Industry View
Monitoring the Enemy Within: Reflections on a New Internal Data Theft Study
Who steals data, and what do they do with it? Cooper Bachman of ID Analytics scrutinizes research from a dozen data thefts resulting in 1,300 attempted instances of data misuse.
By Cooper Bachman, ID Analytics
Identity fraud is different than account fraud. Identity fraud deals with stolen or fabricated identity elements (e.g., social Security number, name, and address). One way to detect identity fraud is to examine new account initiations across companies and industries. In cases of fraud, many new accounts of multiple types are opened across different institutions. Account fraud is the misuse of an existing account that is discovered examining transactions. Account fraud only affects a single institution and a single account. The harm is financial loss and it is easily reconciled by closing the account and issuing new cards.
It is important to note that this analysis is focused on the use of stolen identities being utilized to open new credit, retail, and wireless accounts. This study did not include takeover of existing accounts such as direct deposit account (DDA) or new openings of collateralized loans (e.g., mortgages and automotive finance).
Specifically, the study analyzed the change in identity relationships within each internally breached population looking for anomalous linkages. For example, if a group of consumers had no prior relationships with one another, and then suddenly began applying for credit cards and wireless phones at a single address, this would be viewed as a suspicious or anomalous relationship change. Then, each suspicious case was analyzed in depth and reviewed for possible misuse of identity data. The time periods analyzed ranged from 10 months to more than 30 months after the date of the internal data theft.
Methods of Misuse
The study performed temporal and relational analysis on over 1,300 cases of misuse. From these, four common patterns were highlighted.
1. Misuse of Data Occurred Within 20 Miles of the Internal Data Source
The data analysis found a geographic relationship between where the data was stolen and where it was used. In some cases, the misuse was occurring as little as two to five miles from the place where the data was removed. It is important to note, that the research did not include local lenders such as credit unions or community banks. The misuse identified was based on information from national credit card issuers, retail lenders and wireless organizations.
If the data has in fact been purchased by a national identity fraud ring, it is expected to see pockets of misuse in geographic areas much farther from the data source. However, all misuse occurred locally relative to where the data was removed and indicates the individuals who obtained the data were either abusing it themselves or providing it to other perpetrators in their local area.
data theft
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
