A Glimpse Into Identity Management: Then, Now & Beyond

A GLIMPSE INTO IDENTITY MANAGEMENT THEN, NOW & BEYOND For years, identity thieves focused on stealing credit card information and Social Security Numbers (SSN). This is how they made their money. When it came to identity management, credit monitoring and checking credit card statements was often enough to keep an identity secure. Now we have entered a new era – one that requires us to manage our identities in their entirety, from SSN and date of birth to email addresses and social media profiles. Why? Popular trends like online banking and social networking open up our identities to new risks. As a result, consumers must adapt to these new risks, opening the door for new identity management solutions. TRADITIONALLY, ID THIEVES TARGETED: SSN CREDIT DATA, FINANCIAL INFO & SOCIAL SECURITY NUMBERS WHY? They can use this data for ID theft or fraud such as running up credit or taking out loans in your name. HOW? They hunt through trash for sensitive documents, pose by phone or email as someone who legitimately needs your personal information, or purchase personal information from store employees and others who handle sensitive data. TYPICAL SOLUTIONS INCLUDE checking your credit regularly for fraudulent activity and keeping an eye on your bank and credit card statements. NOW, IT'S ALL-ENCOMPASSING. THEY ALSO TARGET: EMAIL ADDRESSES & PASSWORDS Having an email address and password opens a world of opportunity for an identity thief, including access to valuable online accounts like ecommerce or banking sites. CHILDREN'S IDENTITIES Identity thieves target children because their SSNS and credit reports are clean and less likely to be tracked. In most cases child ID theft goes unnoticed until the child is 18 and applying for their first credit In 2013, California was the first state to add card or college loan. "online accounts" to its breach MALWARE notification law, Using malware, cyber criminals can remotely control or load viruses onto a target device, as well as retrieve any sensitive information on that device. requiring companies to notify individuals if online accounts SOCIAL NETWORKS are compromised. Identity thieves find and use personal information posted on social networks, or they use social Lf engineering (phishing and other tactics) to manipulate social media users into giving them such personal information. From there, they can hack into accounts to gain additional information. More than 9 in 10 healthcare HEALTHCARE INFO organizations Identity thieves can use someone's healthcare were breached information to receive medical treatment or in 2012 & 2013. receive medical benefits. TAX REFUNDS APRIL 15 Scammers can use stolen names and SSNS to file phony electronic tax forms for IRS refunds. 1.6 million Americans 1.6M 1.2M were victims of tax refund fraud in the first half of 2013, up from 1.2 million JAN - JUN 2013 2012 victims in all of 2012. NOW WE HAVE BETTER SOLUTIONS: MULTI-FACTOR AUTHENTICATION NON-CREDIT DATA MONITORING Requires at least 2 of 3 authentication factors: something you are, something Because now our identities are made up of more than just credit info – email, social networks, medical info and more. you have and something you know. PASSWORD MANAGERS ********* Remembers, encrypts, and stores passwords so users are less likely to reuse passwords across multiple sites. NEXT UP? CYBER CRIMINALS ARE TARGETING: SOCIAL NETWORKS 2.0 You Tube Identity thieves are carrying out more complex fraud schemes, such as using information from social networks to put together a full profile of you, which they can then use for identity theft and fraud against in you or your employer. ACCOUNTS WITH ACCESS Cyber criminals are increasingly hunting down credentials and accounts with special permissions, such as those with access to Google Play's Developer Console, so they can build and publish mobile apps with malware. Google play AND MORE ADVANCED SOLUTIONS ARE ON THE WAY: MULTI-FACTOR AUTHENTICATION 2.0 IDENTIFIERS BIOMETRIC Multi-factor authentication is quickly advancing to incorporate more “invisible" identifiers like geolocation awareness and the cadence with which you type. These are characteristics such as a fingerprint, retina print, or voiceprint. Unlike passwords, biometric identifiers cannot be forgotten or lost. 000 Sources California Legislature (2013), Backgroundcheck.org (2013), Treasury Inspector General for Tax Administration (2013), CSID (2013) CSID www.CSID.com/IDEvolution