ID Theft: Insider Access Is No. 1 Threat

Insiders, Family Most Likely to Misuse Social Security Numbers

By , November 9, 2010.
ID Theft: Insider Access Is No. 1 Threat
Read Transcript

Kirk Nahra says Social Security numbers are used too often.They remain the most critical and common personal identifiers used on a daily basis in the United States, but their overuse leads to lacking or lax protective controls. Compromised Social Security numbers are the backbone of identity theft, a crime that is getting more serious.

Most cases of identity theft can be traced back to an employee, family member or friend, says Nahra, a privacy expert and attorney. When financial institutions and businesses store Social Security numbers in databases, they run the risk of exposing their customers to insider threats. And when consumers carry their Social Security cards with them, they run the risk of exposing their information to relatives and friends who are more than happy to take advantage of their trust.

Nahra says laws and society, generally, are getting better about reporting and responding to incidents of compromised Social Security numbers and, ultimately, identity theft crimes; but much more progress is needed. "We need better protection of Social Security numbers," he says. "There aren't many situations when you absolutely have to rely on a Social Security number," and where the Social Security number is not needed, consumers should not provide it and companies should not store it.

During this interview with Information Security Media Group, Nahra discusses:

  • Why insider access should be a bank's or credit union's No. 1 concern;
  • How outdated databases and histories can lead to the compromise of Social Security numbers; and
  • Why the industry should focus more attention on how to adequately respond to Social Security number thefts.

Kirk J. Nahra is a partner with Wiley Rein in Washington, D.C., where he specializes in privacy and information security litigation and counseling. He chairs the firm's Privacy Practice and is co-chair of its Health Care Practice. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. He has served on the International Association of Privacy Professionals Board of Directors and is the editor of Privacy Advisor. A certified information privacy professional, he is the co-chair of the Confidentiality, Privacy and Security Workgroup of the American Health Information Community. He is a graduate of Georgetown University and the Harvard Law School, and is a frequent author and speaker on privacy and security issues.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Alleged Russian Mega-Hacker Extradited

Extradited Russian national Vladimir Drinkman, who's been charged with masterminding the...

Latest Tweets and Mentions

ARTICLE Alleged Russian Mega-Hacker Extradited

Extradited Russian national Vladimir Drinkman, who's been charged with masterminding the...

The ISMG Network