Home » Identity & Access » Identity Theft

Five Ways to Fight ID Theft

What's more valuable than your own good name? ID theft is the fastest growing white-collar crime in the country. What's a CSO to do?

It's not free, of course. "You have to measure the expense against the loss," Lefler says, looking at how many of your customers have been victimized in the past year versus how much the additional mailings would cost. But identity theft is growing rapidly enough that the scales might have tipped in the past year.

And don't underestimate customer goodwill, either, says Frank, the consumer advocate. Even helping just a few people spot identity theft early on might be worth more than you think. "People do business with people they trust," she says.

4 Phight phishing. At first glance, it seems you can't do a lot if your company is targeted by a phishing scam, in which a phisher spoofs your company's identity in an effort to gather personal information about your customers. (See "Gone Phishing," Page 49.) "It's pretty difficult" to deal with, admits the Anti-Phishing Working Group's Jevans. "You can say, we will never send you e-mail, or do not click on a URL in e-mail, but that makes it difficult to do any kind of e-commerce." What's more, when a bogus website is reported to law enforcement, Jevans says, it takes an average of 160 hours to get it shut down if it is hosted outside the United Stateswhich applies to 40 percent of phishing sites. And by then the damage is done.

In this case, a little education can go a long way. Start by letting customers know that your company won't ever ask them by e-mail to divulge personal information, says Howard Schmidt, former vice chairman of President Bush's Critical Infrastructure Protection Board and CISO of eBay. Common targets such as Amazon, AOL and eBay have set up phishing tutorials on their websites to educate their customers about the scams.

At the same time, make sure employees who correspond with customers don't ask for this kind of information. You'll also need a mechanism for consumers to report the spoofed e-mails to you, and for your company to report the scams to law enforcement. Then, Schmidt says, "it becomes a policy issue."

5 Explore new technical solutions. Schmidt blames the success of such phishing scams on the fact that websites are still using static IDs and passwords for authentication, instead of more sophisticated identity management tools. Schmidt hopes that technical solutions will help strengthen authentication and in the process dramatically reduce identity theft, since thieves won't be able to accomplish so much with so little personal information. "I don't like to make predictions, but I'll be surprised if within the next year, we don't start seeing some commercialization of digital identities as ways to prevent identity theft and online fraud," Schmidt says.