Ticking time bomb of identity theft
A few years ago I learned the hard way how expensive and painful getting your identity, credit card and phone stolen could be. Shortly after attending an insurtech conference in Chicago I had my cell phone and business credit card stolen. When I woke up the next morning and headed to the local Bank of America branch to get a temporary card I discovered that nearly $30,000 worth of goods had been purchased at various gas stations, Wal-Marts and Targets around the greater Chicago area. Armed only with my credit card and my phone these individuals manage to steal $30,000 and cost me hours in time filing police reports, fraud claims and thousands in legal fees until I finally recovered ? of the original stolen amount from the bank. What was my situation unique? No.
In fact, it’s estimated that identity theft happens every two seconds, and that’s just with the cases we know about. In 2017, there were around 60 million victims in the U.S. alone and though incidents have increased so much so that it is the top complaint from today’s consumers, experts say that only about 9% of victims actually report identity theft.
Whether it’s embarrassment due to feeling responsible, just not having a complete understanding of exactly what identity theft is, or simply not realizing that they’ve been victimized, the fact remains that we’re only aware of a very small percentage of the actual incidents.
And that’s just on an individual level… there’s other national security implications here.
The new era of highly trained cyber operatives from Russian, China and Iran. Select countries believe that cyber attacks are the best way forward for economic and defense purposes. Yikes!
https://www.secureworldexpo.com/industry-news/why-russia-hacks-why-china-hacks
Here’s the good news, we do have interesting technology solutions coming forward that could help solve this problem. Will explain below.
What can you do once you have someone’s identity?
Let’s leave the national security to the NSA and other relevant institutions for now.
The definition of identity theft is stealing and using one’s data, usually in order to gain additional confidential information. Once this is accomplished, the perpetrator can utilize that info to wipe out bank accounts, create new credit lines in the victim’s name, or other fraudulent and nefarious actions. But lesser known types of fraud can be accomplished with someone’s identification and getting this all fixed is not as easy as you might think. For instance, the criminal could open a brand new bank account and credit card if it’s able to get pieces of information likely stored on many of your favorite social media sites. Tax and Employment Fraud makes up 34% of reported cases according to the Federal Trade Commission yes 34% and armed with only a social security number they can get a job, product an income tax return and thus able to do things like apply for loans they’ll never pay back or apply for benefits.
Identity is the only key to participate in the online or any economy
Try to make a purchase online without divulging very sensitive information or try to open an account online. And by the way, this is only related to well resourced online companies (Netflix,Facebook, Amazon). But you give away your sensitive ccard information every time you buy a pizza (ccard/cvv), apply for a loan, rent an apartment, do your taxes with your local CPA (social security number), pay your cable bill to the disgruntled customer service rep over the phone and trust me these smaller businesses do not have anywhere the robust security protocol to protect your sensitive personal data and they will not be responsible for it (we can count on that).
Depending on the size of the company, their industry, and type of customer data stored, these incidents can be extremely lucrative for the thief. Full names, email addresses, and even personal information such as home addresses, Social Security Numbers, and even medical details can all be in the wrong hands in a matter of minutes.
According to the Identity Theft Resource Center’s published details on data breaches in the United States, there were 1,579 breaches and about 178 million records exposed in 2017 alone. Of course, one of the biggest and most shocking incidents was the Equifax breach, which is one of the top three credit reporting agencies in the country, as there was 150 million people that had their data potentially exposed.
The leaked information was highly sensitive and would have easily been used for numerous cases of identity theft. In fact, this breach was so egregious, Equifax was subject to a class action lawsuit that, though still pending, is set to result in all potentially affected customers receiving free credit monitoring for several years or a small cash alternative if they already have a monitoring service.
These walled gardens of data behind the most powerful companies in the world (Facebook, Equifax most recently Adobe) turn out to be made of cheap stucco.
Preventing Identity Theft Once & For All
Note: I’m not an investor, partner nor am I compensated in any way by Civic. I don’t even know the founders of Civic at all but I think their potential solution would be an important pillar of the blockchain technology movement (specifically if open source public) is to continue its momentum.
How does Civic work and why do I find it interesting?
Part of the reason we are so willing to part with our personal information is that with this information we can easily flow through the offline or online transaction.
Why do I think Civic’s solution could work with many use cases? From a very high level (no specific details) your data flows through a typical technology company to database (hopefully protected), multiple data APIs, server(s), middleware, web application/mobile application layer-- facing to client (info flows 2 ways) . This allows me (the client) to interact with the application layer with very little input (login with FB/Google) but this also increases my surface area of attack (see FB security token hack) https://www.theverge.com/2018/9/28/17914524/facebook-bug-50-million-affected-security-token-access-view-as-feature and increases the amount of damage I can do if FB or Google is hacked! I can login to any web portal that asks for my FB/Google ID and password.
Compare that to the Civic ID system.
- Biometric data fingerprint only access (to login and password)
- Database is blockchain verification process
- Multi-factor authentication without exposing id,password, tokens, 3rd party authenticators all without causing too much friction in the authentication process!
Well dude, that's great to avoid the hacker but what if a small time criminal physically steals my phone? Not a problem.. other than losing an expensive phone. Everything is encrypted within the phone so even if they physically have your phone without the "biometric" key to unlock they cannot access unencrypted data. But read below for more info.
Civic accomplishes a a few things here:
1) Less surface area to attack and get data (passwords, ids, 3rd party authenticators)
2) Keeps the smooth frictionless flow for end user (client)
3) Encryption Encryption of data the WHOLE way
Here’s more in Civic here https://www.civic.com/
I will continue to update this article as more updates to Civic come online. Again-- not endorsed, not part of the team but love the potential of the solution could keep our personal information a lot safer!