ID Analytics Study Reveals Employees' Criminal Misuse of Stolen Identities

Internal Identity Theft Research Uncovers New Fraud Behavior Patterns

SAN DIEGO, - ID Analytics, Inc., the leader in on- demand identity intelligence, today released the results of its groundbreaking
internal data theft study which provides an unprecedented analysis of the criminal behavior patterns associated with the misuse of identities stolen from the workplace by employees. The study's findings also provide a better understanding of the harm resulting from an internal versus external data
breach.

Organizations routinely invest significant resources to ensure the
security of confidential customer and employee information such as home
address, Social Security number, and date of birth. In addition to perimeter
security, common internal security measures include employee education
programs, data access monitoring, and strict policies regarding use of USB
ports and portable devices. However, intentional data theft and unintentional
data loss by authorized employees continue to be the most common sources of data breaches. Organizations struggle with the threat of the "human element" -- employees with access to a company's most valuable
information. Furthermore, to date, little has been done to study and understand how stolen data is exploited once it leaves an organization.

ID Analytics' study, Analysis of Internal Data Theft, sought to expose how,
where and when employees misuse data stolen from the workplace. The research examined more than a dozen incidents of internal data theft involving more than five million identities from consumer and employee files across organizations in the government, education, and commercial sectors. Of these, eight incidents ultimately led to more than 1,300 cases of attempted fraud targeting bank card, retail card, and wireless providers. Using Advanced Analytics(SM) to identify suspicious or anomalous activity, the research uncovered associations between transactions and patterns of criminal behavior after data theft had taken place.

Key findings from the study include:

-- In the analysis of the eight internal data breaches where harm was found, organized misuse ranged from 3 percent (data leak caused by mishandling data) to 36 percent (targeted employee data theft) of the identities stolen.

-- The identities associated with these internal incidents were up to 24 times more likely be misused than the average U.S. consumer identity.

-- Misuse of the stolen identities occurred in remarkably close proximity to the site of the internal data theft. Fraudulent activity relating to each incident of internal data theft took place within 20 miles of the source, indicating that the stolen identities had not been sold or distributed on a national level.

-- Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.

-- Identities involved in internal data theft were misused in similar patterns to those taken via external attacks in terms of period of use and using the Internet to commit fraud. Most of the stolen identities in the study were used very briefly -- over a period of two weeks. The internal theft
activities also focused mainly on online channels. In five of the eight internal data breach cases, 80% of the fraudulent application activity was online.


"In today's data rich environment, organizations continue to struggle with
the human element at the heart of data security," said Mike Cook, co-founder and chief operating officer, ID Analytics, Inc. "Companies should be on the alert for what may be the biggest security threat to their customers-employees with access to sensitive customer data. Given the balance between the need to grant employees access to information to complete their job functions and the need to protect sensitive customer data, we encourage companies to implement strategies that increase visibility and reduce the risk of data loss."

Today's report is the latest result of ongoing research leveraging ID Analytics' proprietary ID Network(R), the nation's only real-time, cross-industry compilation of identity information. The ID Network comprises billions of identity elements-including names, addresses, Social Security
numbers, and phone numbers, plus more than two million cases of reported frauds -- which are contributed by organizations spanning multiple industries for the purpose of preventing identity fraud. ID Analytics continuously publishes research on the threats to consumers and organizations resulting from internal data theft, external data theft and identity fraud based on ID
Network data analysis.

To request a white paper providing more detail on the research, please
visit http://www.idanalytics.com/whitepapers/.

About ID Analytics, Inc.

ID Analytics, the leader in on-demand identity intelligence, provides
unprecedented real-time visibility into the risk of individuals, protecting
both organizations and consumers. ID Analytics pioneered identity scoring
technology. ID Analytics combines three unique capabilities to assess risk and
improve the customer experience across all consumer touch points: the ID Network(R)-the nation's only real-time, cross-industry compilation of identity information; Personal Topology(TM) -- an individual\'s particular identity characteristics and their connectedness to each other; and ID Analytics' proprietary Advanced Analytics(SM). Leading communications and financial
services companies, as well as major retailers, government agencies and healthcare insurers, all trust ID Analytics to provide solutions that drive new revenue opportunities, reduce financial losses, and facilitate compliance with federal regulations. ID Analytics is based in San Diego, CA.

ID Analytics is a registered trademark of ID Analytics, Inc. All other trademarks and registered trademarks are the property of their respective holders.

SOURCE ID Analytics, Inc.



August 03, 2008

Read more about Biometric Industry Events and Conferences.

Read more about Biometric Industry Useful Links.

Read more about Biometric Technologies:

Fingerprint, Iris Recognition, Hand & Finger, Facial Recognition, Voice/Speaker, Consultants, Smart Cards/Multimodal, Signature/Keystroke, 2D Barcodes, Sensors, Middleware/Software, Vascular Pattern Recognition

Read more about Biometric Applications:

Physical Access Control, Logical Access Control, Justice/Law Enforcement, Time and Attendance, Border Control/Airports, HIPAA, Financial/Transactional, Integrators/Resellers, Safes, Door Locks, Other


August 03, 2008



 

back
RSS News Feed
RSS Biometrics Industry Events

Showcases
Fingerprint
Iris Recognition
Hand & Finger
Facial Recognition
Voice/Speaker
Consultants
Smart Cards/Multimodal
Signature/Keystroke
2D Barcodes
Sensors
Middleware/Software
Vascular Pattern Recognition

Applications



Site Search



Sponsor Links

BIO-key
 BIO-key develops and licenses advanced biometric finger identification technologies that are cost effective, scalable and easy to deploy.

Identica Corp.
Is the exclusive provider of the Techsphere Hand Vascular Pattern Recognition biometric solution in the USA, Canada, Mexico and the Caribbean Islands.

ZK Software
 ZKSoftware Inc. is a leading OEM/ODM manufacturer offering Fingerprint Time & Attendance and Access Control, Fingerprint Door Locks and IT products.

Ceelox
Ceelox is a developer and marketer of biometric authentication and biometric file security software products.

Hitachi
Hitachi is a pioneer and recognized world leader in developing vein pattern biometrics systems.


Guides

What are "Biometrics"?
Biometrics Glossary
How Well Do Biometrics Work?
Identification vs Verification


Articles & Research

US VISIT Fact Sheet
The Anatomy Lesson
Smile: You're On Scan Camera
Privacy - Friend or Foe?
New Opportunities for Biometrics
Let Me In!
Archived Q & A's
Videos & Product Demos



Biometrics Events | Biometrics Links | Biometrics Press Releases
Biometrics Feature Articles | Biometrics Company Q&A's | Biometrics Product Videos/Demos
About Us | Contact Us | Advertising Info | Privacy Policy | Terms of Use