Welcome to the SecAware blog

I spy with my beady eye ...

29 May 2008

Profile of an identity theft victim

According to the Beeb, the UK credit reporting agency Experian has analyzed its records to profile typical victims of identity theft. The results are thought provoking.

"Company directors or those running their own businesses are most likely to be victims of identity theft, according to a report from Experian."

Um. So company directors are unable to spot phishing and similar ID theft scams? I thought being in a responsible management position implied a level of intelligence, integrity and ability. Perhaps the phishers and other identity thieves are a step ahead after all.

"The credit reference agency said 6,000 victims in the UK asked its staff for help last year, a 66% rise on 2006."

Oh oh. Either ID theft has risen significantly, or Experian's marketing wizards have had an exceptional year.

"The most likely victims were aged between 26 and 45, earned more than £50,000, rented their home and lived in London, Experian's analysis found."

OK, now I'm starting to see a pattern. Busy professionals in the rat-race that is London, who probably don't have time to bother with small details such as checking their credit card statements or worry about dubious requests from their bank to 'update their details'. Life's too short.

"It takes an average of 18 months for people to realise they are victims."

Oh boy, that's a killer! Just imagine how much damage an identity thief can do over that kind of timescale, and how difficult it must be for the scammed busy professionals to re-establish their identities and credit records after someone has been living their life for 18 months or more.

18 months! I still find it hard to believe. What is going so badly wrong in the financial services industry that such a commonplace fraud takes so long to detect? Does nobody find it remotely strange that one "John Smith" appears to be taking money out of an ATM in Chiswick at the very instant that the same "John Smith" is purchasing first class tickets to Acapulco over the web or in a travel agency in Glasgow? Or that clean-living stay-at-home busy executive and housewife "Jane Smith" has suddenly taken to online gambling and porn in a big way?

I'm trivialising the problem, I know, but there must surely be visible symptoms of fraud when identity theft is evidently happening on such a wide scale, if only someone is looking for it .... My guess is that the British banks and credit card companies are looking hard at their own customers but jealously guarding their data from those nasty competitors who might just be able to make the connections. Further, I bet the Data Protection Act figures large in the executives' thinking, regardless of the ability to disclose information for legal purposes.

Perhaps, like those busy executives, the British financial institutions are just so caught up in the money-making rat race that they can't be bothered with trivial details such as [escalating] phishing, identity theft and other fraud losses - something Bruce Schneier refers to as delinquency. After all, 'ten grand' is a lot for a single customer to lose but nothing to a bank making billions. Maybe the personal impacts of identity theft on victims' lives simply don't register with the banks. Being 'serviced' by the bank used to be something that customers valued rather than feared.

No comments:

Post a Comment