SCHULTZ: Digitally overexposed

COMMENTARY:

President Barack Obama named Melissa Hathaway to lead a major review of this nation’s cybersecurity. Her selection reflects the administration’s desire to protect the government’s information technology systems from security threats.

The General Accounting Office characterized the government’s computer system as a “high risk” area. This was underscored when the Federal Aviation Administration recently admitted its computer system was “hacked” and that the 48 files breached contained the names and Social Security numbers of more than 45,000 employees.

While it is critical that the government’s information networks be protected from terrorists and hackers alike, it is equally important that the administration’s review also focus on ways to better protect every American’s digital identities, especially when they use credit cards or the Internet.

Digital identity misuse or theft leaves victims exposed to fraud that could lead to physical, emotional and financial harm. People from all walks of life have been victimized with those least able to absorb the punishment among the hardest hit.

A recent survey by Jupiter Research concluded a total of 10 million Americans were victims of identity fraud in 2008, at an average cost of $496. Of these, 19 percent were defrauded while conducting online transactions.

Millions of other Americans have suffered financial losses when their credit cards have been compromised. In addition, thousands of merchants have lost merchandise or funds when credit cards have been misused or stolen cards presented to make a purchase. Online merchants lost more than $10 billion in 2007 due to identity fraud.

The misuse of prepaid cards presents yet another massive problem. Millions of stored value cards (gift cards, payroll cards, prepaid cards) have no Federal Deposit Insurance Corp. protection when they are stolen and thus thieves can spend them as easily as cash, depleting the true owner of their hard-earned savings.

Most Americans do not realize that debit cards, which often carry the insignia of a credit card, do not offer the same protection as regular credit cards, and may only learn this when the cards are stolen.

Unfortunately, the dangers go far beyond potential financial loses. A recently well-publicized case involved a 14-year-old girl who committed suicide when an adult pretended to be a boy on MySpace and then dumped her in a degrading way.

Another example of the misuse of digital identities occurs when already overworked 911 call centers get “swatted” by prank callers able to imitate another number. These types of “pranks” severely limit first responders’ ability to act in times of crisis, which places the entire community at risk when real emergencies require responses by fire or police departments.

The upcoming review by the Obama administration should also address the sad truth that many of the so-called protections are inadequate to the dangers. For example, PINs or passwords often offer relatively little identity validation or protection. And most people have so many different passwords they frequently write them down and keep them with their cards, so when one is stolen the protection is often gone with it.

Professional hackers can easily steal credit card information from individuals as well as from larger systems. More than 100 million credit card accounts were exposed when Heartland Payment Systems had its data centers breached in December 2008, enabling the thieves to subvert any current anti-fraud technology present. TJX Corp. had millions of credit card accounts exposed when they had their data centers breached.

RBS WorldPay, one of the largest payment processors in the world, also had millions of accounts stolen when their data centers were breached.

Clearly the old methods of automated protection are no longer adequate. Thus, we must implement systems that better validate digital identities to protect us as individuals and companies.

Story Continues →