN
Energy Management Systems in the Home: Gateway to the Customer HANZin Kyaw
 
Under frequency load shedding for energy management using anfis case study
Under frequency load shedding for energy management using anfis case studyUnder frequency load shedding for energy management using anfis case study
Under frequency load shedding for energy management using anfis case studyIAEME Publication
 
LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...
LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...
LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...ASHOKKUMAR RAMAR
 
Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...ARC Advisory Group
 
Project Report Shivram Mukherjee (Energy Management), 2009 11
Project Report Shivram Mukherjee (Energy Management), 2009 11Project Report Shivram Mukherjee (Energy Management), 2009 11
Project Report Shivram Mukherjee (Energy Management), 2009 11shivram21957
 
full report original
full report originalfull report original
full report originalgokulnath R.S
 
Power Supply Management System Of A Small Satellite By Wajid
Power Supply Management System Of A Small Satellite By WajidPower Supply Management System Of A Small Satellite By Wajid
Power Supply Management System Of A Small Satellite By WajidIEEEP Karachi
 
Optimum energy management system
Optimum energy management systemOptimum energy management system
Optimum energy management systemMuhammad Zubair
 
Automation of capacitor banks based on MVAR Requirement
Automation of capacitor banks based on MVAR RequirementAutomation of capacitor banks based on MVAR Requirement
Automation of capacitor banks based on MVAR RequirementAhmed Aslam
 
Madan mohan malaviya
Madan mohan malaviyaMadan mohan malaviya
Madan mohan malaviyaAnuj Bansal
 
PF correction using SEPIC
PF correction using SEPICPF correction using SEPIC
PF correction using SEPICSoumya Dash
 
Automtaic Cyclic Load shedding in Distribution system
Automtaic Cyclic Load shedding in Distribution systemAutomtaic Cyclic Load shedding in Distribution system
Automtaic Cyclic Load shedding in Distribution systemrajani51
 
PLC based load managment
PLC based load managmentPLC based load managment
PLC based load managmentmanishkumarm
 
Efficient Load Management System (ELMS) with ATS_AMF Generator Control Drawing
Efficient Load Management System (ELMS) with ATS_AMF Generator Control DrawingEfficient Load Management System (ELMS) with ATS_AMF Generator Control Drawing
Efficient Load Management System (ELMS) with ATS_AMF Generator Control DrawingMuhammad Sarfraz
 
project report on plc based load sharing
project report on plc based load sharingproject report on plc based load sharing
project report on plc based load sharingVivek Arun
 

Andere mochten auch (20)

GSM Based Wireless Load-Shedding Management System for Non Emergency Condition
GSM Based Wireless Load-Shedding Management System for Non Emergency ConditionGSM Based Wireless Load-Shedding Management System for Non Emergency Condition
GSM Based Wireless Load-Shedding Management System for Non Emergency Condition
 
Hardware prototype of smart home energy management system
Hardware prototype of smart home energy management systemHardware prototype of smart home energy management system
Hardware prototype of smart home energy management system
 
Digital Environment Home Energy Management System
Digital Environment Home Energy Management SystemDigital Environment Home Energy Management System
Digital Environment Home Energy Management System
 
Energy Management Systems in the Home: Gateway to the Customer HAN
Energy Management Systems in the Home: Gateway to the Customer HANEnergy Management Systems in the Home: Gateway to the Customer HAN
Energy Management Systems in the Home: Gateway to the Customer HAN
 
Under frequency load shedding for energy management using anfis case study
Under frequency load shedding for energy management using anfis case studyUnder frequency load shedding for energy management using anfis case study
Under frequency load shedding for energy management using anfis case study
 
LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...
LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...
LATEST ELECTRICAL PROJECTS ABSTRACT-POWER SHARING OF TRANSFORMER WITH OVERLOA...
 
Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...
 
Project Report Shivram Mukherjee (Energy Management), 2009 11
Project Report Shivram Mukherjee (Energy Management), 2009 11Project Report Shivram Mukherjee (Energy Management), 2009 11
Project Report Shivram Mukherjee (Energy Management), 2009 11
 
full report original
full report originalfull report original
full report original
 
report
reportreport
report
 
Power Supply Management System Of A Small Satellite By Wajid
Power Supply Management System Of A Small Satellite By WajidPower Supply Management System Of A Small Satellite By Wajid
Power Supply Management System Of A Small Satellite By Wajid
 
Optimum energy management system
Optimum energy management systemOptimum energy management system
Optimum energy management system
 
Automation of capacitor banks based on MVAR Requirement
Automation of capacitor banks based on MVAR RequirementAutomation of capacitor banks based on MVAR Requirement
Automation of capacitor banks based on MVAR Requirement
 
Power Management in BMS
Power Management in BMSPower Management in BMS
Power Management in BMS
 
Madan mohan malaviya
Madan mohan malaviyaMadan mohan malaviya
Madan mohan malaviya
 
PF correction using SEPIC
PF correction using SEPICPF correction using SEPIC
PF correction using SEPIC
 
Automtaic Cyclic Load shedding in Distribution system
Automtaic Cyclic Load shedding in Distribution systemAutomtaic Cyclic Load shedding in Distribution system
Automtaic Cyclic Load shedding in Distribution system
 
PLC based load managment
PLC based load managmentPLC based load managment
PLC based load managment
 
Efficient Load Management System (ELMS) with ATS_AMF Generator Control Drawing
Efficient Load Management System (ELMS) with ATS_AMF Generator Control DrawingEfficient Load Management System (ELMS) with ATS_AMF Generator Control Drawing
Efficient Load Management System (ELMS) with ATS_AMF Generator Control Drawing
 
project report on plc based load sharing
project report on plc based load sharingproject report on plc based load sharing
project report on plc based load sharing
 

Ähnlich wie National Consumers League 2013 State of ID Theft Report

www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxericbrooks84875
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
TEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxTEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxdeanmtaylor1545
 
TEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxTEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxbradburgess22840
 
TEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxTEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxerlindaw
 
Consumer financial protections
Consumer financial protectionsConsumer financial protections
Consumer financial protectionsA.W. Berry
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Gary Kazmer
 
Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014nationalconsumersleague
 
A Contextual Framework For Combating Identity Theft
A Contextual Framework For Combating Identity TheftA Contextual Framework For Combating Identity Theft
A Contextual Framework For Combating Identity TheftMartha Brown
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
CyberSecurityBook[Final]
CyberSecurityBook[Final]CyberSecurityBook[Final]
CyberSecurityBook[Final]Lucy Kitchin
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014
 
Jones A LWP Final Approved
Jones A LWP Final ApprovedJones A LWP Final Approved
Jones A LWP Final ApprovedAdam Jones, LCC
 
Sheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docx
Sheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docxSheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docx
Sheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docxmaoanderton
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016thinkASG
 

Ähnlich wie National Consumers League 2013 State of ID Theft Report (20)

www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and Concerns
 
TEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxTEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docx
 
TEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxTEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docx
 
TEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docxTEACHING CASETargeting Target with a 100 million dollar da.docx
TEACHING CASETargeting Target with a 100 million dollar da.docx
 
Consumer financial protections
Consumer financial protectionsConsumer financial protections
Consumer financial protections
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 
Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3Privacy Presentation for SOCAP-3
Privacy Presentation for SOCAP-3
 
Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014
 
Child Identity Theft
Child Identity TheftChild Identity Theft
Child Identity Theft
 
A Contextual Framework For Combating Identity Theft
A Contextual Framework For Combating Identity TheftA Contextual Framework For Combating Identity Theft
A Contextual Framework For Combating Identity Theft
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud management
 
CyberSecurityBook[Final]
CyberSecurityBook[Final]CyberSecurityBook[Final]
CyberSecurityBook[Final]
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
 
Jones A LWP Final Approved
Jones A LWP Final ApprovedJones A LWP Final Approved
Jones A LWP Final Approved
 
Sheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docx
Sheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docxSheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docx
Sheet1x1x2x3x4LHSRHSslackObjective function121015110Material 53420.docx
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016
 

Mehr von nationalconsumersleague

National Consumers League | 2016 Annual Report
National Consumers League | 2016 Annual ReportNational Consumers League | 2016 Annual Report
National Consumers League | 2016 Annual Reportnationalconsumersleague
 
National Consumers League | 2015 Annual Report
National Consumers League | 2015 Annual ReportNational Consumers League | 2015 Annual Report
National Consumers League | 2015 Annual Reportnationalconsumersleague
 
National Consumers League Bulletin | Winter 2015
National Consumers League Bulletin | Winter 2015National Consumers League Bulletin | Winter 2015
National Consumers League Bulletin | Winter 2015nationalconsumersleague
 
Where do our calories come from factsheet
Where do our calories come from factsheetWhere do our calories come from factsheet
Where do our calories come from factsheetnationalconsumersleague
 
Stuff Happens: NCL explores airline travel insurance
Stuff Happens: NCL explores airline travel insuranceStuff Happens: NCL explores airline travel insurance
Stuff Happens: NCL explores airline travel insurancenationalconsumersleague
 
NCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship InformationNCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship Informationnationalconsumersleague
 
Ncl trumpeter awards sponsorship form (2) (4)
Ncl trumpeter awards sponsorship form (2) (4)Ncl trumpeter awards sponsorship form (2) (4)
Ncl trumpeter awards sponsorship form (2) (4)nationalconsumersleague
 
NCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship InformationNCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship Informationnationalconsumersleague
 
NCL Report: Wage theft in the restaurant industry
NCL Report: Wage theft in the restaurant industryNCL Report: Wage theft in the restaurant industry
NCL Report: Wage theft in the restaurant industrynationalconsumersleague
 
National Consumers League 2013 Vaccine Study
National Consumers League 2013 Vaccine StudyNational Consumers League 2013 Vaccine Study
National Consumers League 2013 Vaccine Studynationalconsumersleague
 
NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014
NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014
NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014nationalconsumersleague
 
Our wasteful nation, reducing food waste
Our wasteful nation, reducing food wasteOur wasteful nation, reducing food waste
Our wasteful nation, reducing food wastenationalconsumersleague
 
2013 National Consumers League Annual Report
2013 National Consumers League Annual Report2013 National Consumers League Annual Report
2013 National Consumers League Annual Reportnationalconsumersleague
 

Mehr von nationalconsumersleague (20)

Coding Into the Future
Coding Into the FutureCoding Into the Future
Coding Into the Future
 
National Consumers League | 2016 Annual Report
National Consumers League | 2016 Annual ReportNational Consumers League | 2016 Annual Report
National Consumers League | 2016 Annual Report
 
National Consumers League | 2015 Annual Report
National Consumers League | 2015 Annual ReportNational Consumers League | 2015 Annual Report
National Consumers League | 2015 Annual Report
 
National Consumers League Bulletin | Winter 2015
National Consumers League Bulletin | Winter 2015National Consumers League Bulletin | Winter 2015
National Consumers League Bulletin | Winter 2015
 
2015 Consumer Policy Agenda
2015 Consumer Policy Agenda2015 Consumer Policy Agenda
2015 Consumer Policy Agenda
 
NCL Fans Act Senate Testimony 12 4 2014
NCL Fans Act Senate Testimony 12 4 2014NCL Fans Act Senate Testimony 12 4 2014
NCL Fans Act Senate Testimony 12 4 2014
 
Where do our calories come from factsheet
Where do our calories come from factsheetWhere do our calories come from factsheet
Where do our calories come from factsheet
 
Ncl food waste white paper
Ncl food waste white paperNcl food waste white paper
Ncl food waste white paper
 
Ncl 2014 annual report
Ncl 2014 annual reportNcl 2014 annual report
Ncl 2014 annual report
 
Stuff Happens: NCL explores airline travel insurance
Stuff Happens: NCL explores airline travel insuranceStuff Happens: NCL explores airline travel insurance
Stuff Happens: NCL explores airline travel insurance
 
NCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship InformationNCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship Information
 
Ncl trumpeter awards sponsorship form (2) (4)
Ncl trumpeter awards sponsorship form (2) (4)Ncl trumpeter awards sponsorship form (2) (4)
Ncl trumpeter awards sponsorship form (2) (4)
 
NCL Food and Drug Interactions Brochure
NCL Food and Drug Interactions BrochureNCL Food and Drug Interactions Brochure
NCL Food and Drug Interactions Brochure
 
NCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship InformationNCL Trumpeter Dinner: Sponsorship Information
NCL Trumpeter Dinner: Sponsorship Information
 
NCL Report: Wage theft in the restaurant industry
NCL Report: Wage theft in the restaurant industryNCL Report: Wage theft in the restaurant industry
NCL Report: Wage theft in the restaurant industry
 
National Consumers League 2013 Vaccine Study
National Consumers League 2013 Vaccine StudyNational Consumers League 2013 Vaccine Study
National Consumers League 2013 Vaccine Study
 
NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014
NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014
NCL Consumer Data Insecurity Report: Examining Data Breaches June 2014
 
NCL trumpeter awards: sponsorship form
NCL trumpeter awards: sponsorship formNCL trumpeter awards: sponsorship form
NCL trumpeter awards: sponsorship form
 
Our wasteful nation, reducing food waste
Our wasteful nation, reducing food wasteOur wasteful nation, reducing food waste
Our wasteful nation, reducing food waste
 
2013 National Consumers League Annual Report
2013 National Consumers League Annual Report2013 National Consumers League Annual Report
2013 National Consumers League Annual Report
 

National Consumers League 2013 State of ID Theft Report

  • 1. © National Consumers League 2013 1 The State of Identity Theft in 2013 A National Consumers League White Paper Examining Fifteen Years of Federal Anti-Identity Theft Consumer Protection Policies Prepared by John D. Breyault Vice President of Public Policy, Telecommunications and Fraud National Consumers League1 Thesis: Identity theft remains a pernicious threat to consumers. While the federal government and private sector have done much to address this issue, it is important that legislators and regulators remain vigilant to protect consumers from this ever-evolving fraud. Executive Summary May 3, 2006 was a typically beautiful spring day in Washington, DC, with temperatures in the mid 70’s, a slight breeze and clear skies. As the workday wound down, a data analyst from the Department of Veterans Affairs took home a laptop and an external hard drive, as he had done regularly for the previous four years. That night, however, the laptop and hard drive were stolen during a burglary of the analyst’s Maryland home.2 The two devices contained unencrypted information -- including names, dates of birth, Social Security Numbers and medical information on more than 26.5 million active duty members of the military, National Guardsmen, Reservists, veterans and their spouses. This theft followed a highly publicized data breach at data broker ChoicePoint in February 2005.3 That same month, Bank of America announced that it had lost tapes containing the Social Security Numbers and account information of more than 1.2 million                                                                                                                 1 This white paper was underwritten by an unrestricted educational grant from Google, Inc. 2 Electronic Privacy Information Center. “Veterans Affairs Data Theft.” Online: http://epic.org/privacy/vatheft/ 3 “ChoicePoint: More ID Theft Warnings,” CNN/Money. February 17, 2005. Online: http://money.cnn.com/2005/02/17/technology/personaltech/choicepoint/
  • 2. © National Consumers League 2013 2 federal employees, including some members of the Senate.4 In each case, the breaches exposed Americans to possible identity theft. This spate of high-profile data breaches prompted President George W. Bush to issue Executive Order 13402 on May 10, 2006. The order created the federal Identity Theft Task Force, charging 15 federal departments and agencies with crafting a comprehensive national strategy to combat identity theft. In April 2007, the task force issued its strategic plan, which included 31 recommendations ranging from small incremental steps to broad policy changes.5 More than a year later, in September 2008, the task force released a report describing the progress of the seventeen member agencies in implementing the task force’s recommendations. While many of the recommendations had been successfully implemented, the report noted that the implementation of others were still in progress.6 Many of the reforms prompted by the task force have had an impact, but it remains unclear if the federal government’s policies are keeping up with the threat of identity theft, which continues to evolve. The scope of identity theft is massive. Every year for more than a decade this form of fraud has been the single largest source of complaints to the Federal Trade Commission.7 While the number of consumers affected has decreased significantly from 2009-2010, more recent data shows that this scam is once again trending in the wrong direction. In 2012, identity fraud affected 5.26% of American consumers or 12.6 million people, the second straight year the incidence of identity fraud increased. Losses from identity fraud also increased from $18 billion in 2011 to $20.9 billion in 2012.8 Clearly, identity theft perpetrators are becoming more professional and more networked. Sophisticated identity theft black markets exist to facilitate the buying and selling of compromised identities. These black markets are supplied by growing numbers of data breaches affecting organizations from small retailers to large banks and government agencies                                                                                                                 4 Nowell, Paul. “Bank of America Loses Tapes With Federal Workers’ Data,” The Washington Post. February 26, 2005. Online: http://www.washingtonpost.com/wp-dyn/articles/A54823-2005Feb25.html 5 The President’s Identity Theft Task Force. Combating Identity Theft: A Strategic Plan. April 2007. Online: http://www.identitytheft.gov/reports/StrategicPlan.pdf 6 The President's Identity Theft Task Force. Task Force Report. September 2008. Online: http://www.idtheft.gov/reports/IDTReport2008.pdf 7 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 8 Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013.
  • 3. © National Consumers League 2013 3 at every level. These breaches have caused millions personal records to be compromised, allowing identity thieves to conduct their crimes with greater ease than ever before. Progress, to be sure, has made in a number of areas. Identity thefts affecting existing consumer accounts (e.g. credit cards, bank accounts) appear to have decreased in frequency, and the time and expense necessary to recover from identity theft has decreased. Despite these advances, however, the changing face of identity theft presents consumers with new worries. However, the increasing prevalence of new account fraud, tax-related and medical identity theft suggest that identity thieves are increasingly seeking fraud that can remain undiscovered for longer time periods. For instance, it appears that identity thieves are becoming adept at aggravated identity theft, particularly involving the creation of new accounts.9 A significant concern is the increasing use of stolen identities to commit tax-related identity theft. Government documents or benefits fraud is by far the largest and fastest-growing category of identity theft complaints, increasing from 19.2% of identity theft complaints in 2010 to 46.4% in 2012.10 Tax or wage-related fraud complaints make up 93.5% of this category, up from 81.3% in 2010.11 This much is clear: the threat of identity theft is not going away anytime soon. It is therefore critical that the successes achieved by the President’s Identity Theft Task Force, new consumer protection laws and private sector data security efforts not be taken for granted. Instead, policymakers in Congress and the Executive Branch should consider a range of reforms to address the evolving identity theft threat. These include: 1. The President’s Identity Theft Task Force Report should be updated to reflect reforms undertaken since 2008. 2. Congress should pass comprehensive data breach notification legislation.                                                                                                                 9 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf 10 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 11 Ibid.
  • 4. © National Consumers League 2013 4 3. The Federal Trade Commission should collect and publish data on the effectiveness of the Red Flags Rule in preventing identity theft. 4. Those who shape U.S. foreign policy should set as a key goal achieving additional Memoranda of Understanding on identity theft with foreign governments. 5. The Federal Trade Commission and Internal Revenue Service should launch a comprehensive effort to improve consumer protections for tax-related identity theft. 6. The Obama Administration should explore stronger incentives and penalties to encourage private sector businesses to better protect the personally identifiable data they collect. I. Identity Theft Continues to Affect Millions of Consumers and Cost the U.S. Economy Billions Identity theft is a serious, pernicious threat to millions of consumers annually. According to Javelin Strategy, which publishes one of the few longitudinal studies tracking identity fraud, 12.6 million consumers were affected by identity fraud in 2012. Losses stemming from identity fraud are estimated to total $20.9 billion annually.12 To put this total in context, $20 billion in identity fraud losses annually is equivalent to the insured cost of a Hurricane Sandy hitting the economy every year.13 Consumers reported in an April 2013 Zogby poll that identity theft was their biggest concern about the Internet (39%), higher than viruses and malware (33%), government surveillance of                                                                                                                 12 Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. 13 Holm, Erik and Scism, Leslie. “Sandy’s Insured Loss Tab: Up to $20 billion,” The Wall Street Journal. November 2, 2012. Online: http://online.wsj.com/news/articles/SB10001424052970204712904578092663774022062
  • 5. © National Consumers League 2013 5 data (12%) or cyber-bullying and stalking (5%).14 This consumer concern about identity theft is reflected consistently in polling. When asked to name the most significant privacy-related threat, 61% of consumers named identity theft.15 Similarly, a 2012 Forrester survey found that consumers’ primary privacy, safety and security concern when it comes to the Internet is having their identities stolen.16 The fallout from identity theft victimization is especially destructive for confidence in small businesses. Fifteen percent of identity theft victims changed their behaviors and avoided smaller online merchants. Larger merchants are not as affected by this behavior change.17 Data breaches are a major source of the compromised personal information that fuel identity theft. Such breaches occur in a myriad of ways, including phishing schemes, insider attacks, and sophisticated hacking attacks. The total impact of these breaches is massive. One study recorded more than 2,500 incidents since 2004, affecting 1.1 billion records.18 The scope and size of the data breach issue is directly relevant to identity theft because consumers whose data is compromised by a breach are significantly more likely to be victims of fraud than those who are unaffected by a breach. In 2011, 5.3% of all consumers were victims of identity fraud, while 22.5% of consumers whose data was compromised became victims of fraud.19 Data breaches clearly increase the risk of consumers becoming victims of fraud, but it appears that identity thieves may be using stolen identity information in new and more egregious ways. For example, the number of identity theft cases filed and the number of defendants convicted both decreased in 2009 and 2010 relative to 2008. However, the numbers of aggravated identity theft cases filed and defendants convicted have continued to increase.20                                                                                                                 14 Digital Advertising Alliance. “Poll: Americans Want Free Internet Content, Value Interest-Based Advertising,” Press release. April 18, 2013. Online: http://www.aboutads.info/DAA-Zogby-Poll 15 Ponemon Institute. 2012 Most Trusted Companies for Privacy. Pg. 2. January 28, 2013. Online: http://www.ponemon.org/local/upload/file/2012%20MTC%20Report%20FINAL.pdf 16 Enright, Allison. “Consumers worry about online privacy, but shop anyway,” Internet Retailer. May 11, 2012. Online: http://www.internetretailer.com/2012/05/11/consumers-worry-about-online-privacy-shop- anyway 17 Javelin Strategy & Research. “2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters,” Press Release. February 2013. Online: https://www.javelinstrategy.com/brochure/276 18 Verizon RISK Team. 2013 Data Breach Investigations Report. Pg. 4. May 2013. Online: http://www.verizonenterprise.com/DBIR/2013/ 19 Source: Javelin Strategy & Research. 2013 Identity Fraud Report: Data Breaches Become Treasure Trove for Fraudsters. February 2013. 20 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf
  • 6. © National Consumers League 2013 6 Identity theft has been the most common fraud complaint to the Federal Trade Commission for the past thirteen years.21 In response, the Commission has rightfully made the fight against identity theft a top priority. However, trends in the complaint data are suggestive of changes in how identity thieves are monetizing stolen information. At one time, compromised identity data was used most often to commit credit card fraud. Now the broad category of government documents or benefits fraud has become by far the largest and fastest-growing sub-category of identity theft complaints. In 2010, complaints about this type of scam accounted for 19.2% of identity theft complaints to the FTC. By 2012 this number had risen to 46.4%, outpacing credit card fraud, bank fraud, employment-related fraud, phone or utilities fraud and loan fraud, combined.22 This should be a wake-up call for the Obama Administration, Congress and state authorities. Fig. 1 Source: Federal Trade Commission. Consumer Sentinel Network Data Book (CY 2008-12)                                                                                                                 21 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf 22 Federal Trade Commission, Consumer Sentinel Network Data Book for January–December 2012, February, 2013. Online: http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2012.pdf
  • 7. © National Consumers League 2013 7 Within the government documents/benefits fraud category, the use of stolen identity information to file fraudulent tax returns has historically been the dominant type of scam. Over the past seven years, this scam has grown ever more popular among identity thieves, increasing from 63% of all government documents/benefits fraud complaints in 2006 to 93.53% of such complaints in 2012. Tax identity theft theft occurs when thieves use personal information, such as a consumer’s Social Security Number and full name to submit fraudulent tax returns and obtain refunds to which they are not entitled. In 2011 alone, approximately 1.1 million suspicious tax returns were identified, resulting in $3.6 billion in potentially fraudulent refunds paid by the IRS due to identity theft.23 Fig. 2 Source: Federal Trade Commission. Consumer Sentinel Network Data Book (CY 2008-12)                                                                                                                 23  Treasury  Inspector  General  for  Tax  Administration.  “Identity  Theft:  IRS  Detection  Has  Improved,  Yet   Billions  Still  Lost  in  2011  Returns,”  Press  Release.  November  7,  2013.  Online:   http://www.treasury.gov/tigta/press/press_tigta-­‐2013-­‐39.htm    
  • 8. © National Consumers League 2013 8 While the nature of identity theft is changing, the scope of the problem clearly remains massive. Consumers are still concerned about the threat of identity theft and rightfully so. While the direct cost to consumers of being a victim in money and time have decreased, the indirect costs to the economy, taxpayers and confidence in the Internet are no less worrisome. II. Background On Federal Anti-Identity Theft Efforts Since the 1970s, consumers have benefitted from legislation that safeguards their finances from misuse, providing a basic level of identity theft protection. For example the Fair Credit Reporting Act imposes a duty on consumer reporting agencies to ensure that the information they report is accurate. The FCRA also gives consumers right to file suit for violation of the Act. The Fair Credit Billing Act provides consumers with an opportunity to receive an explanation and proof of charges that may have been made by an imposter. The FCBA also gives consumers the right to have unauthorized charges removed from their accounts. Finally, the Electronic Funds Transfer Act limits consumers’ liability for unauthorized electronic fund transfers as long as they notify their financial institution in a timely manner. The cumulative effect of these 1970’s-era laws is that much of the financial cost of fraud stemming from identity theft is borne not by consumers themselves, but by financial institutions instead. By the late 1990’s, the rise of Internet-fueled identity theft exposed the limitations of these laws. Congress took an important first step in attacking the identity theft problem with the passage of the Identity Theft Assumption and Deterrence Act of 1998, which made identity theft a federal crime. This was followed by the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which directed the FTC to work with credit card issuers to improve security procedures.24 FACTA also gave consumers the right to request a free credit report from each of the major credit reporting bureaus every twelve months and to have a fraud alert placed on their credit reports if they suspected identity theft. In 2004, the Identity Theft Penalty Enhancement                                                                                                                 24 FACTA’s requirement that the FTC work with businesses to implement security safeguards led to the creation of the Red Flags Rule. This Rule requires many financial institutions and creditors to implement written Identity Theft Prevention Programs to identity the warning signs (“red flags”) of identity theft in their day-to-day operations. The Red Flags Rule went into effect on December 31, 2010. For additional information, see the Federal Trade Commission's “Fighting Identity Theft with the Red Flags Rule: A How- to Guide for Business.” Online: http://www.business.ftc.gov/privacy-and-security/red-flags-rule
  • 9. © National Consumers League 2013 9 Act established additional penalties for aggravated identity theft. Most recently, the 2008 Identity Theft Enforcement and Restitution Act authorized restitution for the time spent by victims recovering from the harm caused by an actual or intended identity theft. In addition to legislative action increasing consumer protections against identity theft, significant reforms have been undertaken by Executive Branch agencies to address the threat of data breaches and the resulting danger of identity theft. In 2006, following a spate of high-profile data breaches, President George W. Bush issued Executive Order 13402. The Order created the federal Identity Theft Task Force, charging 15 federal departments and agencies with crafting a comprehensive national strategy to more effectively combat identity theft. In April 2007, the task force issued its strategic plan, which included 31 recommendations, ranging from small, incremental steps to broad policy changes.25 Notable recommendations from the Task Force included: ● Reducing the use of Social Security Numbers by federal agencies; ● Establishing national standards for private sector protection of personal data; ● Promoting a nation data breach notification standard; ● Implementing a broad and sustained consumer, industry and public sector awareness campaign regarding identity theft; and ● Creating a National Identity Theft Law Enforcement Center to coordinate enforcement resources targeted at identity theft. A progress report released by the task force in September 2008 detailed the federal government’s progress in implementing the strategic plan. Notable reforms undertaken as a result of the Task Force’s recommendations included (but were not limited to): ● Task Force member agencies have significantly reduced their use of Social Security Numbers; ● Federal agencies have increased the use of encryption technology on laptops and other mobile data devices containing agency data;                                                                                                                 25 The President’s Identity Theft Task Force. Combating Identity Theft: A Strategic Plan. April 2007. Online: http://www.identitytheft.gov/reports/StrategicPlan.pdf
  • 10. © National Consumers League 2013 10 ● Congress passed the Identity Theft Enforcement and Restitution Act, which addressed a number of deficiencies in the federal criminal related to identity theft while giving consumers an avenue for restitution for losses stemming from identity theft; ● Numerous identity theft databases (e.g. the FTC’s Identity Theft Data Clearinghouse) and joint enforcement coordination efforts have been undertaken to make enforcement efforts more efficient; and ● Identity theft coordinators have been established in each U.S. Attorney’s Office to coordinate anti-identity theft efforts between these offices and the Department of Justice.26 While a number of the task force’s recommendations had been successfully implemented, many were still in progress as of the publication of the 2008 report. A notable example is the failure of Congress to pass a comprehensive national data breach notification law. As of November 2013, 46 states as well as the District of Columbia, Guam, Puerto Rico and the U.S. Virgin Islands have passed state data breach notification laws.27 This has created significant challenges given the national scope of many data breaches.28 The implementation of these consumer protections has correlated with a significant reduction in the incidence of certain types of identity theft, particularly schemes involving credit card fraud, bank fraud and loan fraud. This trend is also reflected in federal identity theft cases filed and defendants convicted, the rates of which peaked in 2007 and declined in each of the following three years.29 Whether these trends are a direct result of the new protections implemented by the federal government is unclear. However, we know that identity thieves tend to seek out schemes that offer the most profit with the least risk, so it seems plausible that these reforms are having an effect on the broader problem.                                                                                                                 26 See generally: The President’s Identity Theft Task Force. Task Force Report. September 2008. Pgs. 6- 49. Online: http://www.idtheft.gov/reports/IDTReport2008.pdf 27 National Conference of State Legislatures. “State Security Breach Notification Laws.” Online: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification- laws.aspx 28 For additional discussion on this topic see: Geer, David. “Data breach notification laws, state and federal: A review with commentary for security C-levels,” CSO. November 1, 2013. Online: http://www.csoonline.com/article/742430/data-breach-notification-laws-state-and-federal?page=1 29 Congressional Research Service. Identity Theft: Trends and Issues. February 15 2012. p. 16. Online: http://www.fas.org/sgp/crs/misc/R40599.pdf
  • 11. © National Consumers League 2013 11 III. Recommendations for Responding to Evolving Identity Theft Threats Consumers and law enforcement agencies have powerful tools at their disposal to attack the identity theft problem. However, as with other types of cyber crimes, identity thieves are nothing if not resilient and adaptable. For example, they appear to be shifting their activities towards tax- related identity theft, potentially as a way to avoid stronger countermeasures at financial institutions. Significant structural challenges that enable identity theft also remain an issue. In particular, the raw fuel for identity theft − compromised personal information − is more widely available than ever thanks to the explosion of data collection by the private and public sector. More information under the control of more organizations necessarily means that more data will be compromised. It should not be surprising, then, that reports of data breaches are becoming an almost daily news item. Since 2005, the non-profit Privacy Rights Clearinghouse has recorded more than 4,000 data breaches -- more than one per day for nine straight years.30 It is a near-certainty that many more breaches have gone unreported.31 The glut of data breaches may even be driving down the price of stolen identities in the cybercriminal underground due to oversupply.32 The professionalization of identity theft also poses new challenges. Whereas in the past identity theft may have been about establishing bragging rights within the hacker community, today it is                                                                                                                 30 Privacy Rights Clearinghouse. “Chronology of Data Breaches,” (Accessed November 24, 2013). Online: https://www.privacyrights.org/data-breach 31 A dramatic visualization of the growing number of of data breaches was recently created by London- based author and data-journalist David McCandless who plotted the world’s biggest data breaches on a time scale to illustrate the growing threat. Online: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 32 Higgins, Kelly Jackson. “Glut in Stolen Identities Forces Price Cut in Cyberunderground,” Dark Reading. November 19, 2013. Online: http://www.darkreading.com/attacks-breaches/glut-in-stolen- identities-forces-price-c/240164089
  • 12. © National Consumers League 2013 12 a thoroughly organized moneymaking criminal enterprise.33 Numerous black markets for stolen identity information exist online, some even featuring help desk support.34 While There are steps that consumers can take to mitigate their risk of identity theft, the onus must not be on the individual consumer - weak passwords are not the cause of massive ID theft. Consumers of course should monitor credit reports, install anti-virus software, keep computer operating systems up-to-date and maintaining strong passwords to name but a few. However, given the explosive growth of data breaches, the ability to control vulnerability to identity theft is largely out of consumers’ control. Given these operational and structural challenges, policymakers must adapt to ensure that the gains made over the previous seven years of anti-identity theft work are not reversed. To begin a dialogue on this issue, we urge policymakers to consider the following recommendations: 1. Update the President’s Identity Theft Task Force Report. This will enable policymakers and advocates to better evaluate the impact of actions taken in response to the Task Force’s recommendations since 2008 and discuss new reforms that may be necessary given the changing nature of identity theft. 2. Congress should pass comprehensive data breach notification legislation. The 46 state data breach notification laws frequently conflict and may confuse consumers who receive notifications. Given the national (and in many cases, international) scope of data breaches, a national standard for notification is warranted. The most stringent state data breach notification laws should serve as the basis for a federal standard. 3. The Federal Trade Commission should collect and publish data on the effectiveness of the Red Flags Rule in preventing identity theft. A key provision of FACTA directed the FTC to work with the private sector to create a Red Flags Rule to enhance protections against identity theft in the business community. The full enforcement of the Rule was delayed until the end of 2010. The FTC should evaluate whether the Rule is affecting identity theft rates and, if necessary, consider strengthening the Rule to improve consumer protections.                                                                                                                 33 McAfee Security Advice Center. “The Evolution of Cybercrime,” Spring 2011. Online: http://home.mcafee.com/advicecenter/?id=rs_na_sp11article1 34 Higgins, Kelly Jackson. “Glut in Stolen Identities Forces Price Cut in Cyberunderground,” Dark Reading. November 19, 2013. Online: http://www.darkreading.com/attacks-breaches/glut-in-stolen-identities-forces- price-c/240164089
  • 13. © National Consumers League 2013 13 4. Those who shape U.S. foreign policy should set as a key goal achieving additional Memoranda of Understanding on identity theft with foreign governments. The international nature of much identity theft demands cooperation between U.S. law enforcement agencies and their foreign counterparts. This is greatly facilitated when there are clear rules and procedures governing the sharing of information between international partners. 5. Federal regulators should launch a comprehensive effort to improve consumer protections from tax-related identity theft. Identity thieves taking advantage of the U.S. tax collection system has become a major cause for concern. Consumers should be empowered to take preemptive action to protect themselves from tax-related identity theft. The IRS should expand the availability of PIN technology to consumers that request it, not just identified victims of identity theft. 6. Explore additional incentives and penalties to encourage private sector businesses to better protect the personally identifiable data they collect. Limiting consumer liability for fraudulent credit and debit card purchases has been a key driver of improved fraud protection in the financial services industry. Policymakers should explore whether similar reforms would incentivize the private sector to increase data security standards.   IV. Conclusion Identity theft is a pernicious threat that affects millions of American consumers annually, costs the U.S. economy and taxpayers billions of dollars, and reduces confidence in the Internet and small businesses. It has been more than fifteen years since Congress passed its first law specifically targeting the identity theft problem. It has been more than seven years since a Presidential level task force was convened to improve the federal government and private sector’s response to the problem of identity theft. While these efforts have shown some success, it is clear that identity theft remains a problem of massive proportions. It is therefore imperative that policymakers, advocates and the general public recommit themselves to reducing the plague of of identity theft. There are a number of reforms that would help to achieve this objective, several of which are discussed in this report.
  • 14. © National Consumers League 2013 14 We urge Congress and federal regulators to consider the continuing threat of identity theft and maintain their vigilance against this serious crime.