A leading computer security analyst is predicting that even as companies implement more IT security to prevent Internet hackers from tapping their networks, there will be increased theft of secure data by insiders, like employees.
The data security forecast by Joseph Ansanelli, chief executive officer of the data security firm Vontu, indicates that in 2006, as employees continue to learn about the value of sensitive customer information — and if they are not trained and encouraged properly to protect this information — there is a real risk that this information will increasingly be misused by retail employees.
“Many retailers have not educated their employees on the value of customer information to the company, nor have they educated them on employee responsibilities towards protecting and correctly handling this information. One example would be the use of skimmers in restaurants. Several thefts have been reported due to wait staff taking the customers’ credit card then running it through their skimmer in order to later be able to retrieve this number,” said Ansanelli.
“Employees need to be aware of the value of this information to the company, and the ramifications of not treating this information according to the company policies. They also need to understand what they can do outside their roles to help protect this information and honor the company’s security commitment to their customers.”
Ansanelli said that while many retailers are focusing on having readers in place that can simply read the RFID tags, as time continues, they will add more capabilities to the readers, including the capability of matching customer information from their database with the specific products and services the customer has purchased.
ID theft, and other IT security issues, will lead to increased government legislation, he said. This past year, many states have enacted security breach notification laws similar to the California law, in order to protect their residents from identify theft. There have been federal proposals as well, which would most likely preempt state security laws.
“The legislators will also continue to dictate what types of security measures must be taken in order to prevent unauthorized access to sensitive company information,” said Ansanelli. “One recent company settlement with the Federal Trade Commission shows how active government agencies are becoming with respect to treating customer information appropriately.”
There are approximately 15 anti-ID theft bills before the U.S. Congress currently.
According to the Privacy Rights Clearinghouse, located in San Diego, more than 51 million personal identifying numbers have been compromised by criminals since February. One that made headlines was from Atlanta-area data broker ChoicePoint, which complied with a security breach disclosure law in California and reported that ID thieves made off with the personal information of 145,000 people.
Skeptical of Survey Data
An array of surveys have found that about 20 percent of Americans say they have been beset by identity theft.
The Identity Theft and Assumption Deterrence Act of 1998 defines ID theft as the illegal use of someone’s means of identification — including a credit card.
Federal law, however, caps one’s personal liability at US$50. Other surveys have found that about two-thirds of people classified as identity theft victims end up paying nothing out of their own pockets.