The Ultimate Identity Theft Prevention Plan 187
Ben Rothke writes "It's a fallacy that our elected officials take forever to get things done. Two examples where Washington acted with speed are with the National Do Not Call Registry and the Sarbanes-Oxley Act. The National Do Not Call Registry was slated to take effect on October 1, 2003, but various marketing associations challenged its legitimacy and even if the FTC had the jurisdiction to enforce it. Notwithstanding, President Bush speedily signed the bill authorizing the no-call list to go into effect in September 2003 and the United State Court of Appeals upheld the constitutionality of the registry in February 2004. On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $7 billion by improperly accounting for its operating costs. Senator Paul Sarbanes then introduced Senate Bill 2673 that same day where it passed 97-0 less than three weeks later. The House and Senate formed a Conference Committee to reconcile the differences between Sarbanes's bill and Representative Michael Oxley's bill (HR 3763) and on July 24, 2002, the Sarbanes-Oxley Act of 2002 was passed." Read on for the rest of Ben's review.
| Stealing Your Life: The Ultimate Identity Theft Prevention Plan | |
| author | Frank W. Abagnale |
| pages | 256 |
| publisher | Broadway Books |
| rating | 8 |
| reviewer | Ben Rothke |
| ISBN | 0767925866 |
| summary | exposes the tactics of today's identity theft criminals and offers strategies to thwart them |
The bottom line is that when politicians really want votes and PR, they can act swiftly. The frustration is exacerbated when politicians choose to do nothing when it comes to identity theft. In Stealing Your Life: The Ultimate Identity Theft Prevention Plan, Frank Abagnale details the frustration that consumers face (and will face in the years to come) when their identities are stolen, the ease at which the criminals carry out such crimes, and the months and often years of effort required to regain ones identity.
Abagnale's tenure on the criminal side long ago gives him the advantage that he knows firsthand how criminals think and such an outlook is pervasive throughout the book. Looking at the current state of identity protection, he states that he is personally horrified at how easy identity theft is. In fact, he calls it "a crook's dream come true". The book details incident after incident where criminals and criminal gangs obtained credit in someone else's name with ease.
What makes this worse is that the book shows how we haven't even scratched the surface of the identity theft problem. Everyone, including the FTC agrees that current identity theft figures are quite low, due to the fact that so many cases go unreported or undetected.
The book notes that lenders often miscategorize a good deal of identity theft because it looks like delinquent bills, as opposed to a crime. Only later does the victim realize what has been going on and complains, at which time it becomes apparent that fraud was involved. But by that time, the money has been written off as a credit loss and then appears as negative information on the victim's credit report.
Like many other books on the subject of identity theft, Stealing Your Life: The Ultimate Identity Theft Prevention Plan covers the main issues, and makes numerous suggestions on how to control your identity. What is interesting about the book is that Abagnale also focuses on why identity theft is so popular for today's criminals. One of the main reasons it that the person committing the crime has the odds significantly stacked in their favor. The book quotes a Gartner study that found that identity thieves have roughly a 1 in 700 chance of getting caught by law enforcement, which is a figure any criminal would jump at.
The books 13 chapters are written in an easy to read and compelling style. The early chapters detail the prime causes of what makes identity theft such a problem and astutely notes that a large part of the problem is that financial services companies are conducting business today by doling out credit like candy and do almost nothing to ascertain that people really are who they say they are when applying for credit. In addition, issuers of credit in their haste to rack up more business frequently accept a social security number from an applicant at face value, without demanding proof. The book lists many examples of where children and dead people have been given credit.
In chapter 6, the book lists 20 steps one can take in the hope of preventing identify theft. The author notes that since the punishment for identity theft, and the recovery of stolen goods from identity theft are so low, the only viable source of action is prevention by the individual. All 20 steps are fundamental, from protecting your social security number and examining your financial statements, to using a shredder and more.
Chapter 8 lists one of the more important points of the book, in which Abagnale writes that all credit and personal information should be opt-in based, as opposed to the prevalent opt-out requirement. Such an approach is what one would hope Congress would mandate, but does not have the tenacity to do. The problem is that if a consumer does not opt-out, they are giving the financial institution permission to share their personal information with the hundreds and often thousands of affiliates they share data with.
Companies obviously prefer opt-out, which shifts the burden to the consumer to take action to keep their information from being shared. With opt-in, the burden shifts and the financial services company has to prove that consumers granted their consent to have their personal information shared. National opt-in requirements would significant stem the flow of personal information, which is in part why identity theft is so easy to carry out.
Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet and occasionally hawking companies he has financial dealings with, Stealing Your Life: The Ultimate Identity Theft Prevention Plan is an interesting and entertaining book on a subject of the fasting growing crime in the USA.
The book details what happens when an apathetic Congress and financial services industry do almost nothing to protect their constituents, and the thieves who have never had it easier. These identity thieves are able to acquire gigabytes of personal information without ever having to leave their workstations. When you factor in that the odds are in their favor of never being prosecuted, it leaves nearly every individual at risk for identity theft.
With Congress dropping the ball and doing nothing, Abagnale shows that it is up to each individual to take responsibility for protecting their own personal information. Stealing Your Life: The Ultimate Identity Theft Prevention Plan is indeed a great place to start such an approach.
Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know
You can purchase Stealing Your Life: The Ultimate Identity Theft Prevention Plan from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Summary? (Score:2, Insightful)
Or I'm confused again...
Opt-in is essential (Score:5, Insightful)
Of course, the credit bureaus and other data brokers who make money off your data would scream and holler. They would decry how "credit reporting is a benefit -- it lets you get credit easily and cheaply." Funny thing though -- you cannot refuse this "benefit".
Congress acts in haste, we regret at leisure (Score:4, Insightful)
Terrible Examples (Score:5, Insightful)
The Do Not Call registry was timely? People have been complaining about unwanted phone solicitations for years and years. That is actually an excellent example of Congress showing that it is incapable of moving quickly enough.
And, finally, lets not forget about the USA PATRIOT act. That passed in 1 night in response to 9/11, and I'm sure my fellow Slashdotters will agree that it was brimming with righteousness and justice. Thank christ Congress acted quickly on that one.
No, I'm afraid kneejerk reactions by Congress are not the answer you seek. The elephant in the room that no one in Congress wants to recognize is that identify theft is so easy now only because we have tied ourselves to our Social Security numbers, something that was never supposed to happen and something that fundamentally undermines the idea of individual privacy and freedom. Do not look to the people who created this problem in the first place to fix it without continuing to divest you of your personal liberties.
More MisInformation (Score:3, Insightful)
You want to stop "identity theft?" Make the collection and sale of personal data against the law. Oh wait. That would mean participating in your government.
Today's lesson: we've all gotten exactly what we've put into this issue.
Re:location (Score:4, Insightful)
Are you one of those guys that posts in every Linux article insisting we call it GNU/Linux or that we start using the term "Gibibyte" (which sounds like someone with a stutter trying to say "Gigabyte" for base-2 storage numbers?
True Authentication is Impossible for Joe User (Score:5, Insightful)
While strictly speaking, from a theoretical standpoint, he is, as you say, wrong about true authentication being impossible it is also important to consider the audience to whom this book is speaking. In fact, it can be very difficult for the average user, in practice, to be certain that a particular electronic transaction is secure (there have been several recent studies confirming this). This combined with the fact that the phishers, identity thieves, spammers, and other malcontents are actively subverting the system to trick users in ever more sophisticated and clever ways means that from a practical standpoint, for the average user, this may be good advice (i.e. to consider internet transactions to be unsecured or at the very least suspect). I know that this is Slashdot and we all know better here (i.e. we wouldn't be easily fooled by phishers or get hit with a rootkit or keylogger...or so we hope), but if experts have difficulties then just imagine how the average users feel.
Re:Terrible Examples (Score:4, Insightful)
Most if not all of the components of the Patriot Act had been previously written and people had been trying to tack it onto other legislation for years.
For as much as the Patriot Act gets the blame for all our "rights lost" in the past 6 years, it really was just a short piece of literature that merely 'connected the dots' on all this other crap that we had already established.
For example, the FISA (Foriegn Intelligence Surveillance Act) court was handing out secret warrants without accountability since Reagan created it in the 1980's. The Patriot Act simply turned that court against American citizens. Just one tiny change in wording can have profound effects.
Government moves slowly, but much of the time methodically, in taking away individual liberty.
gotta love (Score:3, Insightful)
The whole credit system is a broken mess (Score:4, Insightful)
Good examples are credit card companies deliberately not reporting credit limits to drop your coveted 'score' (so you are ALWAYS over the limit), to third party debt collectors re-aging old debt, to out and out falsifying payment records, etc...
And, then there are other things like medical bills. Why are unpaid medical bills on a credit report? It is not credit, and has no bearing on your ability or desire to pay your mortgage or car loan. Tough luck that you didn't have insurance - you should have thought about that before you went and got cancer. Or what about that fenceline dispute you had with your neighbor that you took to small claims court. You lost, there was no monetary award, yet a judgement still appears on your 'credit' report. Plain wrong.
Oh, and then there is permissible purpose. Exactly what does a credit report have to do with a job? How about insurance? How many people were 'right-sized' into 'bad credit'? Now you can't get another job because your credit is bad? C'mon, does anyone see something wrong with this? Credit reports are about useless for determining credit worthiness for a myriad of reasons, and we want them applied here to? Give me a break. Got 'bad' credit? Can't rent now either - so where the hell are you supposed to live? The problem of people using credit reports for things other than granting credit is big and getting a lot bigger, but will anyone stand up an write Congress about it? And you can forget cable, direct tv, cell phone plans, satellite radio, or any other services. Down in Texas they are raising gas utility rates on people who have bad credit. Wake up people! Not all people have bad credit on purpose even in the absence of ID theft.
The system is a horrible disgrace - designed to bilk billions out of the public - nothing more, even if you leave ID theft out of it altogether.
Until there are laws passed that are stronger than the FCRA and impose criminal penalties and much higher fines, you will never see the end of this.
Re:Congress acts in haste, we regret at leisure (Score:3, Insightful)
Why was this marked flamebait?
The National Review pointed out recently that Sarbanes-Oxley, which was more or less intended to protect the non-professional investor by requiring greater scrutiny and transparency of publicly traded companies, requires a lot of overhead to administer. Consequently, while the larger firms can/have complied without a blink, the smaller start-ups (in particular, but not exclusively) have simply opted to avoid Sarbanes-Oxley by not going public.
So what, one says... Well, these smaller companies, while a greater risk, also provide greater gains. Not being publicly traded, however, the required money for investment is substantially higher than all but the wealthy can afford. Consequently, Sarbanes-Oxley leaves only the wealthy in a position to invest in projects with the greatest returns.
So, getting back to my question, while you may or may not think that Sarbanes-Oxley is a great piece of legislation or disagree with my (very likely butchered) representation of a conservative analysis of Sarbanes-Oxley, how is the parent flamebait?
Re:Congress acts in haste, we regret at leisure (Score:3, Insightful)
Re:Opt-in is essential (Score:3, Insightful)
No it's not. What should be freely available, however, with no requirements or costs, is a credit block -- the ability to prevent any new accounts from being opened on your credit reports as long as the block is in place (typically the block can be temporarily removed/disabled via phone and a PIN; that way you can still get new credit, but at least then you _know_ when you're getting new credit).
Sure you can. Just never give your social security number on any form that asks you for it.
Of course, you may also find that you can't get credit at all in such a situation. But that's basically what you're asking for anyway. After all, if it's an "opt-in" to share credit info, then why couldn't I just open a few lines of credit, refuse to allow them to send info on them, and then default on them? Oh sure, it's illegal, but what are they going to do? Send debt collectors after me? Relatively easy to deal with, especially if you're the kind of person who would pull this. They can't ruin my credit report -- I've told them they can't.
Look, credit has become ubiquitous purely because of the credit bureaus and their data aggregation. It's not an inherently bad thing, but it could certainly be improved. A freely available block would go a long way toward solving the issues. It wouldn't completely fix them; that's fine. The point isn't to stop it completely, as that would be too costly to both the creditors and to consumers, but to make it too difficult and expensive (in terms of money, time, effort, and/or likelihood of being arrested) for identity thieves to bother with.
If you think that credit aggregation is unnecessary -- well, then be prepared to have the credit industry go back to how it was prior to their existance (which started in the 1940s and 50s) -- short term, variable rate mortgages were the norm, credit cards didn't exist (unsecured credit? Are you kidding me?), and loans of all kinds were both more expensive and more difficult to get. Why? Because lenders had no real way of telling if a borrower would be a good risk. Pretty much your best bet was to have a bank with whom you did all your business (because then they know your credit), use them for years, and then ask for a loan. Young? New in town? Too bad. You're too high of a risk. Get lost.
Note that I'm not saying the aggregators are perfect. Far from it. But it's a far, far better scenario with them than without.
Oh, and note -- if you're a business that uses credit scores you can also forgo giving the bureaus any information. Of course, you'll pay 3-5x as much per inquiry (even in bulk, for partial data) than you will if you report back to them.
Don't you wish they hadn't taken a bit more time? (Score:3, Insightful)
It would have been nice if they had taken some time to consider what the problem was, and then decide if additional legislation was required.
I am not familiar with the entire text of Sarbanes-Oxley. I am familiar with the effects of some parts of that act and I have a hard time understanding the need for it. A lot of time and effort is spent on activities that generate a lot of paperwork, with few obvious returns for anyone.
Maybe it's just me? You see, I was under the impression that it was illegal for executives to falsify SEC filings and steal from the shareholders BEFORE Sarbanes-Oxley. The need for this legislation was never obvious to the likes of me.
Sociopaths like Ken Lay and Bernie Ebbers are going to do what they are going to do regardless of the laws on the books. The existing laws didn't stop Lay and Ebbers, and I doubt that the Sarbanes-Oxley act would have made any difference. Perhaps it would have have made their thefts more difficult to pull off, but at the end of the day if a group of executives and board members band together and tell the same lie, it's really hard for the auditors to prove otherwise.
FWIW, Enron was quite open about what they were doing - it was all in the notes of their SEC filings. Unfortunately, nobody paid any attention to what they were doing as long as the stock kept increasing in value.
I just don't think Sarbanes-Oxley is a good example of a law period, never mind a law that was rushed through the legislative process.
For the record: I am *NOT* a libertarian. I have no use for libertarian ideology. It is naive and completely unworkable.
It just seems to me that the solution to criminal problems (and theft on this scale is clearly a criminal problem) is dull, ordinary police-work. It's very effective, but it takes time and resources and it does not generate a ton of publicity when the politicians need to be seen doing something about an issue they simply do not understand.
I do wonder if there would have been the political will to authorize an investigation and infiltrate the likes of Enron and Worldcom when their stocks were still going up? Would the public have been in favour of hauling Lay and Ebbers off to jail when their own investments were still doing great?
I would like to thing so, but somehow I doubt it...
Re:Opt-in is essential (Score:2, Insightful)
No, all it would mean is that interest rates would go up, "convenience fees" would pop up everywhere and get ever-bigger....
Credit card companies would sieze every opportunity to pass on these costs to the consumer.