Kadner: Stealing your money in cyberspace
By Phil Kadner firstname.lastname@example.org February 5, 2014 9:10PM
Updated: March 7, 2014 1:35PM
If stick-up men were stealing
$20 billion a year from people on the streets, there would be large public demonstrations demanding government action.
But when that same amount of money gets stolen via cybertheft, well, it’s just business as usual in America.
Illinois Attorney General Lisa Madigan on Wednesday asked a congressional panel to create an agency similar to the National Transportation Safety Board to conduct investigations of cybertheft.
Some skeptical members of the House Subcommittee on Commerce, Manufacturing and Trade suggested that consumers would be better served paying for their own identify theft protection. The implication is that creating a new government bureaucracy would be a waste of money.
The primary reason for the congressional hearings is that retailers such as Target, Neiman Marcus and Michaels have seen their computer systems hacked in recent months. Millions of their customers are at risk of having their identities stolen.
William Noonan, the deputy special agent-in-charge of criminal investigations of cybercrime for the Secret Service, testified that the hackers who stole data from Target were “highly technical and sophisticated.”
He referred to it as an organized team of criminals, similar to the group in the movie “Ocean’s Eleven,” located in a foreign country, with each team member having expertise in a specific area needed to successfully carry out the crime.
That’s apparently much different from the ordinary cybercrime on American businesses that simply neglect to install updated software on their computer systems and frequently collect unnecessary personal data on their customers.
“In 2012 alone, $21 billion was lost to identity theft,” Madigan said in a prepared statement. “The fraud takes a variety of forms. Identity theft most commonly affects consumers’ financial accounts.”
But she added that identity thieves also open fake utility accounts and sometimes obtain prescription drugs and medical treatments using others’ identities.
Criminals have also received government benefits using compromised consumer data, and they often target children because of their clean credit history. Since 2010, Madigan stated, her office has assisted nearly 350 minors who have been victims of identity theft.
And that’s when Madigan got to a point that doesn’t seem to impress the members of Congress and even many law enforcement agencies.
“Victims of identity theft can spend months contacting banks, credit card companies, credit reporting agencies, public utility companies and police to report instances of fraud and to restore their credit,” she said. “These victims can also be prevented from fully participating in our economy, meaning their entire lives can be put on hold.
“An identity theft can prevent a consumer from purchasing a home or financing a place to rent. All this can happen because a consumer shared sensitive data with a business, a hospital or the government.”
It struck me, watching their faces, that the members of the House subcommittee really don’t understand what happens when someone’s identity is stolen.
If a person receives a notice that someone is using his Social Security number to apply for credit cards, the first thing a consumer is told is to notify the three main credit bureaus — Equifax, Experian and Trans Union.
You can spend 30 minutes or more on hold waiting for a person to answer the phone at these agencies. And what’s the first question they ask? “What’s your Social Security number?”
You’ve just had your identity stolen, and now they want you to give out that key piece of identifying information to a complete stranger over the phone.
You will also be told to make out a police report, and at the local police station an officer will likely tell you, “we get hundreds of these reports every month. Chances are we’re never going to catch the culprit or find out how it happened.”
As Madigan told the subcommittee, “The most frustrating aspect of this problem is that data breaches are not new. No one is surprised to hear the latest data breach reported in the news. We have become too accustomed to their occurrence, and it is time for the government and the private sector to take serious, meaningful actions to curb this growing problem.”
There’s apparently no business standard for protecting a customer’s personal financial information. Every business decides for itself what sort of protections it puts in place.
But we all know at the front end of any retail system is a minimum-wage employee who may leave that job after only a few months. And every day people hand over debit and credit cards to someone who has never gone through the sort of background check required of an ordinary bank teller.
There is no indication, according to authorities, that any foreign government was involved in the recent hacking of American business computers. But if a group of private hackers can disrupt U.S. commerce, why wouldn’t a hostile nation do the same?
Terrorists are known primarily for bombings, but you know some of them somewhere have to be plotting an attack in cyberspace. What better way to finance their operations than to steal money from the wallets of American consumers?
Several of the members of the subcommittee said the news media had sensationalized recent cybercrime against large retailers.
If that’s true, the crimes against ordinary Americans have drawn too little media attention.
Those crimes aren’t being carried out by sophisticated criminal organizations or foreign governments but common thieves who realize it’s a lot easier to steal someone’s credit card information than to rob them on the streets these days.
It seems that these sorts of crimes are so common that many law enforcement agencies and even the federal government has given up.
No wonder companies that claim to provide identity theft protection are making money.