Internal Identity Theft Research Uncovers New Fraud Behavior Patterns
SAN DIEGO, July 31 /PRNewswire/ -- ID Analytics, Inc., the leader in on- demand identity intelligence, today released the results of its groundbreaking internal data theft study which provides an unprecedented analysis of the criminal behavior patterns associated with the misuse of identities stolen from the workplace by employees. The study's findings also provide a better understanding of the harm resulting from an internal versus external data breach.
Organizations routinely invest significant resources to ensure the security of confidential customer and employee information such as home address, Social Security number, and date of birth. In addition to perimeter security, common internal security measures include employee education programs, data access monitoring, and strict policies regarding use of USB ports and portable devices. However, intentional data theft and unintentional data loss by authorized employees continue to be the most common sources of data breaches. Organizations struggle with the threat of the "human element" -- employees with access to a company's most valuable information. Furthermore, to date, little has been done to study and understand how stolen data is exploited once it leaves an organization.
ID Analytics' study, Analysis of Internal Data Theft, sought to expose how,
where and when employees misuse data stolen from the workplace. The research examined more than a dozen incidents of internal data theft involving more than five million identities from consumer and employee files across organizations in the government, education, and commercial sectors. Of these, eight incidents ultimately led to more than 1,300 cases of attempted fraud targeting bank card, retail card, and wireless providers. Using Advanced Analytics(SM) to identify suspicious or anomalous activity, the research uncovered associations between transactions and patterns of criminal behavior after data theft had taken place.
Key findings from the study include:
-- In the analysis of the eight internal data breaches where harm was found, organized misuse ranged from 3 percent (data leak caused by mishandling data) to 36 percent (targeted employee data theft) of the identities stolen.
-- The identities associated with these internal incidents were up to 24 times more likely be misused than the average U.S. consumer identity.
-- Misuse of the stolen identities occurred in remarkably close proximity to the site of the internal data theft. Fraudulent activity relating to each incident of internal data theft took place within 20 miles of the source, indicating that the stolen identities had not been sold or distributed on a national level.
-- Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.
-- Identities involved in internal data theft were misused in similar patterns to those taken via external attacks in terms of period of use and using the Internet to commit fraud. Most of the stolen identities in the study were used very briefly -- over a period of two weeks. The internal theft activities also focused mainly on online channels. In five of the eight internal data breach cases, 80% of the fraudulent application activity was online.
"In today's data rich environment, organizations continue to struggle with the human element at the heart of data security," said Mike Cook, co-founder and chief operating officer, ID Analytics, Inc. "Companies should be on the alert for what may be the biggest security threat to their customers-employees with access to sensitive customer data. Given the balance between the need to grant employees access to information to complete their job functions and the need to protect sensitive customer data, we encourage companies to implement strategies that increase visibility and reduce the risk of data loss."
Today's report is the latest result of ongoing research leveraging ID Analytics' proprietary ID Network(R), the nation's only real-time, cross-industry compilation of identity information. The ID Network comprises billions of identity elements-including names, addresses, Social Security numbers, and phone numbers, plus more than two million cases of reported frauds -- which are contributed by organizations spanning multiple industries for the purpose of preventing identity fraud. ID Analytics continuously publishes research on the threats to consumers and organizations resulting from internal data theft, external data theft and identity fraud based on ID Network data analysis.
Today at 1:00 p.m. ET / 10:00 a.m. PT, ID Analytics product analyst Cooper Bachman will present the study findings in a free, one-hour webinar titled "What Happens After Employees Steal Data?" To register for the webinar, please visit http://idanalytics.com/webinars/evite7/.
To request a white paper providing more detail on the research, please visit http://www.idanalytics.com/whitepapers/.
About ID Analytics, Inc.
ID Analytics, the leader in on-demand identity intelligence, provides unprecedented real-time visibility into the risk of individuals, protecting both organizations and consumers. ID Analytics pioneered identity scoring technology. ID Analytics combines three unique capabilities to assess risk and improve the customer experience across all consumer touch points: the ID Network(R)-the nation's only real-time, cross-industry compilation of identity information; Personal Topology(TM) -- an individual's particular identity characteristics and their connectedness to each other; and ID Analytics' proprietary Advanced Analytics(SM). Leading communications and financial services companies, as well as major retailers, government agencies and healthcare insurers, all trust ID Analytics to provide solutions that drive new revenue opportunities, reduce financial losses, and facilitate compliance with federal regulations. ID Analytics is based in San Diego, CA.
ID Analytics is a registered trademark of ID Analytics, Inc. All other trademarks and registered trademarks are the property of their respective holders.
Available Topic Expert(s): For information on the listed expert(s), click appropriate link. Mike Cook https://profnet.prnewswire.com/Subscriber/ExpertProfile.aspx?ei=73460
|SOURCE ID Analytics, Inc.|
Copyright©2008 PR Newswire.
All rights reserved