YACoIT: Yet Another Case of Identity Theft
In teaching recent CISSP CBK seminars, I’ve had a number of people from banks and financial institutions in attendance. I have have, for some years, tended to make the statement that The-Powers-That-Be are not yet taking identity theft seriously enough, even if some activities are taking place. (I note that recent legislation in New Jersey, supposedly aimed at solving the problem, allows you to effectively destroy your credit rating. What kind of a solution is that?) (I’m not sure how easy it would be for someone else to use the system to destroy your credit rating …)
Here’s another example, this morning in the Vancouver Sun:
The circumstances for the victim are, of course, appalling and distressing. However, the victim in this case has been active and on top of the problem. What seems to be outrageous is the inability of the various authorities to deal with the situation. One LE group only deals with identity theft if it involves large scale organized crime. A government entity seems to be doing nothing, even though it was their error that allowed the impersonation to take place to begin with. Nobody seems to have been able to catch up with the person perpetrating the fraud, despite the fact that they’ve got two addresses, a description, and at least one photograph, and the fraudster has been arrested once and suspected on another occasion.
A bank, alerted to the fact that fraud was taking place, and having been involved in closing out the defrauded accounts, within 24 hours changed, or allowed the fraudster to change, the new accounts so they went to the fraudster! (The bank did, eventually, replace the stolen cash. Which seems to be, quite literally, the least they could do, in the circumstances.)
The Sun has kindly provided a quiz and checklist for consumers to prevent identity theft:
It’s rather amazing how few of the items on the list would have any bearing on the story in question.
(I particularly like the oft-repeated advice to shred any credit card applications your receive. All the credit card applications I get have lots of personal information: my name and address. Am I suppose to run around shredding all the unused telephone books in recycling bins?)