Identity Theft 101 and Beyond Bryan Stanwood, CPCU, ARM Enumclaw Insurance Group.

Identity Theft 101 and Beyond

Bryan Stanwood, CPCU, ARMEnumclaw Insurance Group

Statistics

• Nationally, in 2004, 1 in 33 households had experienced some type of identity theft within the last six months (3.6M households)

• Costs US consumers roughly $53 billion a year

• Businesses typically see a loss averaging $4,800 per victim

• Washington ranked #8 in 2004, with 5,600 residents identified as victims, an increase of over 20% since 2003

How Bad is it?

• www.privacyrights.org, a great resource and provider of a chronology of data breaches found:223,738,446 file breaches in the US

alone from 2005 through April 14, 2008There have been 96 separate corporate

or public breaches reported in 2008, with individual records in the 10s of millions

Many are happening in colleges and government offices/websites—ideas why?

• WA Attorney General website is also a great tool www.agt.wa.gov

What is Identity Theft?

• Identity theft is a crime where an imposter obtains key personal information from another for the purpose of using that information for personal gain

• Information stolen can encompass: Drivers license numbers Social Security Numbers Personal Identification Numbers Credit Card, Bank Account Numbers Passwords Mother’s Maiden Name

Categories of Identity Theft

• True NameUse information to open new accounts

• Credit card, cell phone, checking accounts

• Account TakeoverUse information to take over existing

accounts• Change address of the account• Start spending

How Does It Happen?

• Phishing

• Dumpster Diving

• Shoulder Surfing

• Company Hacking and Targeting

• Pickpockets

Phishing

• Looks legitimate, but is not

• Generally emails asking for personal, sensitive information from what appears to be a known business

• Asked to enter data electronically, although sometimes via phone as well

• PayPal, Banks, EBay, etc. are very common

• Anti-Spamming legislation is in place and offenders are being sued and put in jail—however, prevention is the best cure

Dumpster Diving

• Searching for information carelessly discarded that can be used to create or access accounts

• The practice of Dumpster diving is also known variously as urban foraging, binning, alley surfing, Curbing, D-mart, Dumpstering, garbaging, garbage picking, garbage gleaning, skip-raiding, skip diving, skipping, skip-weaseling, tatting, skally-wagging or trashing

Shoulder Surfing

• Criminals can literally look over shoulders, or use cheap closed circuit TV cameras hidden in areas to recover data. Common areas of concern are when consumers: fill out a form enter their PIN at an automated teller

machine or a POS Terminal use a calling card at a public pay phone enter passwords at a cybercafe, public and

university libraries, or airport kiosks. enter a digit code for a rented locker in a

public place such as a swimming pool or airport

Red Box recently

Company Hacking and Targeting

• Black hat hacker gets into secured company systems;

• OR, computer laptops are targeted for theft

What they want?!

Relevant personal information, such as Social Security Numbers, Drivers License Numbers, Bank Account Numbers, Credit Card Numbers, PINs, Financial Account access

Hacker than uses or sells this information worldwide

Pickpockets

• Second oldest profession?

• Typically distraction is the key to getting away with it

General Prevention Habits• Do not give your Social Security number,

mother's maiden name or account numbers to strangers who contact you, especially by phone, Internet or mail.

• Put passwords on your credit card, bank and phone accounts.

• Do not carry PIN numbers, birth certificates, Social Security cards or passports unless absolutely necessary.

• Review your credit card and other credit statements each month and make sure you know exactly what you're being billed

• Guard your mail from theft.

• Tear up or shred documents containing personal information before throwing them away.

General Prevention Habits

• Eliminate credit cards you rarely or never use

• Contact your card issuer to find out if any of your cardholder information can be given to partners or affiliates (third parties) of the card issuer

• Contact the three major credit bureaus and ask to "Opt Out“ of pre-approved credit card offers

• Remove your name from marketer's unsolicited mailing and calling lists

• Be cautious about "trial memberships”

• Check your credit report to make sure it is accurate

(Provided by the WA Office of the Attorney General)

Specific Prevention—Phishing

• When asked to verify any information, contact company directly to legitimize

• Look for typos or syntax problems

• Most companies will use members usernames vs. general introductions

• Type in known website address vs. using hyperlinks

• Do not give any information without verification!

Specific Prevention - Other

• Dumpster Diving Shred, shred, shred ANYTHING with personal

information

• Shoulder Surfing Block all entering of PINs, completion of forms or

other privacy related actions from prying eyes Be aware of people around you—vigilance

• Pickpockets Secure valuables in front pockets or money belts Be constantly aware; do not get distracted Minimize ostentatious displays Look confident, not lost

What if You are a Victim? (www.privacyrights.org)

• Notify credit bureaus, establish fraud alerts, security freezes, monitor reports

• Report the crime to police

• If new accounts are opened, immediately contact companies and fill out fraud paperwork Once resolved, get letter from company that

account is closed and debts discharged

• If existing accounts, contact immediately, in writing, request replacement card with new numbers

• Checks stolen? Report them to bank, place stop payments, complete fraud affidavits, close accounts and open new ones

What if You are a Victim?

• Debit cards—report immediately, fraud affidavit, get new cards with new passwords

• Monitor, monitor, monitor all accounts and notify immediately of any suspicious charges

• Contact DMV to see if anyone has ordered a license with your name or number

• Phone service is often part of identity theft—contact the company to determine appropriate steps

• Get involved in legal process if person is caught

• KEEP GOOD RECORDS

• DO NOT GIVE IN

Coverage Options - ISO

• In essence, $15,000 for coverage of expenses incurred due to Identity Theft after a $250 deductible

• What is covered?

Costs for notarized fraud documentation or whatever is required

Costs for certified mailings Costs for time away from work, up to $200

a day and maximum of $5,000 Loan application fees Reasonable attorneys’ fees Charges for long distance phone calls

Coverage Options – Company Limits

• More companies are offering internal limits

• Companies are contracting with companies to assist in this exposure (Identity Theft 911; LifeLock) Either charge a premium or it is free

• The biggest difference between these companies and the ISO endorsement? Assist with the entire process of re-

establishing credit vs. just reimbursing for expenses

Advocates assigned to help or handle the process

Ideas for Customers

• Put ideas here under your logo and provide to new customers, develop newsletters to include for existing customers

• Have a shredding party!

• Run a contest (get a company to help pay for it) for referrals to get a nice shredder

• Become a subject matter expert and sell more policies by making Identity Theft ‘POP’ for customers

• Sell companies on adding endorsements or providing coverage for advocacy vs. expenses

Questions?