Overheard in the tech blogosphere » identity theft

Overheard – FACTA Red Flags Rule

Margaret Rouse — Wed, 18 Nov 2009 14:44:18 +0000

Compliance with the Red Flag rules must take a risk-based approach. Organizations are not given a specific set of items to implement; there is no detailed checklist. Compliance is principle-based focused on the outcome — avoiding identity theft — and not on specific requirements.

Michael Rasmussen, Red Flag Rules compliance demands a risk-based approach

Today’s WhatIs.com Word of the Day is Red Flags Rule.

Overheard – FCC regulations for “Identity Theft Red Flags”

Margaret Rouse — Tue, 10 Feb 2009 14:54:10 +0000

As institutions embrace automated services such as self-service password reset for purposes of reducing costs and boosting efficiency, these services are being targeted by attackers for the relative ease with which they can be used to gain access to registered accounts.

Thomas Varghese, Addressing Red Flags compliance

The Federal Trade Commission (FTC) has instituted new regulations known as “Identity Theft Red Flags” that promise to mitigate the havoc posed by identity theft to financial institutions and their customers. Effective May 1, 2009, these new regulations require financial institutions and creditors with covered accounts to implement programs that detect, prevent, and mitigate instances of identity theft.

Under the rules, entities must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. The FTC has issued guidelines that identify 26 different red flags to assist in designing identity theft prevention programs. These red flags are not a checklist, rather examples that financial institutions and creditors can model as a reference.

Overheard: We don’t need no stinkin’ credit card. Give us your e-mail address book.

Margaret Rouse — Wed, 12 Nov 2008 20:39:09 +0000

Elite cybergangs can no longer make great money stealing and selling personal identity data. Thousands of small-time, copycat data thieves have oversaturated the market, driving prices to commodity levels. Credit card account numbers that once fetched $100 or more, for instance, can be had for $10 or less.

Gunter Ollmann as quoted in Internet thieves make big money stealing corporate info

The most fertile turf: AOL, Yahoo and MSN instant messaging; YahooMail, HotMail and Gmail; and MySpace and FaceBook, the free tools that on any given day you’ll find open on millions of workplace PCs. The most coveted loot: e-mail address books, instant-messaging buddy lists, PowerPoint slide presentations, engineering drawings, partnership agreements, price lists, bid proposals, supply contracts, executive e-mail exchanges and the like.

USA Today has put together an interesting overview on where the dollars are today in cybercrime. Gunter Ollmann is the chief security strategist at IBM ISS, IBM’s tech security division.