This blog will address the growing concern of identity theft with regard to data losses associated with financial institutions. This entry will also discuss the data protections measures implemented by these organizations.
To an identity thief, somebody else’s Social Security number is a ticket to riches. These nine digits hold the key to stolen credit and create a huge hassle for the individual who actually holds that number. According to a recent study, 70 percent of the biggest credit card issuers in the U.S. use Social Security numbers in at least some cases as a way to verify a customer’s identity when he or she contacts the company. Additionally, financial institutions collect your Social Security number when you fill out a credit card application (or open a bank account), so they already have the numbers on hand.
Before computers were a household standard, using SSNs might not have been such a high risk. However, today it’s simply too easy for a hacker to track down those numbers, and data breaches like Citi’s credit card unit that led to $2.7 million in fraudulent charges prove that even big financial institutions aren’t resistant from the work of motivated hackers. Consumers should not assume that their bank is protecting their Social Security number adequately. It may be available for hacking and some banks may be inappropriately using it as a password verification for identity management.
Even if the bank has solid IT security, though, using a Social Security number for identity management purposes makes that information vulnerable. Unfortunately, it’s not much safer for financial institutions to use truncated versions of customers’ SSNs. The last four digits are the hardest for thieves to guess, so that’s the part of the number they really want anyway.
Social media is also to blame for another crumple in the process of correctly identifying credit cardholders and weeding out would-be fraudsters. Issuers used to use security questions like, “When did you graduate high school?” or “What’s your pet’s name?” to try to verify that a customer was who he or she claimed to be. Now, that sort of data is available to anyone with a Facebook account and a few free minutes. Now, banks are beginning to ask more complicated questions, like which bank you got your last auto loan from and how much your mortgage payment is. These kinds of questions, while not foolproof, do a better job of stumping identity thieves.
WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on (firstname.lastname@example.org)
White, M.C. (2011). How Banks Are Aiding and Abetting Identity Theft. Retrieved from http://business.time.com/2011/07/08/how-banks-are-aiding-and-abetting-identity-theft/