Follow Slashdot stories on Twitter


Forgot your password?
Book Reviews Books Media

The Ultimate Identity Theft Prevention Plan 187

Ben Rothke writes "It's a fallacy that our elected officials take forever to get things done. Two examples where Washington acted with speed are with the National Do Not Call Registry and the Sarbanes-Oxley Act. The National Do Not Call Registry was slated to take effect on October 1, 2003, but various marketing associations challenged its legitimacy and even if the FTC had the jurisdiction to enforce it. Notwithstanding, President Bush speedily signed the bill authorizing the no-call list to go into effect in September 2003 and the United State Court of Appeals upheld the constitutionality of the registry in February 2004. On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $7 billion by improperly accounting for its operating costs. Senator Paul Sarbanes then introduced Senate Bill 2673 that same day where it passed 97-0 less than three weeks later. The House and Senate formed a Conference Committee to reconcile the differences between Sarbanes's bill and Representative Michael Oxley's bill (HR 3763) and on July 24, 2002, the Sarbanes-Oxley Act of 2002 was passed." Read on for the rest of Ben's review.
Stealing Your Life: The Ultimate Identity Theft Prevention Plan
author Frank W. Abagnale
pages 256
publisher Broadway Books
rating 8
reviewer Ben Rothke
ISBN 0767925866
summary exposes the tactics of today's identity theft criminals and offers strategies to thwart them

The bottom line is that when politicians really want votes and PR, they can act swiftly. The frustration is exacerbated when politicians choose to do nothing when it comes to identity theft. In Stealing Your Life: The Ultimate Identity Theft Prevention Plan, Frank Abagnale details the frustration that consumers face (and will face in the years to come) when their identities are stolen, the ease at which the criminals carry out such crimes, and the months and often years of effort required to regain ones identity.

Abagnale's tenure on the criminal side long ago gives him the advantage that he knows firsthand how criminals think and such an outlook is pervasive throughout the book. Looking at the current state of identity protection, he states that he is personally horrified at how easy identity theft is. In fact, he calls it "a crook's dream come true". The book details incident after incident where criminals and criminal gangs obtained credit in someone else's name with ease.

What makes this worse is that the book shows how we haven't even scratched the surface of the identity theft problem. Everyone, including the FTC agrees that current identity theft figures are quite low, due to the fact that so many cases go unreported or undetected.

The book notes that lenders often miscategorize a good deal of identity theft because it looks like delinquent bills, as opposed to a crime. Only later does the victim realize what has been going on and complains, at which time it becomes apparent that fraud was involved. But by that time, the money has been written off as a credit loss and then appears as negative information on the victim's credit report.

Like many other books on the subject of identity theft, Stealing Your Life: The Ultimate Identity Theft Prevention Plan covers the main issues, and makes numerous suggestions on how to control your identity. What is interesting about the book is that Abagnale also focuses on why identity theft is so popular for today's criminals. One of the main reasons it that the person committing the crime has the odds significantly stacked in their favor. The book quotes a Gartner study that found that identity thieves have roughly a 1 in 700 chance of getting caught by law enforcement, which is a figure any criminal would jump at.

The books 13 chapters are written in an easy to read and compelling style. The early chapters detail the prime causes of what makes identity theft such a problem and astutely notes that a large part of the problem is that financial services companies are conducting business today by doling out credit like candy and do almost nothing to ascertain that people really are who they say they are when applying for credit. In addition, issuers of credit in their haste to rack up more business frequently accept a social security number from an applicant at face value, without demanding proof. The book lists many examples of where children and dead people have been given credit.

In chapter 6, the book lists 20 steps one can take in the hope of preventing identify theft. The author notes that since the punishment for identity theft, and the recovery of stolen goods from identity theft are so low, the only viable source of action is prevention by the individual. All 20 steps are fundamental, from protecting your social security number and examining your financial statements, to using a shredder and more.

Chapter 8 lists one of the more important points of the book, in which Abagnale writes that all credit and personal information should be opt-in based, as opposed to the prevalent opt-out requirement. Such an approach is what one would hope Congress would mandate, but does not have the tenacity to do. The problem is that if a consumer does not opt-out, they are giving the financial institution permission to share their personal information with the hundreds and often thousands of affiliates they share data with.

Companies obviously prefer opt-out, which shifts the burden to the consumer to take action to keep their information from being shared. With opt-in, the burden shifts and the financial services company has to prove that consumers granted their consent to have their personal information shared. National opt-in requirements would significant stem the flow of personal information, which is in part why identity theft is so easy to carry out.

Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet and occasionally hawking companies he has financial dealings with, Stealing Your Life: The Ultimate Identity Theft Prevention Plan is an interesting and entertaining book on a subject of the fasting growing crime in the USA.

The book details what happens when an apathetic Congress and financial services industry do almost nothing to protect their constituents, and the thieves who have never had it easier. These identity thieves are able to acquire gigabytes of personal information without ever having to leave their workstations. When you factor in that the odds are in their favor of never being prosecuted, it leaves nearly every individual at risk for identity theft.

With Congress dropping the ball and doing nothing, Abagnale shows that it is up to each individual to take responsibility for protecting their own personal information. Stealing Your Life: The Ultimate Identity Theft Prevention Plan is indeed a great place to start such an approach.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Stealing Your Life: The Ultimate Identity Theft Prevention Plan from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

The Ultimate Identity Theft Prevention Plan

Comments Filter:
  • A fallacy? (Score:1, Interesting)

    by doombringerltx ( 1109389 ) on Wednesday July 18, 2007 @02:35PM (#19904699)
    So because Bush quickly signed the the do not call registry into law in 2003 then that is a credit for governments swift action? Telemarketing has been a huge pain in everyones ass and telemarketers calling during diner has been a joke for as long as I can remeber. By 2003 spam and pop ups were doing a great job of helping to make telemarketing obsolete anyways.
  • Re:Summary? (Score:3, Interesting)

    by eln ( 21727 ) * on Wednesday July 18, 2007 @02:42PM (#19904781)
    Let me summarize the article for you:

    First part (front page): Government actually can get things done quickly, and here are two examples of when they did just that. Saying the government is incapable of doing things quickly is just factually wrong.

    Second part (all but the last paragraph): Here's a bunch of stuff about this book that details things you can do to stop identity theft, and things the Government could do except the Government sucks and won't do anything.

    Last part (last paragraph): Government is incapable of doing things quickly, so you'd better protect yourself.
  • by Yold ( 473518 ) on Wednesday July 18, 2007 @02:50PM (#19904897)
    It is my understanding that in at least of the 30 of the 50 states you can "freeze" your credit, not allowing someone else (or yourself) to take out loans, get a credit card, etc. Choicepoint and the other 2 (asshole) credit bureaus are lobbying against this.
          It really gets my goat that, contrary to what is in the social security act (it is illegal to use it for anything except SS purposes), our SSNs have become the defacto identifier in terms of any goverment, university, or financial application. Its like a freakin username with no password.
  • My tips (Score:4, Interesting)

    by michaelmalak ( 91262 ) <> on Wednesday July 18, 2007 @02:53PM (#19904925) Homepage
    1. Put a fraud alert on your credit file. You may have to give a reason, such as that you have reason to believe someone you don't trust has gotten access to your identifying information, or that you accidentally responded to a phishing attack. I've never had to make up a reason -- I always get a false charge on my credit cards at least once a year. The fraud alert lasts for a year, and anytime any company wants to extend you credit, they have to call the phone number associated with the fraud alert (hint: give the credit agency your cell phone number when you establish the fraud alert). Note that this can be a pain. You may miss the call. Or worse, when you call back it goes to a general phone number and no one knows what the heck you're talking about. Or worse, the company extending the credit (e.g. perhaps a cell phone company) may just not be set up to handle credit files with fraud alerts.
    2. Alternatively, or in addition, pay Equifax their extortion money of $130/year for their 3-in-1 monitoring. Any activity on your credit file at any of the big three credit agencies causes an e-mail to be sent to you. Account creations are sent within a day or two. But balance changes on existing accounts are sent only once per month -- which is next to worthless since you can just check your monthly statements.
    3. For brokerage accounts, get two-factor authorization (i.e. an RSA SecureID token). It's often free, depending upon your balance.
    4. Pay in cash at restaurants, and as much as possible elsewhere.
    5. Use TrueCrypt for electronic documents.
    6. Use a locking file cabinet (keeps guests out, even though it's worthless against burglars).
  • by Radres ( 776901 ) on Wednesday July 18, 2007 @02:54PM (#19904941)
    Here's what I think: they should make credit card companies 100% responsible for any identity theft losses, as well as force them to pay restitution to identity theft victims.

    That way, maybe the credit card companies will stop wasting paper and resources to flood our mailboxes with unnecessary credit card applications and start thinking about how to improve the security of setting up a credit card.
  • Rewarding the Guilty (Score:3, Interesting)

    by Anonymous Coward on Wednesday July 18, 2007 @03:09PM (#19905165)
    Agreed, Sarb-Ox was put together and passed very quickly, and it shows.

    Consultants are in the business of selling billable hours, nothing more. It doesn't matter if they are accountants, lawyers or MBAs. Their advice is what led to the meltdowns at Enron, MCI, etc. They were trying to find clever ways to reinterpret SEC rules and GAAP(Generally Accepted Accounting Procedures). GAAP are not written by the government. The SEC trusts the financial services industry to police itself with its own written policies. That trust was violated.

    Sarb-OX was a knee-jerk reaction that created more rules, more oversight, and more billable hours for the financial services industry. The intent was good, but the implementation was flawed, it rewarded the guilty.

    Much like our income tax system should be simplified, so should the SEC and GAAP rules be simplified. The amount of paperwork and billable hours that are created just for executives to move a sale, or a loan, or a payment from Q3 to Q4 just to maintain a stock price in the short term to get their bonus is an enormous drain on our entire economy.

    Imagine a world where the accounting rules were so simple that the Financial Services Industry could only bill half of the hours next year.
  • by erroneus ( 253617 ) on Wednesday July 18, 2007 @03:17PM (#19905283) Homepage
    Oh it is the credit industry's creation, by and large, that has enabled this problem with fraud. But more precisely, it is the accepted and institutional use of the "human serial number" (aka the SSN) that enables this to happen the most. And frankly, all of this was predicted to happen when this system was being created. It was created in spite of enormous protest and now this is happening. The credit reporting laws were created to help ease the public outcry... fair collection acts and the like as well. But truly, this system should simply be abolished. The old ways were for consumers to provide references and I'm guessing that should be good enough.

    The risk of loaning money should always be a risk.

    It just seems like every time, without fail, that government caters to a proposed business model, we the people get it up the butt.

    I have said it before and I'll say it again. AVOID DOING THINGS ON CREDIT. You'll find that there will be more money in your pocket somehow and you'll be less ready to buy "stupid things" so often. Further, if more people did this, we'd find prices for consumer goods dropped to "wal-mart" prices more often because no one would want to sell too many things that were beyond what people are willing to pay for in cash!
  • Re:Terrible Examples (Score:3, Interesting)

    by MarsDefenseMinister ( 738128 ) <> on Wednesday July 18, 2007 @03:26PM (#19905451) Homepage Journal
    You touched on but didn't explicitly identify the main problem: the law was a reaction to a very very few bad apples and it makes everybody else pay for the mistakes of those few.

    Prices to the customer are higher because the prices to the companies are higher. This is truly a cure that is worse than the disease, introducing a huge level of economic inefficiency. If it's ever required for small companies, it'll raise the bar for entrepreneurs even further, lowering the number of companies created. This thing is attacking the capitalist economy directly. Our entire way of life is based on that kind of economy, and I have a sneaking suspicion that it originated as an attempt to undermine that, to move us towards a more European model. Could this be one of the reasons why this was enacted so quickly? That it was planned in advance, waiting for a reason to implement it?
  • Simple Solution (Score:3, Interesting)

    by tom's a-cold ( 253195 ) on Wednesday July 18, 2007 @04:08PM (#19906015) Homepage
    Pass a federal law that states (reiterates?) that an individual has ownership of their personal data.

    Any use of that data would require opt-in or, better yet, payment to its owner.

    The credit reporting firms are snooping on us now and making money from it. Let's see how viable their business model would be if the free lunch were taken away. Screw parasitic middlemen.

  • Re:My tips (Score:3, Interesting)

    by Slashdot Parent ( 995749 ) on Wednesday July 18, 2007 @04:44PM (#19906541)

    1. [...] anytime any company wants to extend you credit, they have to call the phone number associated with the fraud alert
    This is mostly false. The fraud alert is simply an advisory inserted into the credit report, and it is totally up to the creditor if he wants to call the number on it and verify. Some credit report interfaces don't even display the fraud alert. For instance, one time I was opening a bank account and they pulled my credit, but the interface never brought up my fraud alert.

    2. Alternatively, or in addition, pay Equifax their extortion money of $130/year for their 3-in-1 monitoring. Any activity on your credit file at any of the big three credit agencies causes an e-mail to be sent to you. Account creations are sent within a day or two. But balance changes on existing accounts are sent only once per month
    Balance information is only reported to the bureaus once per month, so it's hard to ask them to do any better for you. ;) Anyhow, I do not see a huge value in a service such as this. It cannot prevent ID theft--it can only help you catch it early. But what good does that do? Call your local police department and ask them what there procedure is for ID theft cases. It usually consists of: 1) take report, 2) file it, 3) there is no step 3. You can pull your credit for free 3 times per year. This is good enough, IMO.

    3. For brokerage accounts, get two-factor authorization (i.e. an RSA SecureID token). It's often free, depending upon your balance.
    Which brokers offer this service? Mine does not.

    4. Pay in cash at restaurants, and as much as possible elsewhere.
    Overrated. You are not liable for unauthorized use of your credit card. Disputing charges takes 3 seconds.

    5. Use TrueCrypt for electronic documents.
    Can you give me an example? What is this supposed to accomplish?

    6. Use a locking file cabinet (keeps guests out, even though it's worthless against burglars).
    What kind of company do you keep? With friends like that, who needs enemies?
  • by epaulson ( 7983 ) on Wednesday July 18, 2007 @04:47PM (#19906583) Homepage
    It seems to me that we'd go a long way in fixing identity theft if we stopped treating knowledge of personal info as proof you are that person. My cable company uses my social security number as "proof" that it's really me - but god only knows how many people know my social security number. My bankers, my employer (and everyone who can touch the payroll system) my doctors office, my insurance companies. The list is very long.

    It should be illegal to use the SSN as a shared secret, and anyone who does use it as a secret identifier should be liable for any expenses they incur. VISA would be a lot more effective at combating fraud if they had to pay for every false credit card opened in my name.

    Even better, if we didn't have to treat SSNs as secret information anymore, it'd make our lives a lot easier. The SSN is a great primary key for me - it's one number I can remember, and it does a good job of uniquely identifying me. I want to be able to give it to more people.

    If Congress really can act quickly when it wants to, a good way to bring this about is to require all members of Congress to publicly disclose their SSN on January 1st 2008.
  • by Anonamused Cow-herd ( 614126 ) on Wednesday July 18, 2007 @08:11PM (#19908751)

    It has resulted in fewer opportunities for the small investor (fewer companies going public, profitable public companies going private). SOX is a bad law.

    I co-founded a Sarbanes-Oxley consulting firm a couple of years ago, and I can definitively say that this is not an accurate view of what SOX has done for investors. This is the "typical" line you hear from corporate types, one that's been fed by a huge PR machine -- and it's THAT machine that is primarily responsible for the symptoms you mention here.

    All you hear about is how SOX costs are outrageous, and then get people scratching their heads and saying "well what does it really do?" Just because the answer to that question isn't obvious to Joe Blow doesn't mean it's not a good answer. Turns out that factually, and by factually I mean according to the data, Sarbanes-Oxley compliance is very beneficial for most companies. SOX compliance and good governance often results not only in increased investor confidence (almost two-fold increases in reported confidence in most studies), but also increased operational efficiency. In the cases of banks and large companies that process millions of transactions daily, it turns out that implementing controls to figure out WHERE all of that money goes actually reduces losses and streamlines business processes. Go figure.

    The ironic thing is that most of what is entailed by SOX is really just honest business. So companies can't use mark-to-market accounting, or hide losses in front corporations -- is that really a bad thing? Companies have to tell the truth about how they make their money and what they do with it? How shocking! And you know what? It hardly hurts our competitiveness. Regulations like these have been in place in Germany for years, and Japan implemented SOX-like measures with almost no problem at all. It seems that only AMERICAN corporations want to clutch their shady dealings.

    And the worst part is that greedy subversive corporations are lobbying against SOX under the guise of "helping out the little guy" -- since smaller public companies really do have good reasons not to implement SOX (really, is it even possible to implement thorough financial oversight in a finance group of 2 people?). SOX is not a bad law, it's just a law that doesn't fit our view of business: greased palms and ethics to the wind. That people like you get morally indignant about how BAD it has been is just beyond the pale.

Forty two.