Presd2 06

5/10/2010 www.IDTheftSecurity.com

Identity Theft Securitywww.RobertSiciliano.comwww.IDTheftSecurity.com

Flawed Systems

1) SSN

2) Credit

3) Fake IDs

5/10/2010

49 valid versions of Social Security cards

14,000 types of birth certificates

200 plus forms of driver’s licenses

14 states no photo

Signature?

Legal Forms of ID Circulating

Forgery

What is a signature?

Fake

IDs

Fake

IDs

Soc

ial S

ecur

ityN

umbe

rs

Public Records

28%: Government Accountability Office estimated of publicrecords available online

Jeb Bush SSN

Colin Powell SSN

Porter Goss CIA

“I'm going to submit to you that in the 21st Century,the most important asset that we have to protect asindividuals and as part of our nation is the control ofour identity, who we are, how we identify ourselves,whether other people are permitted to masqueradeand pretend to be us, and thereby damage ourlivelihood, damage our assets, damage ourreputation, damage our standing in our community.”

Dept. Homeland SecuritySecretary Michael Chertoff

Identity Theft

• Child Identity Theft: 500,000 annually

• Medical Identity Theft: 1.5 Million AmericansPonemon Institute

• Financial identity theft: 10 Million


Europe Credit• UK, France, Germany, Italy and Spain to be granted a bank loan,

need to open an account first.

• Present yourself in person with a Government-issued Photo IDsuch as Passport or Drivers License, plus a proof of Address lessthan 3 months old, such as a Bank Statement or Utility Bill.

• Credit check


Authentication

• Germany go to your local Post Office and havethem validate your identity credentials as aboveand then the Post Office sends yourauthenticated application form off to the CreditCard Company.


Australia 100 Point System


USA Credit

• Internet, phone, fax, mail service

• Credit check

• US sacrifices security for convenience


Europe etc• The system can only be compromised with forged

items.• Replication of stolen items makes up 70-80% of

beating this system• Holographic licenses, chipped passports etc.• Organised crime is the main culprit (Asian gangs,

motorcycle clubs etc) and. There has been cases ofpeople working for drivers licensing authorities invarious states being indicted for fraud etc and beinglinked back to org crime.


42% to access and create credit card accounts http://link.brightcove.com/services/player/bcpid18

15813330?bctid=5310498001

Credit Card Fraud

Credit Card Fraud• 213 million card holders; 1.2 billion cards in US• 1.5 billion payment cards are in circulation

(http://en.wikipedia.org/wiki/Issuing_bank)

• 656 breaches reported data breaches in 2008• 47% more fraud in 2008 than 2007• 22 $billion fraud losses in 2008 Javelin Strategy & Research

• Cloned Cards are up by 22%

1. Login data compromised2. Data bases riddled with malware3. No viable authentication of the card holder

Criminal Hackers• U.S. payment-card industry grapples with

security

• Heartland Payment Systems &

• Hannaford Brothers say their computer

networks met the tough new PCI standards meant to prevent databreaches

• Squabbling continues between merchants and financial firms overtechnology and the cost of systems upgrades, continues to impedeprogress

• Combined with the TJX breach Albert Gonzalez and his gang ofcriminal hackers breached over 230 million records

http://www.reuters.com/article/technologyNews/idUSTRE57N46F20090824

Carders and Dumps

• "Carders" are the people who buy, sell, and tradeonline the credit card data stolen from phishingsites or from large data breaches at retail stores.

• “Dumps” credit card data from a database for sale

• “Fullz” a for sale full set of personal identifiableinformation including name, address, phone,account numbers and often social securitynumbers

Fraud SchemesFraud schemes leading to a significantincrease in counterfeit fraud

1. Phishing/Phexting/Smishing/Vishing

2. Key Logging/Malware

3. Skimming

Nigerian 419 Scam

Relationship building

Online dating

9 $Billion in 2009

Spyware

KeyCatchers

Keycatcher

Card Skimming Skimming is used to steal card data

Skimming is used to turn hacked card data into cash

Approaching 1 $Billion in losses

•These devices are

“re-designed”by the thieves tocollect card and PIN data

•The devices are then installed

right at the teller line!

Australia• Account takeover fraud• ATM and EFTPOS skimming for card theft ($50 million

this yearhttp://www.creditcardfinder.com.au/skimmed-over-50-million-from-eftpos-terminals.html)

• Mail Forwarding, theft of wallet or purse, bin raiding,impersonation of deceased (still need 100 points forid), phishing and internet sites and social networking.


ATM Skimming

ATM Skimming

Raw Data http://www.youtube.com/watch?v=5zJRzSqad-A

ATM Skimming

Equipment being installed on front of existing bank card slot.

The equipment as it appears installed over the normal ATM bank slot.

ATM Skimming

ATM Skimming

The PIN reading camera being installed on the ATMis housed in an innocent looking leaflet enclosure

The camera shown installed and ready to capture PINsby looking down on the keypad as you enter your PIN.

ATM Skimming

Presd2 06

Documents

card theft

card data skimming

card fraudcredit card

dumps credit card data

hacked card data

card holders

credit card accounts

card holdercriminal