During the Internet's rise in prominence these past few years, numerous websites have come and gone. The popular social networks of yesteryear have mostly faded from memory and while some e-commerce sites remain just as popular as ever, others have disappeared from the online environment. Meanwhile, numerous organizations have updated their sites, but remnants of their older pages may still be found by particularly diligent individuals. All of this adds up to a potentially substantial amount of user information that account holders have since forgotten about, or that has gone unprotected against modern identity theft techniques – and this is before factoring in the information that people know about, but may still be exposed to fraudsters and other bad actors.
Due to the ready availability of information, 7 percent of all U.S. citizens age 16 or older experienced identity theft at least once in 2012, according to recent findings from the Justice Department's Bureau of Justice Statistics (BJS). An estimated 16.6 million U.S. residents have been affected by approximately $24.7 billion in financial losses. Additionally, this represents only a portion of all people who have experienced the issue, with approximately 34.2 million Americans having undergone the problem at least once in their lifetimes.
Most targets don't know how their information was stolen
What's most troubling about many cases of identity theft is that two out of three victims don't know how their information was stolen, and that nine out of 10 of them also didn't know the offender. The causes could be as simple as someone searching through a victim's trash, or they might be the result of a concerted online effort to dig up as many details about a target as possible through the numerous amounts of personal data available on the Internet. A stranger could figure out personal details from half-a-world away without anyone the wiser, at least until the suspicious credit card statements come rolling in. Often enough, anyone with compromised finance accounts only discovered the fact after they were contacted by their bank or similar institution.
Getting around the problem
Eliminating all of the identity theft experienced by nearly 10 percent of U.S. citizens may be difficult without extracting every bit of personal data let loose into the Internet – a nearly impossible task – but the problem can be minimized in part by protecting users with more than just a password, and by creating accounts that are less reliant on personal information for identity verification. The street that someone grew up on isn't private data, but instead a readily available fact to anyone with the know-how.
Requiring more personal identifiers that don't involve easily stolen information might help. Any data that might be available online should be considered compromised, so the only solution is to find an authentication method that doesn't need any of those details. Some companies are already moving toward these methods by requiring users to send SMS messages before granting members access to their accounts. Unlike knowledge about an individual's first pet, a smartphone is harder for fraudsters to fake, enabling a greater degree of protection than even the most sensitive information can provide.
Organizations should also take steps to increase the anonymity of their users. Requiring personal information for individuals to login only puts that data at risk, and it often won't be necessary with more robust security measures. While respecting privacy issues is a matter of respect to the consumer, it's also one of practicality to safeguard sensitive details.