Social Insecurity: Identity Theft and Prevention Efforts

Social Insecurity: Identity Theft and Prevention Efforts

November 2009

IN THIS ISSUE

— Someone Has Your Number: Social Security Numbers and Identity Theft
— Chasing Shadows: Investigating Identity Theft
— In the next issue

GREETINGS!

Welcome to the November edition of our newsletter! In this issue, we’ll examine the hazards posed by the ubiquitous nature of Social Security Numbers as a “national identifier,” and steps that can be taken to both prevent identity theft and investigate it after the fact.

SOMEONE HAS YOUR NUMBER: SOCIAL SECURITY NUMBERS AND IDENTITY THEFT

When it was first instituted in the 1930s, the Social Security system was not envisioned as something to be interwoven into the fabric of America’s personal information infrastructure. Yet as the 20th century came to a close, the nine digit number meant to identify recipients of retirement benefits is used in everything from job applications to department store credit cards, and is often used to verify one’s identity. But what can you do when your Social Security number is no longer secure?

The problem of identity theft, most often by means of stealing a Social Security number, cost businesses $48 billion and consumers $5 billion in 2004, according to a report by the House Ways and Means Committee. This figure did not include the time spent attempting to mitigate the damage done, such as closing fraudulently opened accounts.

CHASING SHADOWS: INVESTIGATING IDENTITY THEFT

In recent years, particularly after the terrorist attacks of September 11, 2001, many federal government agencies have stepped up efforts to police access to and use of Social Security numbers, attempting to regulate dissemination of the data by credit reporting agencies and other private sector businesses. While the Social Security Administration said the physical theft of a wallet or purse containing this sensitive information is still possible, the most likely means of obtaining someone else’s number is via a “phishing” scam where an individual unwittingly volunteers the information to a phony institution posing to be a bank or other legitimate party. Various agencies have taken proactive steps to limit dissemination of the data, such as showing only the last four digits of a number on a federal tax lien, which is a public record.

While the Social Security Administration will review your earnings records to make sure someone else who uses your number does not report their earnings as your taxable income, they cannot assist consumers in remedying the theft. The Federal Trade Commission and Internal Revenue Service both have reporting agencies to help mitigate the effects of such fraud, and credit reporting agencies regularly employ both in-house and contract-based Certified Fraud Examiners to assess the damages caused, develop time lines of events once the crime is committed, and develop further internal controls to better respond to these issues. While it may not be possible to retain a CFE to prevent identity theft in your organization in all cases, a review of your company’s information retention policies would be a good start to ensuring the safety of one of your employees’ most important pieces of personal information.

IN THE NEXT ISSUE

In the next issue, we’ll look at the Ponzi scheme of Tom Petters, who used his illegitimate gains to take positions in several legitimate companies.

A Year After the Meltdown: Mortgage Fraud and Lessons Learned

Mixing Business and Pleasure: Using Fraud Proceeds for Investment