Identity theft: How it affects you, your clients and your businessLaura Lynn BurkeFederal Trade Commission, U.S. Treasury Department, mortgage fraud
Thieves are taking identity theft to new
levels
Are you at risk? Are your customers? Let's look at some of the
ways identity theft is happening and ways of preventing it.
Stealing identities is a nationwide epidemic. Identity theft has
become a national issue.
According to the Federal Trade
Commission, more than 24 million people in the United States
have their identity stolen. They estimate $11,000 per case in
damage, which represents 26 billion of potential liability if fault
can be pinned on the data holder.
According to a report by the U.S. Treasury Department's
Financial Crimes Enforcement Network, suspicious activity involving
mortgage fraud leapt 1,411 percent between 1997 and 2005. The same
reports also show that identity theft was often reported in
conjunction with the commission of suspected mortgage fraud. What
that means is that if someone can obtain your Social Security
number, name and date of birth, they may then be able to get a
mortgage in your name.
Some experts say that lenders have opened the doors for mortgage
fraud through identity theft because of the mirage of mortgage
products allowed. One such product is the no-documentation
mortgage, which enables consumers to obtain a mortgage without job,
income and asset information.
The use of the Internet has also allowed us to receive and
process loan applications from faceless clients. The nature of
these transactions can increase the opportunity of fraud,
especially identity theft, says the Treasury report. Compile this
with the low-documentation loans and we can become a breeding nest
for fraudulent activity.
As originators in this industry, we need to know how to protect
ourselves personally and from being liable for originating a
fraudulent loan. As business owners, we must know how to safeguard
our employees and ourselves from costly litigation and time.
How identity theft is happening
Pilshing: A spoof e-mail that is sent out leading its
recipients to a fake bank Web site where recipients are lured into
keying in account usernames and passwords. Don't give out any
information online that feels in any way suspicious. A company will
contact you in writing or by phone if there is a legitimate
problem—don't fall for eBay
or AOL pilshing scams. I have
received them; they will state that your account had a problem that
needs to be corrected immediately or that your credit card on file
is about to expire and you need to complete a form with updated
information. They are pilshing scams.
Dumpster diving: Where the thieves dig through a
company's or person's trash trying to find enough data to allow
them to either steal an identity or credit card information.
Internet and company security breeches: In what many
look upon as the largest wake-up call in recent history for
financial institutions, thieves disguised themselves as a cleaning
staff last year and stole the equivalent of more than $400 million
from the London branch of Sumitomo Mitsui.
Here is a brief list of some of the many companies/agencies that
had security breeches in the past year or so:
•Illinois Department of
Financial and Professional Regulation: Federal and state law
enforcement agencies are still investigating the security breach.
The breach affected both loan originators and real estate
agents.
•Chicago public schools: Nearly 1,740 former Chicago school
employees' names, Social Security numbers and home addresses were
mistakenly mailed to other members of the group.
•The IRS had 478 laptops lost or stolen—112 contained
our personal data, such as Social Security numbers.
Department of Motor Vehicles (DMV): The DMV will issue
replacement licenses fairly easily. In many states, all you have to
do is walk in, state that you lost your wallet or purse, have a
counterfeit birth certificate and Social Security card, and, most
often, your licensed is replaced in minutes. Some states do not
even have the capability of viewing a past picture to determine if
it resembles you. Only seven states can verify identity with
biometrics. A digital photo of each applicant is combined with
recognizable software that measures distances between eyebrows,
ears, facial lines, etc., creating an individual's profile.
"Duplicate licenses are the choice of 'smart' bad guys," states a
Springfield, Ill. detective.
Employee/worker: "You can have a fortress security
system, but if you are not terribly discriminating with consultants
and both permanent and temporary employees, you can become terribly
vulnerable as a company," says a New York computer crime
consultant. Synthetic identity: Synthetic identity theft is where
someone steals only your Social Security number, not your identity,
and they give your Social Security number a new
identity—sometimes multiple ones.
This type of identity theft is more difficult to find and to
trace. It is almost impossible to prevent. Thieves are creating
fictitious persons with legitimate Social Security numbers. This is
what makes it so hard to detect. Once the new person is up and
running with his new identity, he can open bank accounts, new
credit card accounts, buy a new car and maybe even purchase a
house. Not only are his spending habits flowing to your credit
report, but his driving record, possible medical record
discrepancies and criminal record are as well. This is scary stuff,
and it is big time. Analytics state that this type of identity
theft is accounting for more than 85 percent of identity fraud.
Because they are not buying things in your name, most of the time,
it doesn't show up on your credit reports—which is what makes
it so extremely difficult to detect, until something happens to
catch your attention. Unexplained bills, medical/dental calls or
reports, traffic violations, new services, etc. are possible clues
that something may be wrong.
One man found out his number was used by someone who was being
tried for murder.
Identity theft is ageless: Everyone is a
target—from young children (children under 18 have become the
fastest growing target) to individuals over 21, to death. Yes, even
after death we are not safe from the identity thieves. They will
steal dead people's identities in a heartbeat! Identity theft is
one of the easiest crimes to commit and one of the most difficult
crimes to prosecute. No one is exempt from identity theft.
Steps to take to prevent identity theft for you
personally
Check your credit: You are entitled to a free credit
report once every 12 months from each of the three bureaus—Equifax, Experian and TransUnion. Stagger your
requests every four months, ordering from a different bureau each
time. Look for any discrepancies. You can get reports by going to
www.annualcreditreport.com
or by calling (877) 322-8228.
Place a fraud alert on your credit report: If you have
lost your purse or wallet, or have any reason to believe your
identity is at risk, place an alert on your credit report. This
way, all will know to check with you directly before granting any
credit in your name.
Ordering checks: Use only your initials and your last
name on them. This way, a thief is not sure how you sign your
checks. Never put your Social Security number on checks. I tend to
not put phone numbers either. When asked, you can always write it
on.
Make a list: Make a list of all your credit cards,
credit card numbers, expiration dates and 800 numbers to call. You
can also photocopy both the front and back side, but keep this list
and the photo copies in a safe place.
Copy your Social Security card: Call the Fraud Hotline
at (800) 269-0271.
Sign the back of your credit cards: Sign them or print
"Photo identity required."
Never give out personal information over the phone: Ask
to call the person back—check the number.
Don't respond to pilshing: Delete pilshing messages or
forward message to main company.
Check your annual Social Security report: Make sure
there is no income that is being reported under your Social
Security number that is not yours.
Steps to take to protect your company
Reduce your potential liability: Customer and employee
databases are prime targets. Evaluate your risk and take the
necessary steps to implement any necessary safeguards and
precautions.
Check background on all employees: Make a background
check routine of all employees—including outsourced and
cleaning staff. It is a minor added cost, but may save big dollars
and headaches in the long run.
Limit your access: Only allow those who need it to
obtain it. Have a complete accountability system of who accessed it
and when.
Monitor employees: Watch for unusual large downloads
and volume, as well as timing.
Have all employees sign non-disclosure agreements:
These agreements should prohibit them from misusing confidential
information.
Secure your data: Encrypt rather than storing personal
information on laptops, PDAs and other mobile devices.
Eliminate unnecessary data: Only keep what is
essential. Archive it rather than keeping it in a readily
accessible file. Discard or archive all data from inactive
accounts.
Know where your back-up tapes are going: Are they are
being sent to an off-site storage facility or are they being
mailed? Safe checking procedures can prevent them from getting into
the wrong hands or being lost.
Know who your cleaning person is: Check your cleaning
staff out. Ask for references and call them. When calling, say
something like: "Bill, the tall gentleman with a mustache" or
"Sally, the redhead." By adding a descriptive overview, you are, in
a minor way, verifying that this is the person whose references you
are checking. They could be great references, but make sure they
belong to the staff you are hiring.
Under-promise employees and customers: The old rule:
Under-promise and over-deliver. Only assure the personal data
security that you can deliver.
Have a written security policy in place: Make sure the
plan clearly states what data is confidential and what steps your
employees are to follow to protect this data.
Provide security training, education and awareness to your
employees: Informed employees are more aware of spotting
security breeches from within and have a plan to follow. The more
familiar an employee is with procedures, encryption and
programming, the more they will be used.
Test your security: Once in place, have someone try to
breech it. Find your weaknesses before someone else does. No matter
how good your security is, there is always the possibility of a
breech.
Have a plan for security breeches or failure: If a
worst-case scenario should happen, you will be prepared. Have a
plan in writing to follow for personal security breeches—who
and how clients will be notified.
Plan for legal issues that may arise: Knowing who to
contact and what your liabilities may be is also a positive,
proactive step.
To sum it all up, be alert, proactive and recognize the
importance of all of the above issues.
Laura Lynn Burke is with Footprints International Training
Company, d/b/a The Mortgage Institute. She may be reached at (708)
692-6199 or e-mail
[email protected].
