Top ID Theft Risks for 2013Medical ID Theft, Mobile-Device Attacks Leading Concerns
A growing number of medical and government identity theft cases, as well as upticks in compromised mobile devices, should be getting industry attention, says Eva Velasquez, head of the Identity Theft Resource Center, a California-based not-for-profit consumer services and education organization.
See Also: The 2020 Bad Bot Report
"They're [all] still on our radar," she explains during an interview with Information Security Media Group [transcript below].
"More than 25 percent of our calls in 2012 were from victims of some type of government ID theft, meaning that their personal information was used either to secure government benefits, to apply for a tax return or even to apply for a job and work or collect unemployment," Velasquez adds.
With mobile devices, phishing, or smishing, attacks also continue to be a problem, she says. "Both organizations and individuals have a role here," Velasquez explains.
Ongoing education and partnerships will aid in mitigating the risks, and expanding awareness should be a top priority, she says.
"We have not built deep enough or broad enough awareness of what we need to do about [identity theft] and how prevalent it is," Velasquez says. "Consumers [and organizations] are starting to get that this is a big global issue, and I think over the next year we can work more to let them know what it really means."
During this interview, Velasquez reviews those topics, as well as:
- How organizations, especially financial institutions, have an obligation to assist consumers after records are breached and personally identifiable information is exposed;
- Why ID theft is a growing, global concern;
- Partnerships the ITRC is working to develop to enhance ID theft protections.
Before joining the ITRC, Velasquez was vice president of operations for the San Diego Better Business Bureau, where she managed core services of dispute resolution, arbitration and pre-purchase information to the public.
Before the BBB, Velasquez spent 21 years at the San Diego District Attorney's Office, with the last 11 of those years spent investigating and assisting in the prosecution of economic/financial crimes, with a focus on consumer protection issues. Velasquez has more than 500 hours of specialized training in the investigation of economic crimes and served as the chairman of the Consumer Fraud Task Force for 13 years.
TRACY KITTEN: Can you tell us a bit about the ITRC and its mission?
EVA VELASQUEZ: The ITRC's mission statement is to provide best-in-class victim assistance at no charge to consumers throughout the United States. It's a really important piece of information because we never ask consumers for any compensation when they call us for our services. We also want to educate consumers, corporations, government agencies and other organizations on the best practices for fraud and identity theft detection, reduction and mitigation.
KITTEN: How did you come to the ITRC?
VELASQUEZ: I've had the pleasure of working with the ITRC both when I was at the San Diego District Attorney's Office and at the San Diego Better Business Bureau. It was a great advantage for me to see the pioneering work that they've been doing in this arena for many years; and because I was able to witness first-hand the quality and the commitment of the ITRC, it was an easy decision for me to commit to becoming a part of this team.
KITTEN: You've been involved with the ITRC since its inception back in 1999. What can you tell us about the experience that you bring to the ITRC?
VELASQUEZ: When I was at the district attorney's office, my primary focus was consumer protection cases. I investigated white-collar crime and consumer protection and assisted with the prosecution of those cases. Because of my experience working with the government and working in that capacity, it's really allowed me to understand that different government entities have different objectives, and therefore the ITRC needs to partner with them in different ways. Prosecutorial entities focus on getting the bad guy, and while some of them have victim services divisions, some of them don't and it's not a service that they can provide. The ITRC can assist those victims with repairing their lives and getting their identity back. Other government entities are focused primarily on outreach and education, so we can partner with them by providing them with our materials for their use and our expertise.
Top ID Theft Trends for 2013
KITTEN: What would you say are some of the top ID theft trends for 2013?
VELASQUEZ: Right now we're seeing several areas, including medical identity theft, child identity theft and government identity theft. They're still really on our radar. Medical identity theft is a hot topic, and in order to address this type of ID theft, the ITRC has become a founding member of the recently established Medical Identity Fraud Alliance, or MIFA. Child identity theft continues to have a significant impact on the children victims, their parents, as well as foster children and their guardians. The ITRC is also trying to build awareness of other issues, including government ID theft. As a call center, more than 25 percent of our calls in 2012 were from victims of some type of government ID theft, meaning that their personal information was used either to secure government benefits, to apply for a tax return or even to apply for a job and work or collect unemployment.
KITTEN: Why aren't current solutions working?
VELASQUEZ: Even though consumer awareness feels like it's on an upswing, there's still much that needs to be done. We feel that consumers need to realize that they should safeguard their personal information like they would any other valuable.
Areas of Greatest Risk
KITTEN: What areas would you say pose the greatest risks, where ID theft protections are concerned?
VELASQUEZ: It really runs the gamut, and there's been a big focus on high-tech issues, and those are certainly prevalent. But we're still seeing low-tech techniques being used as well. In some ways, it's a simple matter of making people aware that their PI is valuable and they have to protect it. Don't carry your Social Security card in your wallet. That seems like a very easy, simple thing for us to do, and people that are entrenched in the industry and are working with this everyday kind of sit there and go, "Well, I would never do that." You would be surprised how many people call in to our call center and when we give them that tip, they tell us they did not know that.
When you look at high-tech issues, it's [about] simple things like password-protecting your phone or other mobile devices. Lastly, we really think we need to build awareness about when you're using your mobile device, understanding that not all Wi-Fi networks are created equally. There are public Wi-Fi networks where your information, anything that you're browsing, can be seen by other people that, if they're sophisticated enough, can see that information. If you're making purchases online, you don't want to be doing that on an unsecure Wi-Fi network.
KITTEN: How aware are consumers about ID theft and some of the risks out there?
VELASQUEZ:When I encounter people out in the public, they go, "Oh yeah, Identity Theft Resource Center; identity theft is an important issue. Tell me what that means, again?" There's awareness that there's a problem. But we have not built deep enough or broad enough awareness of what we need to do about it and how prevalent it is. Consumers are starting to get that this is a big global issue, and I think over the next year we can work more to let them know what it really means, what it means to them, and how they can minimize the risks.
KITTEN: What would you say are some of the risks when it comes to mobile that organizations and consumers need to worry about the most?
VELASQUEZ: Phishing e-mails come to mind, because they continue to be a problem. There are other areas that are much more sophisticated where hackers are using other sophisticated techniques, but phishing e-mails are still prevalent because they work; and both organizations and individuals have a role here. Organizations need to educate their employees not to fall for phishing e-mails and they also have an obligation to have an infrastructure in place to minimize potential damages to their networks if someone does fall for a phishing e-mail. More and more individuals need to understand that these types of e-mails are not just an annoyance; they can cause real damage and have far-reaching consequences if you do click on one of those links. Not only the machine that you're using can be compromised, but any important or personal information that you have on that machine could be compromised and then used to steal your identity.
The Role of Public, Private Entities
KITTEN: What about the role that public and private entities play? What should they be doing?
VELASQUEZ: This is definitely a global problem that requires global solutions. All of the entities involved need to follow what I call the "three Cs" in solving this problem, and that's commitment, collaboration and communication. This is something that we at the ITRC have actually adopted as part of our strategic plan for 2013, and I believe that we must work together to discover and implement the best practices. This includes not only determining what those best practices are, but then informing all parties, including consumers, as to what those best practices are.
KITTEN: What about financial services?
VELASQUEZ: Financial institutions have a tricky role here because we understand that they want to provide convenient and seamless services to their customers. But they have to provide protections as well. There are many tools in place to help minimize risks, such as the authentication practices online. Consumers are becoming increasingly aware of this need for protection, whereas we used to hear people kind of complaining, "Why are they making us do this authentication and send this text to my phone?" We're now hearing people understanding that's necessary and not being annoyed by that. The banks have educated their consumers to these potential risks and the reasons for heightened security measures, and this is a really good start. We at the ITRC feel that the best role that institutions can continue to build on and play is building this awareness and educating the consumers. But the last piece of that puzzle is building awareness of the resources, such as the ITRC, if indeed identity theft occurs.
KITTEN: What types of organizations do you work with and how do you expect to help some of those partnerships grow in the coming year?
VELASQUEZ: We partner with a wide variety of organizations. We partner with various government entities - state, local, and federal - various non-profit entities and some for-profit entities. Right now, specific industries are touched by ID theft. I talked about medical ID theft, so the healthcare industry has definitely been on our radar, [as well as] the foster care system. The ITRC is making a concentrated effort to reach out to entire industries so that we can be included in their dialogue about how they want to address this issue. We plan on growing these partnerships because we provide our extensive case remediation expertise and therefore we're providing an important resource, and we want everyone to be aware of that.
Getting the Word Out
KITTEN: What would you say has been the primary challenge, where getting the word out is concerned?
VELASQUEZ: I would say we're not as widely known as we would like, but we do need to keep in mind that the ITRC has been nationally recognized as an expert in the area of victim assistance for many years. I believe that the issues in the past have been a misconception that if large institutions, and not just financial institutions, affiliate themselves with identity theft resources, they're admitting that there's a problem and that they have this problem. Nothing could be further from the truth. By admitting that ID theft is an issue for the public at large, they're not admitting that they are more vulnerable than anyone else. In fact, they're likely admitting that they're better prepared to address issues because they've thought ahead, they've recognized this is a global problem, and they're discovering resources and protection for their consumers.
Increasing Awareness in 2013
KITTEN: What steps do you plan to take in 2013 to help increase awareness?
VELASQUEZ: We're looking at more non-traditional methods. Aside from continuing our traditional methods of communication - which I feel that this organization has done a fantastic job at - we're embracing new ways to reach consumers and that audience of potential victims and victims. For example, there's a comedy [film] that's been released about ID theft. The crime isn't a laughing matter, but rather than look at this as a negative, as something where people are making fun of identity theft and this is a really bad thing, we're hopeful that even though this isn't a realistic portrayal of this crime, it's going to put the issue in the forefront of people's minds and perhaps they'll seek out information. We're planning on being there to provide it.
ITRC Agenda for 2013
KITTEN: What could you tell us about the ITRC's 2013 agenda?
VELASQUEZ: I want to circle back around to our "three Cs" - commitment, collaboration and communication. As far as commitment, we have revamped our mission statement and we have copies hanging on every team member's wall. We're fully committed to providing our services to victims and to educating the public and industries as to best practices and what the issues are.
We're fully committed to our new collaborations. We're going to continue to seek out partnerships with traditional partners, as well as consumer advocacy groups, business membership organizations, government entities and industry organizations.
Lastly, [with] our communication, we really are going to be ramping this up this year. We're redesigning our website so that our information is organized in a more clear and user-friendly manner. We've expanded our call center availability hours and we're now available Monday through Friday from 7 a.m. to 5 p.m. We're heavily embracing our social media in order to provide this information on a platform that consumers want. We currently have over 17,000 followers on Twitter and the numbers are just going up. We're running live Twitter chats every Thursday, really trying to grow our social media so that we're building that awareness and communicating with people in the formats that they want to hear it.