Home > Identity Theft > Identity Theft in 2013: The Battle for Your Data

Comments 1 Comment

In 2013, we’ll have to make a choice: Either we acknowledge we’re at war and push back hard, or we keep pretending nothing’s wrong — and pay the price.

In the coming weeks, as we’ve seen every year for the past six, there will be endless reports detailing the digital dangers and identity threats lurking in every corner of our highly networked universe. But to what end?

Despite considerable coverage and legislative initiatives, identity theft, cyber warfare, and the death of privacy at the hands of hackers and hyper-marketers are barely on the public radar. People say they care about identity theft but they don’t really understand it. Except for industry players, technocrats, and a handful of politicians and consumer advocates, few seemed moved to action.

Frankly, this situation is insane. Practically every day, someone flags risks and makes dire predictions — all deadly accurate, by the way — but unless there’s a class action suit pending, or an entire grid in darkness, no one seems to give a damn. Check your credit report? Only one out of five really do. Encrypt your database? “Encryption is hard.” Friends, the barbarians are no longer at the gate, they’re in our homes eating off our best china — yet we can’t be bothered to deal with them. The signs of things to come are everywhere — but like a man crossing a highway blindfolded, we refuse to see what’s coming.

This year the situation must change. For the next few minutes, I invite you to take off the blindfold and look reality right in the eye.

A war is being waged both here and abroad against our people, our economy, our institutions, indeed, our way of life. But until we take that seriously and respond strategically, we’re in for a serious can of whoop-ass. Even a fool can see where the enemy is headed, but for some reason the cavalry doesn’t seem up to the task of heading them off. As with all things in Washington and corporate America, folks are talking the talk, but few are walking the walk.

Here are a number of battlegrounds where the fighting will be fiercest in 2013:

Mobile devices. That smartphone in your pocket is one mother of a data storage device, and it’s like a bull’s-eye on your back. We use them to communicate our most intimate (and sometimes highly inappropriate) thoughts, figure out where we are, telegraph our next move, as well as check bank balances, deposit checks, even file taxes. There’s a gold mine behind that touch screen. Users may not realize how exposed their data is (I dare say most don’t use password-protection or remote data wiping in case of loss), but criminals know the weak spots, and they’re making mobile exploits a high priority.

One scenario to watch for: a malicious programmer sneaks a malware-bearing app past smartphone gatekeepers and millions of users realize the honeymoon is over.

Note that Europe already suffered the first large-scale attack on financial accounts via mobile phones: Eurograbber, a mobile SMS keylogger scam that pumped 36 million euros out of 30,000 European bank accounts. Make no mistake, we’re next.

The insider threat. These come in two flavors: duplicitous and duped. Either way, they’re sleeping with the enemy. Compromising or turning an insider is a big win for criminals, providing a precious pipeline to account info, network passwords, or a company’s deepest secrets. Infecting an outside (or inside) device used at work — mobile phone, tablet, laptop — by means of something as simple as an email can get keyloggers and other malware inside the firewall to infect other computers. The FBI warns of criminals targeting bank and credit union employees — and why wouldn’t they? They’ve gone after folks at the most secure companies in the world already with spectacular results — just ask RSA and Lockheed.

Medical identity theft. Our push to digitize medical records and associated data — including identity, insurance and financial information — has spawned system design flaws, sloppy data handling and everything in between. The logistics of conversion has exposed risks and led to countless breaches — including data theft and/or loss by third-party contractors. No wonder electronic health records are a magnet for identity thieves — with potentially deadly consequences for victims, since medical identity theft can mean co-mingled medical records, magically changed blood types, disappearing allergies and looted insurance policies.

Malware, Malware, Everywhere. These days any would-be cyber-mercenary can play “infect your way to riches.” Be prepared for more sophisticated, undetectable, and untraceable malware available for low-cost purchase, rental, or lease from the underground purveyors of havoc. Now that botnets (like jet skis) can be rented by the hour, we’ll also see more customer-facing networks crippled by denial-of-service attacks in 2013, as hackers distract and exhaust security teams to cover their own tracks.

Nonprofits and foundations. What’s more delicious than an unencrypted database overflowing with wealthy donor data? Doubtless, several foundation or charities will face big breaches in 2013. Just don’t expect them to be so forthcoming with the details.

Debt collectors. After breaches of several debt collector databases expose records for hundreds of thousands of debtors (many who shouldn’t be in those files in the first place), public pressure will build for controls on collection agencies’ handling of clients’ data — including a requirement that breach response programs be in place before they can be bonded or licensed.

Infrastructure threat. Some facet of our critical infrastructure — perhaps the electrical grid, public transportation, air traffic control, banking, medical facilities, or some large bridge or tunnel — will suffer one or a series of cyber attacks, highlighting the ever evolving, highly dangerous cyber-war threat and the shared goals of enemy agents, cybercriminals and identity thieves.

Mega breaches of government data. South Carolina’s “encryption is hard” data debacle showed how myopic and negligent a government can be. But don’t assume politicians learned anything from it — though it brought the number of improperly accessed files in government custody to nearly 100 million. If anyone learned a lesson, it was the criminals, who will be emboldened in 2013 to revisit that poorly guarded well again and again.

Identity theft is big business, and the bad guys want to make this their most profitable year ever. So expect repeated, persistent attacks on government databases — followed by rage from a frustrated citizenry demanding (but not getting) action. Expect an increasing tidal wave of fraudulent business and individual tax returns and refunds filed by criminals in the names of legitimate taxpayers. And remember, criminals file early!

Data breach fallout. To confront the inevitable surge in attacks, 2013 should be the year of mandatory encryption, stringent security, and tough legislation holding negligent data stewards accountable; and “accountable,” dear friends, means doing hard time, not mouthing lukewarm mea culpas. I would prefer to say “will be” — but given the inability of Congress to agree on even the mundane, like the hour of the day — action seems unlikely. At this rate, we may be forced to rely on the ultimate regulators of our economic system — class-action attorneys.

Strategic realignment. When we are truly focused on this issue, a depressingly rare occurrence indeed, we are playing by an arcane set of rules in the face of a highly sophisticated, totally committed, stealthy, deadly, hydra-headed opponent who knows no rules of engagement.

To properly address this threat, nothing short of a Manhattan Project, or a renewed commitment to the kind of national effort that put a man on the moon will suffice. Complete cooperation, collaboration and communication among all levels of government, law enforcement, the business community, consumer advocates, individuals and the media must be achieved.

Taking the fight to the criminals is exactly what we must do — along with shoring up our corporate and individual defenses and demanding that our lawmakers take this fight seriously. This is war — and whether the attacks come from hackers in Latvia, agents in Beijing, a botnet stretched across the globe, or the quiet employee in the next office, the adversary is the same, as is the M.O. These guys have one more thing in common: They play for keeps. So should we. Perhaps 2013 will be the year we start to get it right.

Image: Darin House, via Flickr

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team