Parental Awareness and Action about Child Identity Theft Revealed

By | April 2nd, 2013|Uncategorized|

Infographic_ChildID_SurveyOne in 10 children will become victim to child identity theft and the thieves can go unnoticed for years as children’s credit reports may not be checked until they turn 18. Many times families discover the crime when the child applies for his or her first credit card, loan or apartment and are met with the shocking reality that their credit has been fraudulently used.

CSID recently conducted a consumer survey to understand parental awareness, concern and action around this growing issue. The survey found that 56 percent of parents are aware that child identity theft is a growing trend and 76 percent of them are concerned that their child’s identity might be stolen. However, despite the awareness of the issue, 52 percent of parents are not currently taking measures to prevent the misuse of their child’s online information.

The survey also revealed that 88 percent of the parents who are not currently taking measures to prevent the misuse of their child’s online information would be willing to do so. In fact, a large majority – 93 percent – would support their state or local governments passing regulations to protect children’s online activity and identity information.

The survey data suggests that parents are aware of the issue and willing to take action, but don’t know what to do or where to begin. CSID teamed up with Dena Haritos Tsamitis, director of education, training and outreach at Carnegie Mellon’s CyLab, Tim Woda, co-founder of and Clay Nichols, chief creative officer at LookOut Social to present “Child Identity Theft: A Parenting Blind Spot,” a webinar about the growing trend of child identity theft and what parents – and businesses – can do to address it.

Learn more about the prevalence and impact of child identity theft and what CSID, Carnegie Mellon’s CyLab, and LookOut Social recommend parents and businesses do to combat this growing trend. Download the white paper and view the infographic and then share your thoughts with us on Facebook and Twitter using hashtag #SecureChildID.



Identity Theft Movie: Lots of laughs, but not always accurate

By | February 20th, 2013|Uncategorized|

identity_theifLast week a group of CSID employees visited a popular Austin movie theater, the Alamo Drafthouse, to catch a private showing of “Identity Thief,” the new comedy starring Melissa McCarthy and Jason Bateman. It was a fun outing with our co-workers, but of course, being in the identity and data protection business, we couldn’t help but point out a few items the movie didn’t get quite right.

Much of the movie’s plot centers around Jason Bateman’s character going to find the woman who stole his identity so he can bring her back to Colorado where she can be arrested for the identity theft. In most cases, the thief and the person whose identity was stolen do not meet, nor is there a need to make them physically present to be charged with the crime. A majority of identity theft is done from countries outside of the U.S., making it even more difficult to track and catch an identity thief.

In the movie, Melissa McCarthy’s character goes on wild shopping sprees, using her stolen identity to rack up giant bills. While that certainly still happens, identity theft now focuses more around your online accounts and personal information versus your credit cards. We’ve found that an email and password combination can be as valuable to cyber criminals as a social security number. Getting into your online accounts, such as an or banking account, can be more lucrative to them than a stolen credit card or two.

Regardless of any errors, the movie brings an important issue to light – no matter who you are, your identity could be stolen and constant vigilance is key. View our tips on the best ways to protect yourself.

Did you see the movie? Let us know what you thought of it on Facebook or Twitter.

Three Security Trends That Will Shape 2013

By | November 16th, 2012|Uncategorized|

This week Symantec announced their “Top 5 Security Predictions for 2013.” The company listed some interesting trends and the article definitely warrants a read-through.  This list also got us thinking about our own predictions for 2013. Here are a few we see happening: 

Your email address and password will become more valuable to identity thieves. Think your social security number is your most coveted identity asset? Think again. While the monetary value of all data is going down because of an increased amount of data in the black market, emails and passwords have an increasingly higher value to identity thieves. Login credentials can give identity thieves access to an ever-increasing range of valuable (and profitable) websites  – online banking, Amazon, PayPal, eBay. At the end of the day, it is a lot easier to log into someone’s account and take it over than it is to establish a new identity and credit with a stolen social security number. 

Malware will be front and center in 2013. We mostly think of malware as the virus you download when you click on a bad link. Unfortunately, malware is becoming more malicious than this. Two proof points: ransomware and drive-by-malware. With ransomware, a thief takes control of your computer system, blocking access until a “ransom” is paid. With drive-by-malware, you no longer have to click on a link to download a virus – you just have a visit a webpage. We’ll see more of this high-stakes malware in 2013.

It’s not all doom and gloom.  There are some incredible things on the horizon that will help protect against identity theft. As identity theft risks and consequences rise, businesses are starting to take notice and take action. We are going to start seeing some pretty cool technology like voice biometrics and location-based authentication serve as a method of authentication. Companies are also getting better at monitoring for stolen data by alerting consumers before the data can be sold or used by identity thieves. In time, we may not even use email addresses and passwords to log into accounts.

Exchange Your PIN for Your Iris

By | October 31st, 2012|Uncategorized|

It’s something you see in cartoons and science fiction movies – a character goes into a secured area and either their hand or eye is scanned to grant them access. In real life, that practice is called biometrics, or the use of personal traits such as fingerprints, hand scans, eye scans or vocal patterns to authenticate one’s identity.

As our recent consumer survey shows, the current use of login and password combinations for authentication is flimsy at best and leaves businesses and consumers open to security risks. But what other options are there? Jennifer Waters of MarketWatch recently pointed to biometrics as the next step in security in “Can palm scans replace ATM cards?”

According to Waters, a growing number of financial institutions, businesses and medical facilities are investigating using biometrics as a security measure. Even the government is investing heavily in it, with a $1 billion investment into a system called Next Generation Identification that will expand biometric databases. According to Frost and Sullivan, the biometrics use in civil and military applications will grow by an annual rate of 14 percent until 2019.

While some types of biometrics, such as hand or eye scans, require you to be present, voice biometric technologies offer a more remote option. Services like CSID’s VoiceVerified can take a one-time vocal print and compare it to your voice every time you call, ensuring it is actually you on the phone. By verifying your identity with features that cannot be replicated, biometrics help stop identity thieves in their tracks.

What are your thoughts on the potential of biometrics? Would you be comfortable using it? Chime in below or share your thoughts with us on Twitter or Facebook

October is National Cyber Security Awareness Month

By | October 18th, 2012|Uncategorized|

In honor of National Cyber Security Awareness Month and Protect Your Identity Week (Oct. 20–27), we’d like to share a few tips to keep you and your business safe, secure and prepared.

Be smart and aware. Many people have the mindset that identity theft won’t happen to them, but it’s one of the fastest growing crimes, with over 15 million victims a year. A recent poll by the NFCC found 64 percent of consumers are afraid of becoming identity theft victims. It’s important that you and your employees be smart about daily activities and adopt safe habits to minimize risk.   

Tear up or shred any old credit card statements, unwanted receipts, loan solicitations, expired cards, confidential data, etc., to prevent thieves from going dumpster diving. Destroy your documents with Protect Your Identity Week at one of their shredding events around the US. 

Put a lock on your mobile device. Identity thieves can easily resell personal information stored on a high-tech phone. In addition, add a free remote data-wipe app to prevent further theft. Supplying your employees with the latest and greatest mobile gadgets? Be sure that all old devices are completely wiped before disposing or recycling.

Practice safe Internet use. Delete spam emails and keep your software up-to-date by choosing the recommended automatic setting. Also, never send credit card numbers, SSNs or other personal information via email. Teach your employees follow these practices as well.

Never carry your SSN card. This may sound trivial, but the truth is people can tend to carry highly personal information—like social security cards—on them. Did you know using a SSN is the only method used for stealing a child’s identity? Memorize your social security number, and never carry it with you.

Create a strong password and change it often. Our recent survey found that 6 in 10 people reuse passwords across multiple sites—a risky move that grants hackers access multiple sites with just one password. Make sure your employees have multiple passwords that are strong—lengthy with a combination of letters, numbers and punctuation—and that they do NOT mix company passwords with personal ones. Consider requiring your employees to change their passwords every 90 days.

We’ll be joining security pros each Thursday in October from 2–3pm (CST) for a live Twitter chat in honor of National Cyber Security Awareness Month. Join the conversation by using the hashtag #NCSAM and follow us at @CSIdentity.

Sex Offenders Dodging Responsibility Through Identity Theft

By | August 1st, 2012|Uncategorized|

You’ve heard of the websites that can locate sex offenders near you. Maybe you’ve even used them to scope out your neighborhood. But are those websites giving you the full picture? What if some sex offenders are flying under the radar?

According to a recently released study from Utica College, more than 16 percent of sex offenders attempt to avoid mandatory monitoring by manipulating their identity. They use multiple aliases, use various personal identifying information such as social security numbers or date of birth, steal identity information from family members, manipulate their name, use family or friends’ addresses, alter their physical appearance or move to states with less stringent laws. Finding ways to slide under the radar means registered sex offenders could live near schools and playgrounds, or even gain unapproved employment

In one case, 29-year-old Neil Rodreick enrolled in at least four schools in Arizona, posing as a 12-year-old boy. He was finally caught when one school was unable to verify the information on his paperwork.

A parallel study conducted by Utica demonstrated that awareness of identity manipulation of sex offenders is low. Of 223 law enforcement agencies surveyed in 46 states, only five percent knew of an identity manipulation case within their jurisdiction. Close to half (40 percent) of respondents said that they had zero cases, indicating that some may not even be aware of this issue.

Clearly, additional monitoring is needed. CSID offers sex offender monitoring that conducts an in-depth search of sex offender registries in all 50 states, Washington D.C., Puerto Rico and Guam to help find and identify sex offenders. It also provides notifications when a sex offender is living in or moves to a customer’s neighborhood, or if a sex offender registers under a different name using a customer’s address. Monitoring identity and credit information is also another way to stay aware of sex offenders using one’s personal credentials.

Do you feel that current sex offender tracking is working? Are there other tools or systems states should be using to track them? As always, let us know via comments, Twitter or Facebook.  

Lesson From the LinkedIn Breach: Be Proactive.

By | June 7th, 2012|Uncategorized|

Hackers recently posted 6.5 million unique hashed passwords from LinkedIn, with already 200,000 of these passwords cracked. LinkedIn is a global social networking site for professionals—and it’s likely that many of the site’s users use the same password with other sites, including online retail stores, news websites and sites related to their employers.

What does this mean? Each of these other online businesses—those retail stores, news sites and employers—is now at risk. Hackers can potentially use the exposed log in details to access private information stored on these websites, from credit card numbers to emails to private company documents. What if these online businesses could do something to prevent that misuse?

CSID’s VP of sales Marc Ostryniec recently posed a solution to this issue: proactive identity monitoring. Using third party identity monitoring technologies, online businesses can proactively monitor their customers’ and employee’s credentials for compromise on other sites (like LinkedIn) and can then take the proper action to protect their own business from the ramifications of that compromise. For instance, they can instantly notify their customers or employees of the breach and reset passwords as necessary.

And as a consumer, this helps maintain that your online accounts are secure. Was your LinkedIn password exposed through the breach? (You can check through, which has been deemed trustworthy by numerous valid sources.) If so, you should reset your password for not just LinkedIn, but for any other account that uses the same login and password combination.

Let us know what you think about the LinkedIn breach and the idea of proactively monitoring identities. Join the conversation on our Facebook and Twitter.

ID360 Conference Poster

Marc Ostryniec Presents at ID360

By | April 24th, 2012|Uncategorized|

Marc Ostryniec at ID360 ConferenceThe Center for Identity at the University of Texas at Austin held the first annual ID360 Conference this week. CSID was there  in support of our VP of sales Marc Ostryniec, who presented on how proactive credential monitoring can reduce the risk of fraud that is an inherent problem when employees mishandle company credentials or customers have poor password habits. People truly are the weakest link in any company’s security system.  

The most advanced security measures can be unraveled through everyday human error. In fact, some of the most recent security breaches began with employees simply opening an email containing a virus. But businesses can’t operate without humans, meaning proactive credit and security monitoring is crucial. Businesses that neglect to proactively monitor for security breaches or issues leave themselves open to a wide range of security threats that can impact their customers and ultimately, the bottom line.

Marc opened his presentation with this compelling statistic from Trusteer: 73 percent of consumers reuse their online banking login and password with nonfinancial websites. The reuse of login information increases the possibility that if one website gets hacked, other locations where its customers conduct business or interact online can also be accessed using that same information. In many cases, the stolen login information can even access a work database or server, leaving many businesses vulnerable without them realizing they are under attack.

For more information about proactive credential monitoring, read Marc’s conference paper. Read more about the ID360 Conference and Marc’s presentation in the Austin-American Statesman, and check out the #ID360Conference Twitter hashtag for key points from the event.

Revisiting SXSW 2012 – One Last Look

By | March 27th, 2012|Uncategorized|

It’s hard to believe that South by Southwest Interactive (SXSW) is already two weeks in the past. We spent eight months planning and prepping for the event—during which CSID hosted three panels—then it came and went in a flash. In fact, we already have SXSW 2013 on our radar.

Before we get ahead of ourselves with arrangements for next year’s event, we wanted to revisit SXSW 2012 one last time and call out some key messages from each of our panels.

Data Breaches: Taking the Bull by the Horns
This panel, moderated by CSID President Joe Ross, brought up some resonating points about the importance of preparing your company for a data breach, and what to do in the instance that a breach occurs. A few key points from the panel include:

  • Negligent insiders are the top cause of data breaches. One study estimates that 61 percent of security breaches are caused by internal sources.
  • Every company, no matter how big or small, must create a risk management protocol that covers processes and procedures in the case of a breach.
  • Breach notification laws differ among states. In 41 states, a breach of usernames and passwords does not need to be reported.

My Voice is My Passport. Verify Me.
This was a dual panel featuring Isaac Chapa, VP of technology at CSID, and Dan Miller, senior analyst and founder of Opus Research. Isaac and Dan discussed voice biometric technology and the future of voice authentication. Some interesting points made by Isaac and Dan include:

  • Experts predict an exponential growth in voiceprint enrollments as businesses look for ways to authenticate online and mobile transactions like mobile payments.  
  • Voice biometric technology has two key advantages over other biometric solutions: it can be used in a number of environments, and it does not require additional software or hardware to be built into a device as would fingerprint or retina scanners.
  • Your voice can be a useful replacement when dealing with frequent password resets or remembering hundreds of complex log-ins. You can’t forget your voice.

No Rainy Days: Identity Protection in the Cloud
CSID’s VP of product strategy, Eric Youngstrom, discussed cloud security with a well-rounded group of experts. Notable points discussed during the panel include:

  • On the horizon for cloud security: The National Strategy for Trusted Identities in Cyberspace (NSTIC) “Identity Ecosystem.” When implemented, the protocol will be similar to the FDA stamping your meat. NSTIC-approved sites will have a standard level of security in place, protecting consumer data.
  • Security across the supply chain is completely relevant and important when storing and accessing data in the cloud.
  • Make sure your cloud provider has third party certifications and is taking proper measures to secure your data.

What did you take away from SXSW this year? What topics do you want to see CSID cover at next year’s event? Leave a comment or let us know through Facebook and Twitter.

IRS Identity Theft in 2012: Tips to Beat the Thief

By | March 15th, 2012|Uncategorized|

By Adam Kennedy, CSID Identity Restoration Supervisor; Certified Identity Theft Risk Management Specialist

Imagine you’re on your favorite tax preparation software recalling incomes and deductions from the year past. Finally, you’ve reached the end of the seemingly endless questionnaire and the estimated refund number glares from the screen like a stuffed piggy bank waiting to be cracked open… ‘Sorry, we are unable to accept your return; someone has already filed with this social security number,’ the software says.

If this has happened to you, you are not alone. The IRS estimates 404,000 people were victimized by identity theft tax fraud from 2010 to the end of 2011 and the number is rising as we reach the peak of the tax season for 2012.  With more than 100 million income tax refunds to process each year, the IRS concedes it will never be able to squelch such tax fraud completely.

Here are two easy precautions to take to keep your hard earned refund in your pocket.

  1. File First: File your taxes before the perpetrator will block the fraudulent filing. If the criminal files first, your tax return will be blocked as a potential fraudulent filing and an investigation can delay your refund by 4 months to a year. File as soon as you have collected your W2 from your employer(s) and do not wait until April to process your taxes.
  2. Check your earnings: Checking your Social Security Earnings Statements once a year can be a great way to catch potential tax and employment fraud. In light of the current budget situation, the Social Security Administration is sending statements only to workers age 60 and older. If this applies to you, you should receive your annual statement about three months before your birthday.
    If you’re younger than 60 years of age you will need to request a copy by visiting your local SSA office. Unfortunately the SSA no longer accepts the request form online or by mail. Upon your visit to the SSA office you will have the opportunity to review your employment history with a SSA representative to ensure there are no unidentifiable employers.
    Get in the habit of reviewing your wages and earnings statement in October or at least two months before you plan to file taxes. This will give you enough time to review the information before it’s time to file and act early to notify the IRS.

Unfortunately there is no sure-fire way to predict when or if you will fall prey to IRS identity theft and tax fraud. The hope is that this article helps arm you with the knowledge to catch and detour thieves from receiving your hard earned refund… Let’s keep those thieving hands off your piggy bank.

Load More Posts