Security

Identity Theft Council: A resource for identity-theft victims

Last year, criminals stole identities from more than 11 million people. To get some perspective, that's more than the number of reported burglaries in the United States.

Identity-theft can occur even if you do everything right. It's not your fault if a criminal gains access to a loan company's database, stealing thousands of identities and one just happens to be yours. Or it could be a disgruntled employee that is selling identities on the side. Sadly, the list is endless.

Thankfully, there are organizations dedicated to helping victims of identity theft. I'd like to introduce you to one I found while researching my article about stolen Social Security Numbers. This might be a helpful resource to share with users in your own organization.

Identity Theft Council

Neal O' Farrell started Identity Theft Council (ITC). It's dedicated to helping people recover from identity theft. I first learned about ITC, when reading an article on the Bank Information Security web site written by Tracy Kitten. Ms. Kitten quoted Mr. Farrell several times. One resonated with me. It was about Social Security Numbers:

"We have to find some national way to communicate, particularly when it comes to Social Security numbers. There's no easy way to put a fraud alert on our Social Security number. We need to figure that out."

Ms. Kitten also quoted Karen Lodrick, another member of the ITC team who echoed that sentiment:

"I found out that the banks don't have a network or a way to communicate with each other."

While writing my piece on stolen Social Security Numbers, the lack of proper communication channels was evident. I could sense victims' frustration of not being able contact the right people. Ms. Lodrick, an identity-theft victim herself, knows firsthand:

"They say it's not a physical crime, but the pain of identity theft lingers. We have to remember to always put the victim first."

ITC's mission

I normally avoid mission statements, but ITC's stands out:

  • Provide victims of identity theft with free access to local experts and trained counselors who are volunteering their time to help victims recover from identity theft.
  • Work with local credit unions and banks to encourage their employees to become trained volunteer identity-theft counselors.
  • Partner with law enforcement, providing them with free training and other resources, so they can provide a more positive response to victims.
  • Work with a broad network of local partners, including the financial community, local government, businesses, and schools, to spread the "prevention through education" message.
  • Create local Identity Theft Councils in communities across the country as a single point of response and support.

There are other organizations focused on identity-theft prevention, but ITC is taking a different approach. Rather than just supplying lists of phone numbers and web-site links, Mr. Farrell believes it is vital to have a personal connection with someone who is trained and willing to help.

Between ITC's mission statement and the above quotes, setting up communication channels to help victims achieve resolution appears to be of prime importance.

Let's be proactive

I mentioned earlier that certain types of identity theft are out of our control. That's where organizations like ITC come in. But, we need to remember there are methods like phishing email messages, keyloggers, and malicious web sites that we can do something about.

I already introduced you to Mari Frank's book; The Complete Idiot's Guide to Recovering from Identity Theft. I am on my second read and recommend it. But, the book is focused on how to recover.

To get proactive, I would like to suggest a free online course called Security Awareness in the Workplace. Here is the course description:

"InfraGard Awareness is a free information security awareness course that will help you understand how you can help make your workplace more secure. It will also teach you vital skills to protect yourself and your family from cybercrime and identity theft."

The course consists of 14 separate lessons and if so desired, there is a certificate path for a fee.

Final thoughts

Identity theft is a crime. We need to understand the scams, so we can prevent it when possible. We need to learn how to tell if it's happening to us. Finally, we need to know how to recover what has been stolen.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

11 comments
johnfranks999
johnfranks999

Great article highlighting the need for everyone to have a much higher computer/data security awareness. Check some reinforcing content at the blog, "The Business-Technology Weave" (can Google to it) - it reflects what this article is saying. Also should Google a guest post he has, "Social Networking and the Blended Environment." The majority of breaches are due to human error, therefore awareness and common sense are key, in supporting all necessary best practices. The blog author also has a book we use at work, "I.T. WARS" (you can Google that too). It has a great Security chapter, and others that treat security. Highly recommended. Great stuff.

Michael Kassner
Michael Kassner

The Identity Theft Council is a good resource for help in recovering from ID theft. InfoGard has a free online class that explains how to prevent ID theft. Please check them out.

Michael Kassner
Michael Kassner

Appreciate it. I wish the book would have been in a Kindle version.

TechnoDoc
TechnoDoc

Michael, this is one of the best articles I have read on TechRepublic. Not because it is so long or detailed. Sometimes a brief but timely and cogent article pointing in the right direction and acting as a catalyst is "just right." Unfortunately it will not get the attention it deserves...yet. Thanks for the great references.

rbees
rbees

Michael, Some years ago you had a post about a program where they had developed an optical bar code like key card to use for authentication purposes. I have looked for that post to get the company name but can't seem to find it. Funny how that happens when you clean house. I was thinking that it was askpass or keypass, something like that but can't seem to find it. Do you remember what it is?

AnsuGisalas
AnsuGisalas

Is, that the banks have to talk to each other. The government doesn't talk to a bank, instead they demand that the banks organize themselves. The government will talk to the council of banks. As an added benefit, the banks set up ways of handling certain kinds of problems in unified ways, as they will be held responsible for money lost to online fraud. I don't know of an easy way to flag a social security number with a fraud alert; but then ID theft isn't a big issue here. We have no mail theft, for example. I don't know why this is though. In Denmark all the banks now have the same paper password system, designed in cooperation with the government to a high standard. As far as I can see it's even harder than the one I described earlier, as there is some kind of hashing between the paper password card number (the public key I guess...) and the numbers used to ask for the individual passwords. The numbers are four digits between 0 and 10000, not consequtive, 150 of them on each card. And the actual passwords are six digits long.

Michael Kassner
Michael Kassner

In Europe the banks are responsible. I suspect things would change here if that was the case.

Michael Kassner
Michael Kassner

If you need any info, let me know. I think it is a very viable approach.

Editor's Picks