ID Fraud More Low-tech Than You Might Think

I suppose that being immersed in the tech world can lead to seeing things as technological problems, when in fact, they are simply sociological problems. Maybe that's why I was among those who associated the crime of identity theft primarily with computers. In my mind, I think I pictured identity thieves as hackers.

But really, what's easier: hacking in to some institution's or individual's computer, or dumpster diving for credit-card receipts? A recent study released by the Center for Identity Management and Information Protection at Utica College, seems to confirm that the dumpster divers outnumber the hackers by a wide margin.

The study used data from 517 closed Secret Service cases that involved an identity theft component. Of these, fully half did not involve using the internet in any fashion. Of the remaining half that did use the internet in some way, it is difficult to determine the extent to which the internet was the primary means of committing the crime. The study does state, however, that in only 10 percent of the crimes was the internet the only means of committing the crime.

Really this is just more evidence that an organization's security is only partly a question of hardening your software. As long as account numbers are being printed on paper, and those papers can be carelessly thrown away, the best software in the world won't save you. Ditto for social engineering. If organizations don't train employees to recognize scams, the biggest vulnerabilities may remain as gaping holes.

Posted by Kevin Carlson at 01:13 PM  Permalink