Can Blockchain End Identity Theft?
Vice President and ID Theft Practice Leader
I just read an interesting article titled How Blockchain Could Put an End to Identity Theft (please see here).
I was very interested in how the article believes that identity theft has reached its current place in society because "consumers have historically favored convenience over privacy."
The article also mentions that most consumers do not read the terms and conditions relating to social media and apps and that consumers have poor password management - of which I believe to be very true and have written about for several years.
Lastly, the article states that consumers have "transferred ownership" of their personal information by putting "every company and government institution in the identity management business."
My initial response to the above is - REALLY?
Are consumers the primary reason why businesses in the United States often require our most sensitive information, including our Social Security number, to open accounts? And with this required sensitive information, are consumers the reason these businesses have experienced over 8,000 (known) data breaches since 2005? In addition, are consumers the reason there were 16.7 million victims of identity theft and fraud last year?
I do not think so!
So let's look at the facts. The cybersecurity industry including security software, cloud security, cyber insurance and cyber law have grown significantly in the last few years – however, data breaches in the United States and worldwide continue at a breathtaking pace.
Nearly every day there is a headline news story about a new data breach (please see here) ranging from thousands to millions of records that are "lost or stolen" including social security numbers, driver's license numbers, bank account numbers, dates of birth, passwords, and now even our personal health/medical information.
The result of these data breaches have included regulatory fines and penalties, lawsuits and litigation, reputational damage, and lost customers, revenue, and profits.
Most of these companies that experience a data breach spend millions of dollars on information security and governance - and then spend even more on data breach response and recovery. There is a clear disconnect between how much money is being spent on preventing data breaches and how much is being spent after a data breach.
So let's return to the title of this article - can blockchain end identity theft? With the emergence of blockchain technology can consumers truly consider blockchain technology to be secure and safe?
If so, why are numerous industry groups such as financial institutions, healthcare, insurance, and credit bureaus (recall last year's 145 million person Equifax data breach) so slow in implementing blockchain technology and processes?
If not, what are blockchain's weaknesses and vulnerabilities?
I do not doubt that blockchain technology, when perfectly executed and protected, can be safe, secure and hacker proof.
However, can we depend on blockchain technology and its surrounding environment to be perfect - along with being perfect all the time?
My 28 years professional experience in the identity theft, insurance and data breach risk management business sectors makes me believe the answer is no.
In my opinion, any security technology system and its surrounding environment has some vulnerability, and I believe the blockchain technology environment is no exception.
To illustrate this point, you may be aware that most data breaches are related directly to human error.
For example, these two reports titled Dissecting Data Breaches and Debunking the Myths and Beazley's 2018 Breach Briefing reveals the rapidly-changing cyber risk landscape highlight how vulnerabilities in systems, processes or human fallibility affect every organization regardless of sector and size.
Based on the above, I recommend that companies and individual consumers focus on response and recovery - because it's not a question of if, but when a company experiences a data breach event, even if your organization has implemented Blockchain technology to prevent access to your organizations sensitive customer and employee data.
To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.
BBB Tip: Tech Support Scams
By Better Business Bureau July 1, 2018.
A tech support rep calls you at home and offers to fix a computer bug that you haven't even noticed, or a popup warning appears on your screen instructing you to dial a number for help. In this con, scammers pose as tech support employees of well-known computer companies and hassle victims into paying for their "support."
How the Scam Works:
You get a telephone call or a popup on your computer screen from someone claiming to be with tech support from a well-known software company. Microsoft, Comcast, Norton and Dell are all popular choices. Often the scammer will create a sense of urgency-the computer is sending error messages, they've detected a virus, or your computer is about to crash and you'll lose all your data!
You are told only a tech support employee can fix the problem, and you're asked to allow access to your machine. Once access is granted, the caller will often run a "scan" and claim your computer is infected with viruses. The scammer then offers to fix the problem... for a fee.
That may not be the end of the scam. If you allow remote access, malware may be installed on your machine. Malware often scans files in search of personal information, which scammers can use to commit identity theft.
Tips to spot this scam:
- Never give control of your computer to a third party unless you know it is the representative of a computer support team you contacted.
- Legitimate tech support companies don't call out of the blue. A popular way for thieves to get in touch with victims is through cold calls. The callers often claim to be from a tech company. But remember that scammers can spoof official looking phone numbers, so don't trust your Caller ID.
- Look out for warning screens: Nearly half of tech support scams begin with an alert on the victim's computer screen. This pop up will have a phone number to call for help. Instead of calling, shutdown your computer and restart it.
- Be wary of sponsored links. When you search online for tech support, look out for sponsored ads at the top of the results list. Many of these links lead to businesses that scam consumers.
- Don't click on links in unfamiliar emails. Scammers also use email to reach victims. These messages point consumers to scam websites that launch pop-ups with the fake warnings and phone numbers.
If you are a victim of a tech support scam:
- Contact your bank immediately.
- Take your computer to a trusted local business and have it checked out.
- Remove any software that authorized remote access to your computer.
- Change the passwords you use to access your bank and other sensitive sites.
- File a report with BBB Scam Tracker and with law enforcement authorities, such as the FTC
To learn how to protect yourself, go to "10 Steps to Avoid Scams".
To read BBB's complete study with more details on who is behind tech support scams, how they are requesting money, and whom they are victimizing, as well as BBB's recommendations for dealing with the problem, click here.
If you have been the victim of identity theft, go to identitytheft.gov for a personalized recovery plan from the Federal Trade Commission.
Courtesy of the Better Business Bureau - for more information visit: http://www.bbb.org/phoenix/news-events/.
If you believe your identity has been stolen, call 866.SMART68 today!