4 min read

ID theft means money

Meeting legitimate fears about identity fraud can be an opportunity for VARs with the right protection solutionsrn



We’ve all seen the funny identity theft commercials on TV. But those spots are meant to bring awareness to the average consumer and not the small business entrepreneur.

Identity theft, according to one time con artist Frank Abagnale, is the fastest growing crime in North America. The reason

for this rising epidemic is “”it’s easier to hack people than computers,”” he said.

Abagnale, who turned his life around and now helps organizations with identity theft protection programs as well training FBI agents on fraud, said each person carries 22 pieces of identification in their wallet or purse. “”Some,”” he said, “”carry more but no one carries less.””

Big risk

For most companies the risk can be heightened not only from cybercrooks but disgruntled workers. If a company fires an employee, for example, it must remove his access to computer and phone systems and pass card entry.

According to IDC a typical employee has access to 12 to 15 systems. When that employee leaves they get removed from seven to eight of those systems.

“”This means there are many more systems that can be accessed or exploited such as financial and sales systems,”” said Chris Devlin, channel advocacy manager for Computer Associates Canada.

Usually, human resources are the first to remove a fired employee from its system, Devlin added. But, what if your business does not have a human resources department?

This employee may still have access to your records and according to Abagnale: “”I need just three pieces of ID to become you.””

The University of Michigan found last year that 71 per cent of ID theft were inside jobs.

For bigger companies the problem with ID theft sometimes is off the scale, Abagnale said. He gave this fictitious example: If an company had to lay off 24,000 employees it would take 17 staffers nine months to completely remove all of them from their systems.

Abagnale does not endorse any products, but he said companies should protect themselves. An application such as Etrust from CA, does not cost a lot and can remove 20,000 employees from a company’s IT infrastructure in five minutes and restore them in five minutes.

Kevin Krempulec, channel manager for Symantec Canada argees internal attacks come from mostly disgruntled employees. “”In that scenario it is a low-level attack yet it still causes concern. The second is an external attack from hackers or virus writers and they can compromise your system or network. They can break in and control your network or obtain access to certain systems and find information on individuals,”” he said.

Fixing this problem, Krempulec added, is not easy. Companies need to take a step back and look at their entire security policy to find out how the company can be protected from internal and external threats.

External threats

Cybercrooks use tactics such as phishing to gain access to personal information. Phishing is done through e-mail and usually looks similar to an online invoice from Ebay or local bank statement. It will have several links that if clicked on enable the cybercrook to gain access to your PC. If you do online banking or online commerce, you’ve just been hacked.

“”Phishing expeditions and other unique scams are becoming a growing problem because they are sophisticated. They use life like logos and URLs and we are in the business so we recognize this, but the average user or business doesn’t,”” said Alan McLaren, president of WhiteHat Inc., a security focused solution provider, based in Burlington, Ont.

WhiteHat has developed a hosted-based solution called Insight Email Guardian. For a minimum of $75 for a business with fewer than 30 users, this system can have all incoming e-mails cleansed of spam, viruses or phishes.

“”This is especially strong for small business who do not have the resources. This eliminates one of the problems because ID theft comes mostly from e-mail. You eliminate one big headache and the IT guy can deal with other issues,”” McLaren said.

ID theft also comes from misfortune. Just last year airports in Canada and U.S. reported more than 253,000 lost PDAs. “”Everywhere you look we are giving any our information,”” Abagnale said.

Besides the risk to your business, by not protecting your company you run the risk of being sued. “”Companies have to be concerned with class action lawsuits,”” he said.

Already a small cottage industry has cropped up because of ID theft. Crime Attorneys, a California-based law firm has set up www.fightforme.com to help people victimized by ID theft get back some of their losses.

McLaren said ID theft in Canada mirrors U.S. problems. He believes ID theft is on the rise with nearly 10 million people already being victimized.

“”The more people are on the Internet, who are not sophisticated users, they became the weak link and it is a serious problem in Canada,”” McLaren said.

Canadian dilemma

The problem in Canada is a lack of security-focused solution providers who are ready to deliver ID theft protection solutions to small business.

Information Systems Architects Inc. (ISA), a Toronto-based solution provider has started to develop a practice in this area, but Rick Uhrich, president of ISA, admitted his company is not at the stage where they can begin delivering solutions.

Krempulec said the shortage concerns Symantec. “”Customers who depend on VARs are getting frustrated,”” he said.

According to Devlin, many solution providers are missing out on a lucrative business.

He said the top integrators such as KPMG are already servicing enterprise customers, but the market opportunity is in small business.

He said margins on ID theft solutions would be through the roof.

“”Very high double digits.””