social security numbers and identity theft brett coryell, deputy cio emory university university...
TRANSCRIPT
![Page 1: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/1.jpg)
Social Security Numbersand Identity Theft
Brett Coryell, Deputy CIO Emory University
University Technology Services
![Page 2: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/2.jpg)
introduction
2
Source: www.zanderinsurance.com
![Page 3: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/3.jpg)
have you seen him?
3
Source: www.lifelock.com
Is this really a good idea?As far as I can tell, this is his real SSN.(Notice he recommends you not share yours, though.)
![Page 4: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/4.jpg)
history
4
7 7 3 - 0 0 - 4 3 2 7
Area• Georgia 252-260• also 667-665• 700-728 for RR• 772 is highest
Group• unusual • SSA has lists• 252-260 are full
Serial• given in order
Source: Wikipedia, Social Security Administration
![Page 5: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/5.jpg)
theft
She left her card at the café …
Average take for identity theft is greater than the average bank robbery.
Source: AM New York; videos from various internet sites
![Page 6: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/6.jpg)
financial impact
6
Source: Federal Trade Commission report; Privacy Rights Clearinghouse
These are estimates by victims of how much the thief got.
Median value = $500, per FTC study.
Other estimates come in closer to $5700 on average.
One published account is as high as $6400 on average.
![Page 7: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/7.jpg)
financial impact
7
Source: Federal Trade Commission 2006 report on Identity Theft
Many but not all credit card victims incurred no out of pocket expense.
Other costs include:• Time spent • Harassment (collectors)• Credit report fixes• Loan rejection• Banking problems• Insurance problems• Utilities cut off• Criminal investigation (12%)
![Page 8: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/8.jpg)
time
8
Source: Federal Trade Commission 2006 report on Identity Theft
30% reported spending less than 1 hour cleaning up.
Median time was 4 hours.
If you had a new account opened in your name, 60% spent more than 10 hours.
A study by the Privacy Rights Clearinghouse says average time was 25 hours in 2007.
![Page 9: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/9.jpg)
who does this stuff?
The most common thief was someone they know.
Risk factors for victims:• high income• well educated• woman• single adult• “more” kids
Source: Purdue University, Federal Trade Commission
![Page 10: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/10.jpg)
who does this stuff?
10
Source: Federal Trade Commission 2006 report on Identity Theft
![Page 11: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/11.jpg)
Emory
11
Legitimate and legal uses of social security numbers:• Payroll / taxes• Financial aid
Other protected data:• Health information• Student records
Some departments have reduced or eliminated their non-essential use of SSN.
![Page 12: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/12.jpg)
get geeky
Firewall? Like that could stop me …
Actually, yes, quite often it does. It’s not always intruders we’re worried about, though.
Source: AM New York; videos from various internet sites
![Page 13: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/13.jpg)
protection
13
SciQuest
Fin
HR
OPUS
Shadow
This diagram is a somewhat idealized version of our systems.
Emory does have some good practices and policies in place.Access to SSN in the warehouse is limited.Bypassing the warehouse or using SSN as an identifier creates risk
![Page 14: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/14.jpg)
Areas of concern:• Printed reports• Emory Card• Local vendors• File transfers• Shadow databases• Desktops and laptops
be on the lookout
14
![Page 15: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/15.jpg)
remember him?
15
Source: www.lifelock.com; Indiana Code
Is this a felony? No, but consider this section of Indiana law:
You must “… disclose a breach … following discovery … [that] any state resident[‘s] … unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person.”
![Page 16: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/16.jpg)
the law
16
1. Right to Privacy Act (1974)a) Prevents state agencies (usually) from requiring your SSNb) Does not prevent employers from asking for it.
2. Georgia code (10-1-393.8) -- a person, firm, or corporation shall nota) May not intentionally communicate any person’s SSNb) Require a person to transmit SSN over the Internet unless the connection is
secure and the SSN is encrypted.c) Require an SSN to access a website unless a password or PIN is also used
3. Exceptions for state and federal law, setting up and deleting accounts, applications, enrollments, checking accuracy of SSN’s, etc.
4. No burden on “interactive computer service providers” and telcos to monitor.
5. Georgia code (10-1-912) requires notification if we discover a breach of security that leads us to reasonably believe that unencrypted data was seen by an unauthorized person. Extra notice if we go over 10,000 people.
![Page 17: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/17.jpg)
enough Larry
Enough Larry for everyone?
What do you actually do if Larry’s got your number?
Source: AM New York; videos from various internet sites
![Page 18: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/18.jpg)
digital citizenComputer• Use strong passwords• Watch for phishing (ask me)• Run spyware and antivirus• Look for secure checkouts• Use a software based firewall
Personal• Be stingy with your info• Check your credit reports• Watch your bank accounts• Don’t carry your SSN card• Get, and use, a shredder
Extra credit (or paranoia)• Use different credit card online• Use two or more banks
18
![Page 19: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/19.jpg)
digital citizenIn our community• Adopt good trends
• Biometrics
• 2 factor authentication
• Challenge inappropriate use
• With vendors
• In our own systems
• Educate those around you
19
![Page 20: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/20.jpg)
resources
20
FTC Website has videos, publications, and more.
![Page 21: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/21.jpg)
resources
21
Consider Identity Theft insurance. You saw Lifelock. Here is another company. This one offers a counselor to help you with the paperwork.
![Page 22: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/22.jpg)
anti-resource?
22
One of several catchy commercials, this service is actually NOT free.
Offered by Experian.
![Page 23: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/23.jpg)
resources
23
39 states plus DC have laws requiring credit freeze.
$10 to place, suspend, or remove freeze in Georgia.
![Page 24: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/24.jpg)
resources
24
1. IRS, if tax ID theft: [email protected]
2. Social Security Administration – 800-269-0271http://www.ssa.gov/ssnumber
3. U.S. Postal Inspectors, if USPS involved – 800-275-8777
4. State Department, if passport involved
5. If checks missing or involveda) TeleCheck – 800-710-9898b) Certegy, Inc. – 800-437-5120c) International Check Services – 800-631-9656
6. If Emory’s private information is involved, discuss with your manager and Emory’s Chief Information Security Officer, Brad Sanford ([email protected])
Source: Purdue University
![Page 25: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/25.jpg)
resources
25
1. Clark Howard (consumer advocate), for news and alertshttp://www.clarkhoward.com (see “Identity Theft” at bottom of home page)
2. For consumer activism, check publisher of Consumer Reportshttp://www.financialprivacynow.org
3. Security freeze instructions:Security Freeze Instructions for EquifaxSecurity Freeze Instructions for ExperianSecurity Freeze Instructions for TransUnion
4. Florida identity theft victim’s kit:http://myfloridalegal.com/idkitprintable.pdf
![Page 26: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/26.jpg)
?Questions
26
![Page 27: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/27.jpg)
?Appendix
27
![Page 28: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/28.jpg)
resources
28
![Page 29: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/29.jpg)
resources
29
![Page 30: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/30.jpg)
IRS fraud
30
Source: www.yahoo.com, www.bankrate.com
![Page 31: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/31.jpg)
Playing FlashHELP
31
This presentation has an Adobe Flash file (.swf) in it.
Playing Flash inside a presentation requires the Adobe Flash player to be installed and that the specific location of the file is in the Properties section. Be sure to copy the .swf file and modify the animation properties when you move this presentation to a new computer.
Details are in the speaker’s notes for this slide.
![Page 32: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/32.jpg)
anti-resource?
32
New car
![Page 33: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/33.jpg)
anti-resource?
33
Pirate commercial
![Page 34: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/34.jpg)
bustierre
Leather bustierre
Source: AM New York; videos from various internet sites
![Page 35: Social Security Numbers and Identity Theft Brett Coryell, Deputy CIO Emory University University Technology Services](https://reader034.vdocuments.mx/reader034/viewer/2022051516/56649dd45503460f94acc8cc/html5/thumbnails/35.jpg)
motorcycles
Cibibank motorcycles
Source: AM New York; videos from various internet sites