Over the past 15 years, we have watched hackers’ evolution from “phreaking” phone systems, to hacking government agencies like NASA, and eventually creating viruses that take down networks. In the beginning, their primary motivations were fun, fame, and amusement. Over the past ten years, the game changed dramatically, from fun and fame to financial gain. Hackers targeted government agencies, then colleges, banks, retailers, credit card processors, hotels, and eventually, major multinational corporations.
Who are they hacking now? Well, everyone. And as journalist Brian Krebs has pointed out on his blog, Krebs On Security, they are targeting auto dealerships in a big way. Why? Because auto dealerships’ records include lots of Social Security numbers, which identity thieves can use to apply for credit cards in their victims’ names.
Krebs states, “Recent hacker break-ins at a half-dozen car dealerships nationwide are a reminder of just how easily one’s personal and financial information can be jeopardized by poor security at any of tens of thousands of organizations that have access to that data.”
This results in “new account fraud.” This is a form of financial identity theft in which victims’ personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are frequently used to commit new account fraud.
Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is a necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. And when you are actively seeking credit, as Experian points out, “You should plan ahead and lift a freeze, either completely if you are shopping around, or specifically for a certain creditor, a few days before actually applying for new credit.”
Device reputation leader, iovation Inc., helps credit issuers spot new account fraud through the device intelligence that it provides back in real time. iovation alerts issuers to the computers or mobile devices that are applying for multiple credit accounts with different identity information, or masking its location while applying for credit, along with other highly-suspicious behavior. The credit issuer simply sets up their own unique business rules and iovation runs those rules while the applicant is on the site, and returns back and Allow, Deny or Review response for the transaction along with the reasons why.
By identifying new account fraud in real time, credit issuers can save millions of dollars per year from fraud losses. In one case, a Fortune 100 credit issuer using iovation identified 43,000 fraudulent credit applications saving them $8 million dollars from fraud loss over two years.