The rise in ID theft means credit unions have no choice but to take steps to counter it. And that includes investing in some technologies that can be expensive.
That was the message from Neville Pattinson, director of business development and technology for Schlumberger, an Austin, Texas-based security consultancy. Pattinson spoke at an educational session here at the Defense Credit Union Council's annual conference, noting that no one has the answer as to how to stop identity theft completely, but there are ways to lessen its impact.
There are many techniques to gather information that will allow a criminal to impersonate someone and gain access to or receive services intended for that person, he explained. The most important items are a person's Social Security number, name, address, birthday, birthplace, and user names and passwords on electronic accounts.
"One way to get these is to simply steal someone's wallet or purse, or to intercept their mail," said Pattinson. "Or there is another low-tech method known as 'dumpster diving.' Criminals look in trash cans for documents with important information."
The Threat From Skimming
More sophisticated ways of obtaining critical identity information include "skimming" magnetic stripe cards, using logged-on computers left unattended, accessing credit report or human resources databases, and spoofing communications to trick someone into giving away their critical data.
Once a person's identity information is in the hands of another, that person can open a new credit card account using the name, date of birth and Social Security number. Or, the person's information can be used to open a checking account.
Of course, the criminal has no intention of paying for the items purchased with the fraudulently obtained credit cards or checks. The accounts use a false address, so the person does not know of their existence, even as the unpaid bills pile up.
Pattinson cited statistics from the Federal Trade Commission. In 2002, identity theft accounted for 43% of the 380,000 fraud complaints received by the FTC. "It can happen to anybody," he said.
When transactions take place over the Internet, the merchant has no idea who someone is or where they are from. In the case of in-store purchases, clerks do not question the identity of the buyer as long as the credit card is valid.
Therefore, Pattinson said, the verification of identity process must be improved.
"We must increase the factors of authentication through biometrics and 'smart' ID cards," he said. "There needs to be more than just possession of a credit card. The card should have a picture on it, or it should contain the rightful owner's fingerprints."
Credit unions would benefit from a switch to smart cards, Pattinson asserted, because members' satisfaction would improve if they are able to safely and securely process transactions and make payments online.
A smart card is a plastic card similar in size and shape to an ATM or credit card. It contains a chip with the capability of a 386 processor. Once the card is plugged into a card reader or a computer, it is "powered up" and can perform many calculations, Pattinson explained. "This provides dual authentication," he said. "People must have the card and they must know a PIN."
Getting Smarter
The difference between a smart card and an ATM card is that all information is stored on the card, not on a server. The chip's large storage capacity allows users to securely save credit and debit card account information, shipping addresses and other personal information.
CUNA Network Services offers a "SafeID" program that allows credit unions to offer higher-end services to their members. At the heart of this program, Pattinson noted, are smart cards.
"With smart cards, you see increased purchasing and reduced costs due to secure transactions," he said.
The technology is not free, Pattinson acknowledged. "Switching to smart cards will be costly, but so is the cost of fraud," he said.
