5/10/2010 www.IDTheftSecurity.com Identity Theft Security www.RobertSiciliano.com www.IDTheftSecurity.com
5/10/2010 www.IDTheftSecurity.com
Identity Theft Securitywww.RobertSiciliano.comwww.IDTheftSecurity.com
Flawed Systems
1) SSN
2) Credit
3) Fake IDs
5/10/2010
49 valid versions of Social Security cards
14,000 types of birth certificates
200 plus forms of driver’s licenses
14 states no photo
Signature?
Legal Forms of ID Circulating
Forgery
What is a signature?
Fake
IDs
Fake
IDs
Soc
ial S
ecur
ityN
umbe
rs
Public Records
28%: Government Accountability Office estimated of publicrecords available online
Jeb Bush SSN
Colin Powell SSN
Porter Goss CIA
“I'm going to submit to you that in the 21st Century,the most important asset that we have to protect asindividuals and as part of our nation is the control ofour identity, who we are, how we identify ourselves,whether other people are permitted to masqueradeand pretend to be us, and thereby damage ourlivelihood, damage our assets, damage ourreputation, damage our standing in our community.”
Dept. Homeland SecuritySecretary Michael Chertoff
Identity Theft
• Child Identity Theft: 500,000 annually
• Medical Identity Theft: 1.5 Million AmericansPonemon Institute
• Financial identity theft: 10 Million
5/10/2010 www.IDTheftSecurity.com
Europe Credit• UK, France, Germany, Italy and Spain to be granted a bank loan,
need to open an account first.
• Present yourself in person with a Government-issued Photo IDsuch as Passport or Drivers License, plus a proof of Address lessthan 3 months old, such as a Bank Statement or Utility Bill.
• Credit check
5/10/2010 www.IDTheftSecurity.com
Authentication
• Germany go to your local Post Office and havethem validate your identity credentials as aboveand then the Post Office sends yourauthenticated application form off to the CreditCard Company.
5/10/2010 www.IDTheftSecurity.com
Australia 100 Point System
5/10/2010 www.IDTheftSecurity.com
USA Credit
• Internet, phone, fax, mail service
• Credit check
• US sacrifices security for convenience
5/10/2010 www.IDTheftSecurity.com
Europe etc• The system can only be compromised with forged
items.• Replication of stolen items makes up 70-80% of
beating this system• Holographic licenses, chipped passports etc.• Organised crime is the main culprit (Asian gangs,
motorcycle clubs etc) and. There has been cases ofpeople working for drivers licensing authorities invarious states being indicted for fraud etc and beinglinked back to org crime.
5/10/2010 www.IDTheftSecurity.com
42% to access and create credit card accounts http://link.brightcove.com/services/player/bcpid18
15813330?bctid=5310498001
Credit Card Fraud
Credit Card Fraud• 213 million card holders; 1.2 billion cards in US• 1.5 billion payment cards are in circulation
(http://en.wikipedia.org/wiki/Issuing_bank)
• 656 breaches reported data breaches in 2008• 47% more fraud in 2008 than 2007• 22 $billion fraud losses in 2008 Javelin Strategy & Research
• Cloned Cards are up by 22%
1. Login data compromised2. Data bases riddled with malware3. No viable authentication of the card holder
Criminal Hackers• U.S. payment-card industry grapples with
security
• Heartland Payment Systems &
• Hannaford Brothers say their computer
networks met the tough new PCI standards meant to prevent databreaches
• Squabbling continues between merchants and financial firms overtechnology and the cost of systems upgrades, continues to impedeprogress
• Combined with the TJX breach Albert Gonzalez and his gang ofcriminal hackers breached over 230 million records
http://www.reuters.com/article/technologyNews/idUSTRE57N46F20090824
Carders and Dumps
• "Carders" are the people who buy, sell, and tradeonline the credit card data stolen from phishingsites or from large data breaches at retail stores.
• “Dumps” credit card data from a database for sale
• “Fullz” a for sale full set of personal identifiableinformation including name, address, phone,account numbers and often social securitynumbers
Fraud SchemesFraud schemes leading to a significantincrease in counterfeit fraud
1. Phishing/Phexting/Smishing/Vishing
2. Key Logging/Malware
3. Skimming
Nigerian 419 Scam
Relationship building
Online dating
9 $Billion in 2009
Spyware
KeyCatchers
Keycatcher
Card Skimming Skimming is used to steal card data
Skimming is used to turn hacked card data into cash
Approaching 1 $Billion in losses
•These devices are
“re-designed”by the thieves tocollect card and PIN data
•The devices are then installed
right at the teller line!
Australia• Account takeover fraud• ATM and EFTPOS skimming for card theft ($50 million
this yearhttp://www.creditcardfinder.com.au/skimmed-over-50-million-from-eftpos-terminals.html)
• Mail Forwarding, theft of wallet or purse, bin raiding,impersonation of deceased (still need 100 points forid), phishing and internet sites and social networking.
5/10/2010 www.IDTheftSecurity.com
ATM Skimming
ATM Skimming
Raw Data http://www.youtube.com/watch?v=5zJRzSqad-A
ATM Skimming
Equipment being installed on front of existing bank card slot.
The equipment as it appears installed over the normal ATM bank slot.
ATM Skimming
ATM Skimming
The PIN reading camera being installed on the ATMis housed in an innocent looking leaflet enclosure
The camera shown installed and ready to capture PINsby looking down on the keypad as you enter your PIN.
ATM Skimming