Insights & Reports > Kroll Global Fraud Report

Criminals are finding new ways to steal identities, including targeting employees

---

Brian Lapidus

---

Scores of articles have breathlessly recounted how Anna Bernanke, wife of United States Federal Reserve Chairman Ben Bernanke, had her purse stolen and the subsequent check fraud. The inevitable conclusion: it can happen to anybody! Identity theft is the fastest growing crime in both the United States and Canada. It is the leading cause of consumer complaints to the American Federal Trade Commission, with cases totaling 313,982 in 2008. In Canada, it is estimated that one in ten have become victims of identity theft.

High profile cases, however, often obscure the reality of identity theft. The real focus of the story should have been the members of Cannon to the Wiz, a Chicago-based ring that perpetrated both high- and low-tech thefts of identities and financial information. The ring had been in the view of law enforcement well before the Bernanke incident. In April 2009, Detroit police arrested four members of the ring who were targeting fans at a sporting event. In June, Virginia federal prosecutors charged 10 with conspiracy and bank fraud, and, just as summer was winding down, authorities arrested a check casher from the ring in Miami.

To identity thieves, everyone is reduced to valuable information such as Social Security or Social Insurance numbers, credit card numbers, addresses, and dates of birth. Data can come from practically any source. While most news stories highlighted the Cannon’s pick-pocketing activities, the ring also infiltrated offices, including those of a United States sponsored charity and the offices of a doctor, in order to obtain checks from the mailroom, personal identification information from medical files, and credit card details.

The Cannon’s activities are a wake-up call to organizations. First, data security cannot be left to the IT department alone. This fosters the belief that anti-virus software, firewalls, and other cyber security measures will effectively eliminate the risk of a data breach. Frequently, the breaches occur due to careless or disgruntled employees, or to employees who are simply unaware that their actions violate security protocols. According to a 2008 Ponemon study, over 88 percent of data breaches involved insider negligence. The per-victim cost of these was $199 per record; those traced to malicious acts cost $225 per record.

Second, never assume that low-tech methods mean that the identity thief is a novice. Authorities reported that members of the Cannon often met for seminars to learn more effective tactics. They used advanced equipment to manufacture fake identification and employed complicated check fraud schemes to drain victims’ bank accounts. They took – according to court documents in the federal case – some $2.1 million from ten different financial institutions. Thieves generally look for the easiest means of access. Once on the inside, they quickly recognize the constant business struggle to secure information contained in items like incoming mail or paper files that are often highly accessible to employees. Missing hardcopy files or a lost office key should not be dismissed as petty; these merit diligent investigation.

Finally, organizations must take background screening efforts seriously. News reports indicate that one of the thieves worked with a corrupt employee at a doctor’s office, and federal informants from the ring indicated that the standard was to pay anywhere from $200 to $500 for a set of complete personal information. Background screening is no panacea, but a thorough check performed by a reputable third party brings all sorts of information to light: criminal histories, financial histories, and professional misconduct to name a few. Data rich organizations, like the doctor’s office, are prime targets and thus have an obligation to perform thorough background checks.

It is unfortunate that Ben and Anna Bernanke had their personal information stolen. Perhaps the one positive outcome is that the incident can encourage discussion of the prevalence and true nature of this crime.