SlideShare a Scribd company logo

ASIS Phoenix February Presentation

Download as PPTX, PDF
J
John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO

This document discusses protecting personal identity in the age of increased information tracking. It outlines the risks of identity theft, how thieves steal identities, and statistics on identity theft victims. Key points include that identity theft costs the US economy an estimated $100 billion annually, 47% of victims in 2015 experienced tax or wage-related identity theft, and children and the elderly are particularly vulnerable targets. The document provides tips on reducing identity theft risks and resolving identity theft issues.

Business
1 of 52
Protecting Your Identity in the Information Tracking Age What to Know | What to Do INFORMATION SECURITY &PRIVACY OFFICE Randell C. Smith, Jr. CISM, CISSP, PMP Chief Information Security Officer | Chief Privacy Officer City of Phoenix
City of Phoenix 1. Things You Need To Know (Likelihood, Impact, Consequences) 2. Things You Need to Do (Before ID Theft) 3. Things You Need to Do (After ID Theft) 4. Questions & Answers
City of Phoenix The sky is not falling…it’s just a little closer! Charles Thompson, former CIO, City of Phoenix.
City of Phoenix  9 years with City of Phoenix  Serving as CISO and CPO  30 years with U.S. Navy (Retired Captain)  Naval Cryptologist  Worked directly for Naval Security Group Command and National Security Agency  Hold multiple industry certifications Background
What is Identity Theft? ■ Identity theft happens when someone accesses essential elements of a person’s identifying information in order to commit theft. ■ This information may include name, social security number, date of birth and mother’s maiden name. Source: Citi Identity Theft Solutions
Has anyone here been a victim?
City of Phoenix Consequences of Identity Theft
City of Phoenix Partial map of the Internet based on the January 15, 2015 data found on opte.org. Each line is drawn between two nodes, representing two IP addresses. Why be Concerned? Your Data is Everywhere
City of Phoenix Cyber Security Facts • 230,000 malware variants created everyday. (84 million created in 2015) • Signature based technology used in AV software, IPS devices, and Web gateways is ineffective due to polymorphic malware changing constantly. • Drive-by downloads have become the top web threat (Water Hole Attacks). • Phishing is the number one attack vector.
Recent Large Data Breaches
City of Phoenix DataBreaches>30,000Records http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Identity Theft Victim Statistics
Identity Theft Victim Statistics (cont.) ■ Identity fraud has grown to include theft of cell and landline phone service; cable and satellite television service; power, water, gas and electric service; Internet payment service; medical insurance; home mortgages and rental housing; automobile, boat and other forms of financing and loans; and, government benefits. ■ Identity thieves will also use stolen identities to obtain employment and to deceive police when arrested.
Who's at risk of identity theft? ■ ANSWER – Everyone ■ 12% of Americans age 18 or older have been subject to identity theft in just the past 12 months. ■ Over half (52%) of Americans do not check their free credit report annually. ■ Just 14% of Americans say they subscribe to identity theft protection services such as Lifelock, Identity Guard, or LegalShield. ■ Just 17% of Americans check their credit regularly with one of the credit bureaus.
Who's at risk of identity theft? ■ Overall costs of identity theft to the American economy is estimated to reach $100 billion annually. ■ In 2012, more than 15 million reports were made of fraudulent use of a credit card or bank account, compared with only about a million reports of fraudulent use of personal information to open a new account, and a million reports of fraudulent use of personal information for some other purpose. ■ Most victims find out about identity theft when their bank or credit card issuer contacts them to inquire about suspicious activity on the account. At this point, extensive damage may already be done.
Legal Liability – Credit Card vs. Debit Card ■ If someone steals your actual credit card, your liability is generally limited to $50 ($0 if you report the loss before any fraudulent activity occurs). And the likelihood that you’ll even pay the $50 is minimal because most credit card issuers offer zero liability protections on fraudulent charges. Electronic Fund Transfer Act (EFTA) ■ However, if your debit card number is stolen, your losses could be much greater. Unless you notice and report the theft within the first two days, you could permanently lose the first $500 stolen from your account. After 60 days, you may be liable for the entire amount. Fair Credit Billing Act (FCBA)
You’re At Risk!
2015 Identity Theft Federal Trade Commission (FTC) ■ 47% increase in identity theft during 2015. ■ Tax or wage related identity theft was responsible for a significant portion of the increase, and according to the FTC, was “the largest and fastest growing identity theft category. ■ IRS Data Breach – May 2015. Thieves accessed 334,000 tax accounts through the IRS "Get Transcript" application, a program to acquire information about your tax returns.
What thieves do once they still your info
Federal Law Identity Theft and Assumption Deterrence Act 1998 ■ Provides penalties up to 15 years imprisonment. ■ Maximum fine of $250,000
Consumer Protection Laws Fair Credit Reporting Act (FCRA) ■ Designed to protect consumers from the willful and/or negligent inclusion of inaccurate information in their credit reports. ■ FCRA regulates the collection, dissemination, and use of consumer information, including consumer credit information. Fair and Accurate Credit Transactions Act (FACT) ■ Act allows consumers to request and obtain a free credit report once every twelve months from each of the three nationwide consumer credit reporting companies (Equifax, Experian and TransUnion)
Child ID Theft
Child ID Theft • The rate of identity theft for children was 35 times higher than the rate for adults in the same population. • 10.2% of children have had their Social Security numbers stolen • Child IDs were used to purchase homes and automobiles, open credit card accounts, secure employment and obtain driver’s licenses. • Children are easy targets. Their identities are often a blank slate. • The probability of discovery is low. Parents typically don’t monitor a child’s identity and the crime can go undiscovered for many years. • The potential impact on a child’s future is profound. A stolen identity can destroy or damage a child’s ability to get a student loan, acquire a mobile phone, obtain a job, secure a place to live, and more.
Child ID Theft
Child ID Theft
Medical ID Theft - Definition ■ The fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and medical insurance identity number to obtain medical goods or services, or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity.
Medical ID Theft Statistics ■ Rapidly growing; impacts almost 6% of Americans. ■ About 2 million Americans fall victim to medical ID theft every year ■ 31% say they allow family members to use their IDs to get medical services (aka familial fraud) • 45% of medical ID theft victims end up paying their health-care provider or insurer for charges incurred by the thieves ■ 50% of victims say they know the person who victimized them
Signs of Medical ID Theft ■ Explanation of Benefits (EOB) statement, Medicare Summary Notice, or bill for medical services you didn’t receive • Check the name of the provider, the date of service, and the service provided ■ Call from a debt collector about a medical debt you don’t owe ■ Medical collection notices on your credit report that you don’t recognize ■ Notice from your health plan saying you reached your benefit limit ■ Denial of insurance because your medical records show a condition you don’t have ■ Numerous errors in your medical records
How to Resolve Medical ID Theft ■ Get copies of your medical records and check them for errors  Contact each doctor, clinic, hospital, pharmacy, laboratory, health plan, and location where a thief may have used your information  If a thief got a prescription in your name, ask for records from the health care provider who wrote the prescription and the pharmacy that filled it ■ Ask each of your health plans and medical providers for a copy of the “accounting of disclosures” for your medical records – a record of who got copies of your records from the provider  The accounting shows who has copies of your mistaken records and whom you need to contact
Elderly ID Theft Statistics ■ Older people make appealing financial targets because they typically have higher credit lines, greater home equity and more financial resources than younger populations. ■ The mature market (50 years and older) represents 36 percent of all ID Theft victims making it the single largest demographic of ID Theft victims.
Who’s Tracking You? Tracking Cookies ■ Data that is distributed and shared across two or more unrelated Web sites for the purpose of gathering information to present customized data to you. ■ Not harmful like malware, worms, or viruses, but can be a privacy concern. Example, if you go to a Web site that hosts online advertising from a third- party vendor, the third-party vendor can place a cookie on your computer. ■ An advertising company can determine indirectly all the sites you have been to if they have cookies present on those sites.
■ Because browser-based cookies are easy to detect and delete, some advertisers are now using “flash- based” cookies which are not stored on your computer like browser-based cookies. ■ Result, they are harder to find and delete. Banks and online finance sites store flash cookies on their users' computers to authenticate account owners and prevent fraud since fraudsters would merely have a user's login and password but no access to the user's computer. ■ Acts as a second level of authentication in addition to the user's login and password. Who’s Tracking You? Flash cookies: a cause for concern?
■ Most social networking tracking occurs through Javascript social buttons like “Like” and “Tweet” buttons. ■ Connections are made to entirely different companies than the website you’re actually visiting. ■ More than a quarter–26.3%–of what your browser does when you load a website is respond to requests for your personal information, leaving the remaining 73.7% for things you want your browser doing, like loading videos, articles, and photos. Who’s Tracking You? Social networking tracking
Who’s Tracking You? Web beacon -- a 1-pixel image ■ Web beacons are tiny image files invisible to users and are used to transmits information to advertisers. Commonly used in emails. ■ Tracking can get information as detailed as where your mouse has been on a page to your sexual orientation. ■ WSJ examined 1,000 top websites and found that approximately 75 percent of them featured social networking code that can match users’ online identities with their web-browsing activities, and nearly 25% of the web’s 70 most popular sites shared personal data, like name and email address, with third-party companies.
Steps to Prevent Identity Theft ■ Memorize PINs and passwords ■ Beware of promotions that request sensitive information ■ Question how SSN or other sensitive data will be used if it is requested by legitimate sources ■ Shred pre-approved credit offers, receipts, bills, other records that have SSN ■ Do not provide CC#, SSN, etc. out over email ■ Do not click on links in unsolicited emails
Steps to Prevent Identity Theft ■ Don’t carry your SSN card with you ■ Request a drivers license number ■ Only carry what you use ■ Photo copy all cards in your wallet ■ Select hard to guess PINs and passwords ■ Don’t leave mail sitting in an unprotected box ■ Don’t give out private information over the phone ■ Order your credit reports ■ Use caution when providing ANY sensitive information
Steps to Prevent Identity Theft ■ Use the post office mailboxes ■ Keep an eye out for bills or statements that aren’t received in a timely manner ■ Sign the backs of all credit cards (or write “Check ID”) ■ Do not loan out your cards to anyone ■ Report lost/stolen cards immediately ■ Keep a copy of both sides of your cards in a safe place
Steps to Prevent Identity Theft ■ Check for the “padlock” and/or “https” when purchasing online ■ Opt out of pre-approved credit card offers ■ Opt out of junk mail ■ Shred all pre-approved credit card offers ■ Watch out for calls or letters about purchases that you didn’t make
Safeguard your computer ■ Use a firewall ■ Use anti-virus software AND keep it updated ■ Use wireless encryption ■ Do NOT give out your NetID/password under ANY circumstances ■ Lock your computer when you are away from your desk ■ Don’t open files from unknown sources ■ Use complex passwords ■ Erase computer hard drive before disposing of computers and destroy peripheral storage devices before disposal
Credit Freeze ■ Prevents lenders and others from accessing your credit report ■ Good news – Identity thieves will be unable to establish credit in your name ■ Bad news – so will you ■ Will also affect background checks and most requests for insurance
Preventing Identity Theft ID Theft prevention tips when traveling
What to Do After Identity Theft Place an Initial Fraud Alert • Contact 1 of the credit reporting companies. • Report that you are an identity theft victim. • Ask the company to put a fraud alert on your credit file. • Confirm that the company you call will contact the other 2 companies. Placing a fraud alert is free. The initial fraud alert stays on your credit report for 90 days. Be sure the credit reporting companies have your current contact information so they can get in touch with you. Order Your Free Credit Reports • Contact each of the 3 nationwide credit reporting companies. • Explain that you placed an initial fraud alert. • Order your free copy of your credit report. Ask each company to show only the last 4 digits of your Social Security number on your report. Credit Reporting Companies Exquifax 1-800-525-6285 Experian 1-888-397-3742 TransUnion 1-800-680-7289 (http://www.consumer.ftc.gov/articles/0274- immediate-steps-repair-identity-theft)
IdentityTheft.Gov ■ Simplified step-by-step checklist tailored to the specific type of identity theft consumers are facing. ■ Advice is customized for individual needs. ■ The site will automatically generate affidavits and pre- fill letters and forms to be sent to credit bureaus, businesses, police, debt collectors and the IRS. Should a consumer’s recovery run into issues, the site will suggest alternative approaches. ■ Once a consumer completes their initial report on the site, they will receive follow up e-mails and can return to their personalized plan online to continue the recovery process.
IdentityTheft.Gov
45 ID Theft Recovery Practices ■ Review statements ■ Promptly contact financial institution(s) to note errors/discrepancies ■ Close or cancel accounts ■ Stop payments on outstanding checks ■ Establish new account numbers and passwords ■ Get a copy of the police report ■ Notify postal service if mail was involved ■ Notify Social Security Administration if SSN was used ■ Notify DMV if driver’s license number was use
46 ID Theft Recovery-Recordkeeping ■ Keep records/notes/copies of all contact information - names - dates - follow up notes ■ Maintain copies of all documentation
Identity Theft Recovery Services Third party services offered to help victims of ID fraud reclaim their identity. • Fraud Alert Reminders - The company will remind you when the fraud alert on your account is about to expire so you can renew it. • Fraud Specialist - The company provides access to fraud specialists to help you manage your fraud case. • Identity Theft Insurance - The company offers insurance to reimburse you for costs related to restoring your identity. • Lost Wallet Protection - The company offers assistance with canceling and replacing lost or stolen debit/credit cards. http://www.reviews.com/identity-theft-protection-services/ LifeLock | AllClear ID | Identity Force | ID Patrol | Trusted ID | ID WatchDog
Password Insecurity The 25 most popular passwords 2013 1. 123456 11. 123123 21. password1 2. password 12. admin 22. princess 3. 12345678 13. 1234567890 23. azerty 4. qwerty 14. letmein 24. trustno1 5. abc123 15. photoshop 25. 00000 6. 123456789 16. 1234 7. 111111 17. monkey 8. 1234567 18. shadow 9. iloveyou 19. sunshine 10. adobe123 20. 12345
The Future and Identity Theft
Mobile Payments ID Theft Concerns
Questions & Answers Reproducedbypermission.Pleasesee www.SecurityCartoon.comformore material
Questions & Answers

Recommended

Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid It
hewie
 
How to Protect Yourself From Identity Theft
How to Protect Yourself From Identity TheftHow to Protect Yourself From Identity Theft
How to Protect Yourself From Identity Theft
Experian_US
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
Angela Lawson
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
charlesgarrett
 
Identity Theft: How to Reduce Your Risk
Identity Theft: How to Reduce Your RiskIdentity Theft: How to Reduce Your Risk
Identity Theft: How to Reduce Your Risk
milfamln
 
Consumer Protection: Identity Theft
Consumer Protection: Identity TheftConsumer Protection: Identity Theft
Consumer Protection: Identity Theft
vcrisafulli
 
Social networking and identity theft
Social networking and identity theft Social networking and identity theft
Social networking and identity theft
carlgiardina
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
efandeye
 

Recommended

Identity Theft: How to Avoid It
Identity Theft: How to Avoid ItIdentity Theft: How to Avoid It
Identity Theft: How to Avoid It
hewie
 
How to Protect Yourself From Identity Theft
How to Protect Yourself From Identity TheftHow to Protect Yourself From Identity Theft
How to Protect Yourself From Identity Theft
Experian_US
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
Angela Lawson
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
charlesgarrett
 
Identity Theft: How to Reduce Your Risk
Identity Theft: How to Reduce Your RiskIdentity Theft: How to Reduce Your Risk
Identity Theft: How to Reduce Your Risk
milfamln
 
Consumer Protection: Identity Theft
Consumer Protection: Identity TheftConsumer Protection: Identity Theft
Consumer Protection: Identity Theft
vcrisafulli
 
Social networking and identity theft
Social networking and identity theft Social networking and identity theft
Social networking and identity theft
carlgiardina
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
efandeye
 
Identity theft
Identity theftIdentity theft
Identity theft
Eqhball Ghazizadeh
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
robinlgray
 
Identity Theft It's Devasting Impact
Identity Theft It's Devasting ImpactIdentity Theft It's Devasting Impact
Identity Theft It's Devasting Impact
Rob Taylor
 
Identity Theft Consumer Seminar
Identity Theft Consumer SeminarIdentity Theft Consumer Seminar
Identity Theft Consumer Seminar
ronwolfinger
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
Cut 2 Shreds
 
Identity Theft: The Other You
Identity Theft: The Other YouIdentity Theft: The Other You
Identity Theft: The Other You
- Mark - Fullbright
 
Id Theft Presentation
Id Theft PresentationId Theft Presentation
Id Theft Presentation
Lisa Sosebee
 
Identity theft
Identity theftIdentity theft
Identity theft
Ashley Arkfeld
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
hewie
 
Teen Identity Theft Presentation - Family Online Safety Institue
Teen Identity Theft Presentation - Family Online Safety InstitueTeen Identity Theft Presentation - Family Online Safety Institue
Teen Identity Theft Presentation - Family Online Safety Institue
MindMake - Parenting & Education
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
Randall Chesnutt
 
How to Prevent Identity Theft and Fraud
How to Prevent Identity Theft and FraudHow to Prevent Identity Theft and Fraud
How to Prevent Identity Theft and Fraud
English Online Inc.
 
Child Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business SolutionsChild Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business Solutions
legalshieldofficial
 
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERSPREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
- Mark - Fullbright
 
What You Need to Know to Avoid Identity Theft
What You Need to Know to Avoid Identity TheftWhat You Need to Know to Avoid Identity Theft
What You Need to Know to Avoid Identity Theft
- Mark - Fullbright
 
Cyber Crime Identity Theft
Cyber Crime Identity Theft Cyber Crime Identity Theft
Cyber Crime Identity Theft
Rahmat Inggi
 
Data theft
Data theftData theft
Data theft
Laura
 
Common Consumer Frauds & How to Avoid Them
Common Consumer Frauds & How to Avoid ThemCommon Consumer Frauds & How to Avoid Them
Common Consumer Frauds & How to Avoid Them
milfamln
 
e-Fraud ppt
e-Fraud ppte-Fraud ppt
e-Fraud ppt
jasonsirmon
 
Identity Theft - Canada
Identity Theft - CanadaIdentity Theft - Canada
Identity Theft - Canada
- Mark - Fullbright
 
Calidad en el servicio
Calidad en el servicioCalidad en el servicio
Calidad en el servicio
VIANEY DOMINGUEZ
 
Proceso comunicativo
Proceso comunicativo Proceso comunicativo
Proceso comunicativo
Jose Luis Mora Santos
 

More Related Content

What's hot

Identity Theft Consumer Seminar
Identity Theft Consumer SeminarIdentity Theft Consumer Seminar
Identity Theft Consumer Seminar
ronwolfinger
 
Id Theft Presentation
Id Theft PresentationId Theft Presentation
Id Theft Presentation
Lisa Sosebee
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
Randall Chesnutt
 
Data theft
Data theftData theft
Data theft
Laura
 

What's hot (20)

Identity theft
Identity theftIdentity theft
Identity theft
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 
Identity Theft It's Devasting Impact
Identity Theft It's Devasting ImpactIdentity Theft It's Devasting Impact
Identity Theft It's Devasting Impact
 
Identity Theft Consumer Seminar
Identity Theft Consumer SeminarIdentity Theft Consumer Seminar
Identity Theft Consumer Seminar
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
 
Identity Theft: The Other You
Identity Theft: The Other YouIdentity Theft: The Other You
Identity Theft: The Other You
 
Id Theft Presentation
Id Theft PresentationId Theft Presentation
Id Theft Presentation
 
Identity theft
Identity theftIdentity theft
Identity theft
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
 
Teen Identity Theft Presentation - Family Online Safety Institue
Teen Identity Theft Presentation - Family Online Safety InstitueTeen Identity Theft Presentation - Family Online Safety Institue
Teen Identity Theft Presentation - Family Online Safety Institue
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
How to Prevent Identity Theft and Fraud
How to Prevent Identity Theft and FraudHow to Prevent Identity Theft and Fraud
How to Prevent Identity Theft and Fraud
 
Child Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business SolutionsChild Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business Solutions
 
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERSPREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS
 
What You Need to Know to Avoid Identity Theft
What You Need to Know to Avoid Identity TheftWhat You Need to Know to Avoid Identity Theft
What You Need to Know to Avoid Identity Theft
 
Cyber Crime Identity Theft
Cyber Crime Identity Theft Cyber Crime Identity Theft
Cyber Crime Identity Theft
 
Data theft
Data theftData theft
Data theft
 
Common Consumer Frauds & How to Avoid Them
Common Consumer Frauds & How to Avoid ThemCommon Consumer Frauds & How to Avoid Them
Common Consumer Frauds & How to Avoid Them
 
e-Fraud ppt
e-Fraud ppte-Fraud ppt
e-Fraud ppt
 
Identity Theft - Canada
Identity Theft - CanadaIdentity Theft - Canada
Identity Theft - Canada
 

Viewers also liked

Viewers also liked (9)

Calidad en el servicio
Calidad en el servicioCalidad en el servicio
Calidad en el servicio
 
Proceso comunicativo
Proceso comunicativo Proceso comunicativo
Proceso comunicativo
 
интернет
интернетинтернет
интернет
 
Q1 as
Q1 asQ1 as
Q1 as
 
Weekly Update 4
Weekly Update 4Weekly Update 4
Weekly Update 4
 
Psychoanalytical theory by Shikha Arya
Psychoanalytical theory by Shikha AryaPsychoanalytical theory by Shikha Arya
Psychoanalytical theory by Shikha Arya
 
Презентація (Привалова)
Презентація (Привалова)Презентація (Привалова)
Презентація (Привалова)
 
Module 7 Erikson's psycho social theory of development
Module 7 Erikson's psycho social theory of developmentModule 7 Erikson's psycho social theory of development
Module 7 Erikson's psycho social theory of development
 
Buttery Semi-Hard Cheese - CHOOZIT® Classic 800 Series | Sample card
Buttery Semi-Hard Cheese - CHOOZIT® Classic 800 Series | Sample cardButtery Semi-Hard Cheese - CHOOZIT® Classic 800 Series | Sample card
Buttery Semi-Hard Cheese - CHOOZIT® Classic 800 Series | Sample card
 

Similar to ASIS Phoenix February Presentation

Hr Idt Presentation Employee Version
Hr Idt Presentation Employee VersionHr Idt Presentation Employee Version
Hr Idt Presentation Employee Version
danc752
 
Id theft-phishing-research
Id theft-phishing-researchId theft-phishing-research
Id theft-phishing-research
Justin Saunders
 
FHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking FraudFHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking Fraud
tomciolkosz
 

Similar to ASIS Phoenix February Presentation (20)

Identity Theft It's Devasting Impact
Identity Theft It's Devasting ImpactIdentity Theft It's Devasting Impact
Identity Theft It's Devasting Impact
 
Identity Theft and You
Identity Theft and YouIdentity Theft and You
Identity Theft and You
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
 
Identity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing BlogIdentity Privacy 101 - Quicken Loans Zing Blog
Identity Privacy 101 - Quicken Loans Zing Blog
 
Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age
 
Hr Idt Presentation Employee Version
Hr Idt Presentation Employee VersionHr Idt Presentation Employee Version
Hr Idt Presentation Employee Version
 
Identity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - BasicsIdentity Theft Awareness 101 - Basics
Identity Theft Awareness 101 - Basics
 
Risk Managers Presentation
Risk Managers PresentationRisk Managers Presentation
Risk Managers Presentation
 
Id theft-phishing-research
Id theft-phishing-researchId theft-phishing-research
Id theft-phishing-research
 
FHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking FraudFHRBOC Preventing NFP Banking Fraud
FHRBOC Preventing NFP Banking Fraud
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
 
Senior Audience Presentation
Senior Audience PresentationSenior Audience Presentation
Senior Audience Presentation
 
Ppl World Atl June 2007 Training
Ppl World Atl June 2007 TrainingPpl World Atl June 2007 Training
Ppl World Atl June 2007 Training
 
Taking Charge: What to Do If Your Identity Is Stolen
Taking Charge: What to Do If Your Identity Is StolenTaking Charge: What to Do If Your Identity Is Stolen
Taking Charge: What to Do If Your Identity Is Stolen
 
Youth Protection Guide - Canada
Youth Protection Guide - CanadaYouth Protection Guide - Canada
Youth Protection Guide - Canada
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
Identity Theft.pptx
Identity Theft.pptxIdentity Theft.pptx
Identity Theft.pptx
 
Guarding Vanderbilt information
Guarding Vanderbilt informationGuarding Vanderbilt information
Guarding Vanderbilt information
 
H -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringH -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroring
 
Protecting Vanderbilt Information
Protecting Vanderbilt InformationProtecting Vanderbilt Information
Protecting Vanderbilt Information
 

Recently uploaded

State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
RedSeer
 
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 

Recently uploaded (20)

sales plan presentation by mckinsey alum
sales plan presentation by mckinsey alumsales plan presentation by mckinsey alum
sales plan presentation by mckinsey alum
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case StudyTransforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
 
India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your Computer
 
HR and Employment law update: May 2024.
HR and Employment law update: May 2024.HR and Employment law update: May 2024.
HR and Employment law update: May 2024.
 
Evolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdfEvolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdf
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptx
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
 
Hyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings releaseHyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings release
 
Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.Team-Spandex-Northern University-CS1035.
Team-Spandex-Northern University-CS1035.
 
USA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdfUSA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdf
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
 

ASIS Phoenix February Presentation

  • 1. Protecting Your Identity in the Information Tracking Age What to Know | What to Do INFORMATION SECURITY &PRIVACY OFFICE Randell C. Smith, Jr. CISM, CISSP, PMP Chief Information Security Officer | Chief Privacy Officer City of Phoenix
  • 2. City of Phoenix 1. Things You Need To Know (Likelihood, Impact, Consequences) 2. Things You Need to Do (Before ID Theft) 3. Things You Need to Do (After ID Theft) 4. Questions & Answers
  • 3. City of Phoenix The sky is not falling…it’s just a little closer! Charles Thompson, former CIO, City of Phoenix.
  • 4. City of Phoenix  9 years with City of Phoenix  Serving as CISO and CPO  30 years with U.S. Navy (Retired Captain)  Naval Cryptologist  Worked directly for Naval Security Group Command and National Security Agency  Hold multiple industry certifications Background
  • 5. What is Identity Theft? ■ Identity theft happens when someone accesses essential elements of a person’s identifying information in order to commit theft. ■ This information may include name, social security number, date of birth and mother’s maiden name. Source: Citi Identity Theft Solutions
  • 6. Has anyone here been a victim?
  • 7. City of Phoenix Consequences of Identity Theft
  • 8. City of Phoenix Partial map of the Internet based on the January 15, 2015 data found on opte.org. Each line is drawn between two nodes, representing two IP addresses. Why be Concerned? Your Data is Everywhere
  • 9. City of Phoenix Cyber Security Facts • 230,000 malware variants created everyday. (84 million created in 2015) • Signature based technology used in AV software, IPS devices, and Web gateways is ineffective due to polymorphic malware changing constantly. • Drive-by downloads have become the top web threat (Water Hole Attacks). • Phishing is the number one attack vector.
  • 10. Recent Large Data Breaches
  • 12. Identity Theft Victim Statistics
  • 13. Identity Theft Victim Statistics (cont.) ■ Identity fraud has grown to include theft of cell and landline phone service; cable and satellite television service; power, water, gas and electric service; Internet payment service; medical insurance; home mortgages and rental housing; automobile, boat and other forms of financing and loans; and, government benefits. ■ Identity thieves will also use stolen identities to obtain employment and to deceive police when arrested.
  • 14. Who's at risk of identity theft? ■ ANSWER – Everyone ■ 12% of Americans age 18 or older have been subject to identity theft in just the past 12 months. ■ Over half (52%) of Americans do not check their free credit report annually. ■ Just 14% of Americans say they subscribe to identity theft protection services such as Lifelock, Identity Guard, or LegalShield. ■ Just 17% of Americans check their credit regularly with one of the credit bureaus.
  • 15. Who's at risk of identity theft? ■ Overall costs of identity theft to the American economy is estimated to reach $100 billion annually. ■ In 2012, more than 15 million reports were made of fraudulent use of a credit card or bank account, compared with only about a million reports of fraudulent use of personal information to open a new account, and a million reports of fraudulent use of personal information for some other purpose. ■ Most victims find out about identity theft when their bank or credit card issuer contacts them to inquire about suspicious activity on the account. At this point, extensive damage may already be done.
  • 16. Legal Liability – Credit Card vs. Debit Card ■ If someone steals your actual credit card, your liability is generally limited to $50 ($0 if you report the loss before any fraudulent activity occurs). And the likelihood that you’ll even pay the $50 is minimal because most credit card issuers offer zero liability protections on fraudulent charges. Electronic Fund Transfer Act (EFTA) ■ However, if your debit card number is stolen, your losses could be much greater. Unless you notice and report the theft within the first two days, you could permanently lose the first $500 stolen from your account. After 60 days, you may be liable for the entire amount. Fair Credit Billing Act (FCBA)
  • 18. 2015 Identity Theft Federal Trade Commission (FTC) ■ 47% increase in identity theft during 2015. ■ Tax or wage related identity theft was responsible for a significant portion of the increase, and according to the FTC, was “the largest and fastest growing identity theft category. ■ IRS Data Breach – May 2015. Thieves accessed 334,000 tax accounts through the IRS "Get Transcript" application, a program to acquire information about your tax returns.
  • 19. What thieves do once they still your info
  • 20. Federal Law Identity Theft and Assumption Deterrence Act 1998 ■ Provides penalties up to 15 years imprisonment. ■ Maximum fine of $250,000
  • 21. Consumer Protection Laws Fair Credit Reporting Act (FCRA) ■ Designed to protect consumers from the willful and/or negligent inclusion of inaccurate information in their credit reports. ■ FCRA regulates the collection, dissemination, and use of consumer information, including consumer credit information. Fair and Accurate Credit Transactions Act (FACT) ■ Act allows consumers to request and obtain a free credit report once every twelve months from each of the three nationwide consumer credit reporting companies (Equifax, Experian and TransUnion)
  • 23. Child ID Theft • The rate of identity theft for children was 35 times higher than the rate for adults in the same population. • 10.2% of children have had their Social Security numbers stolen • Child IDs were used to purchase homes and automobiles, open credit card accounts, secure employment and obtain driver’s licenses. • Children are easy targets. Their identities are often a blank slate. • The probability of discovery is low. Parents typically don’t monitor a child’s identity and the crime can go undiscovered for many years. • The potential impact on a child’s future is profound. A stolen identity can destroy or damage a child’s ability to get a student loan, acquire a mobile phone, obtain a job, secure a place to live, and more.
  • 26. Medical ID Theft - Definition ■ The fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and medical insurance identity number to obtain medical goods or services, or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity.
  • 27. Medical ID Theft Statistics ■ Rapidly growing; impacts almost 6% of Americans. ■ About 2 million Americans fall victim to medical ID theft every year ■ 31% say they allow family members to use their IDs to get medical services (aka familial fraud) • 45% of medical ID theft victims end up paying their health-care provider or insurer for charges incurred by the thieves ■ 50% of victims say they know the person who victimized them
  • 28. Signs of Medical ID Theft ■ Explanation of Benefits (EOB) statement, Medicare Summary Notice, or bill for medical services you didn’t receive • Check the name of the provider, the date of service, and the service provided ■ Call from a debt collector about a medical debt you don’t owe ■ Medical collection notices on your credit report that you don’t recognize ■ Notice from your health plan saying you reached your benefit limit ■ Denial of insurance because your medical records show a condition you don’t have ■ Numerous errors in your medical records
  • 29. How to Resolve Medical ID Theft ■ Get copies of your medical records and check them for errors  Contact each doctor, clinic, hospital, pharmacy, laboratory, health plan, and location where a thief may have used your information  If a thief got a prescription in your name, ask for records from the health care provider who wrote the prescription and the pharmacy that filled it ■ Ask each of your health plans and medical providers for a copy of the “accounting of disclosures” for your medical records – a record of who got copies of your records from the provider  The accounting shows who has copies of your mistaken records and whom you need to contact
  • 30. Elderly ID Theft Statistics ■ Older people make appealing financial targets because they typically have higher credit lines, greater home equity and more financial resources than younger populations. ■ The mature market (50 years and older) represents 36 percent of all ID Theft victims making it the single largest demographic of ID Theft victims.
  • 31. Who’s Tracking You? Tracking Cookies ■ Data that is distributed and shared across two or more unrelated Web sites for the purpose of gathering information to present customized data to you. ■ Not harmful like malware, worms, or viruses, but can be a privacy concern. Example, if you go to a Web site that hosts online advertising from a third- party vendor, the third-party vendor can place a cookie on your computer. ■ An advertising company can determine indirectly all the sites you have been to if they have cookies present on those sites.
  • 32. ■ Because browser-based cookies are easy to detect and delete, some advertisers are now using “flash- based” cookies which are not stored on your computer like browser-based cookies. ■ Result, they are harder to find and delete. Banks and online finance sites store flash cookies on their users' computers to authenticate account owners and prevent fraud since fraudsters would merely have a user's login and password but no access to the user's computer. ■ Acts as a second level of authentication in addition to the user's login and password. Who’s Tracking You? Flash cookies: a cause for concern?
  • 33. ■ Most social networking tracking occurs through Javascript social buttons like “Like” and “Tweet” buttons. ■ Connections are made to entirely different companies than the website you’re actually visiting. ■ More than a quarter–26.3%–of what your browser does when you load a website is respond to requests for your personal information, leaving the remaining 73.7% for things you want your browser doing, like loading videos, articles, and photos. Who’s Tracking You? Social networking tracking
  • 34. Who’s Tracking You? Web beacon -- a 1-pixel image ■ Web beacons are tiny image files invisible to users and are used to transmits information to advertisers. Commonly used in emails. ■ Tracking can get information as detailed as where your mouse has been on a page to your sexual orientation. ■ WSJ examined 1,000 top websites and found that approximately 75 percent of them featured social networking code that can match users’ online identities with their web-browsing activities, and nearly 25% of the web’s 70 most popular sites shared personal data, like name and email address, with third-party companies.
  • 35. Steps to Prevent Identity Theft ■ Memorize PINs and passwords ■ Beware of promotions that request sensitive information ■ Question how SSN or other sensitive data will be used if it is requested by legitimate sources ■ Shred pre-approved credit offers, receipts, bills, other records that have SSN ■ Do not provide CC#, SSN, etc. out over email ■ Do not click on links in unsolicited emails
  • 36. Steps to Prevent Identity Theft ■ Don’t carry your SSN card with you ■ Request a drivers license number ■ Only carry what you use ■ Photo copy all cards in your wallet ■ Select hard to guess PINs and passwords ■ Don’t leave mail sitting in an unprotected box ■ Don’t give out private information over the phone ■ Order your credit reports ■ Use caution when providing ANY sensitive information
  • 37. Steps to Prevent Identity Theft ■ Use the post office mailboxes ■ Keep an eye out for bills or statements that aren’t received in a timely manner ■ Sign the backs of all credit cards (or write “Check ID”) ■ Do not loan out your cards to anyone ■ Report lost/stolen cards immediately ■ Keep a copy of both sides of your cards in a safe place
  • 38. Steps to Prevent Identity Theft ■ Check for the “padlock” and/or “https” when purchasing online ■ Opt out of pre-approved credit card offers ■ Opt out of junk mail ■ Shred all pre-approved credit card offers ■ Watch out for calls or letters about purchases that you didn’t make
  • 39. Safeguard your computer ■ Use a firewall ■ Use anti-virus software AND keep it updated ■ Use wireless encryption ■ Do NOT give out your NetID/password under ANY circumstances ■ Lock your computer when you are away from your desk ■ Don’t open files from unknown sources ■ Use complex passwords ■ Erase computer hard drive before disposing of computers and destroy peripheral storage devices before disposal
  • 40. Credit Freeze ■ Prevents lenders and others from accessing your credit report ■ Good news – Identity thieves will be unable to establish credit in your name ■ Bad news – so will you ■ Will also affect background checks and most requests for insurance
  • 41. Preventing Identity Theft ID Theft prevention tips when traveling
  • 42. What to Do After Identity Theft Place an Initial Fraud Alert • Contact 1 of the credit reporting companies. • Report that you are an identity theft victim. • Ask the company to put a fraud alert on your credit file. • Confirm that the company you call will contact the other 2 companies. Placing a fraud alert is free. The initial fraud alert stays on your credit report for 90 days. Be sure the credit reporting companies have your current contact information so they can get in touch with you. Order Your Free Credit Reports • Contact each of the 3 nationwide credit reporting companies. • Explain that you placed an initial fraud alert. • Order your free copy of your credit report. Ask each company to show only the last 4 digits of your Social Security number on your report. Credit Reporting Companies Exquifax 1-800-525-6285 Experian 1-888-397-3742 TransUnion 1-800-680-7289 (http://www.consumer.ftc.gov/articles/0274- immediate-steps-repair-identity-theft)
  • 43. IdentityTheft.Gov ■ Simplified step-by-step checklist tailored to the specific type of identity theft consumers are facing. ■ Advice is customized for individual needs. ■ The site will automatically generate affidavits and pre- fill letters and forms to be sent to credit bureaus, businesses, police, debt collectors and the IRS. Should a consumer’s recovery run into issues, the site will suggest alternative approaches. ■ Once a consumer completes their initial report on the site, they will receive follow up e-mails and can return to their personalized plan online to continue the recovery process.
  • 45. 45 ID Theft Recovery Practices ■ Review statements ■ Promptly contact financial institution(s) to note errors/discrepancies ■ Close or cancel accounts ■ Stop payments on outstanding checks ■ Establish new account numbers and passwords ■ Get a copy of the police report ■ Notify postal service if mail was involved ■ Notify Social Security Administration if SSN was used ■ Notify DMV if driver’s license number was use
  • 46. 46 ID Theft Recovery-Recordkeeping ■ Keep records/notes/copies of all contact information - names - dates - follow up notes ■ Maintain copies of all documentation
  • 47. Identity Theft Recovery Services Third party services offered to help victims of ID fraud reclaim their identity. • Fraud Alert Reminders - The company will remind you when the fraud alert on your account is about to expire so you can renew it. • Fraud Specialist - The company provides access to fraud specialists to help you manage your fraud case. • Identity Theft Insurance - The company offers insurance to reimburse you for costs related to restoring your identity. • Lost Wallet Protection - The company offers assistance with canceling and replacing lost or stolen debit/credit cards. http://www.reviews.com/identity-theft-protection-services/ LifeLock | AllClear ID | Identity Force | ID Patrol | Trusted ID | ID WatchDog
  • 48. Password Insecurity The 25 most popular passwords 2013 1. 123456 11. 123123 21. password1 2. password 12. admin 22. princess 3. 12345678 13. 1234567890 23. azerty 4. qwerty 14. letmein 24. trustno1 5. abc123 15. photoshop 25. 00000 6. 123456789 16. 1234 7. 111111 17. monkey 8. 1234567 18. shadow 9. iloveyou 19. sunshine 10. adobe123 20. 12345
  • 49. The Future and Identity Theft
  • 50. Mobile Payments ID Theft Concerns