Identity Resolution Daily

By the Infoglide Team

Long Beach Press-Telegram: 3 more truck firms named in port probe

“In the latest cases, the companies were able to avoid paying overtime, payroll taxes, health insurance and workers’ compensation by labeling their drivers ‘independent contractors’ — a label applied to some 90 percent of truckers in the ports of Long Beach and Los Angeles.”

All Things Data: Master Data Management and the Mid-Market Need

“Basically, the MDM Summit in New York confirmed that the process to implement a Master Data Management initiative is generally the same regardless of whether the organization is a Mid-Market company or a larger enterprise.”

SmartBrief: Homeland Security releases more details on Secure Flight program

“The Department of Homeland Security estimates 99% of passengers will breeze through security next year when federal officials take over the job of screening names provided by the airlines.”

Confessions of a database geek: Updates to the Information Quality Aggregator

“It’s great to see more activity in the data quality arena. Dylan Jones started the Data Quality Pro site, and dropped me a note with some additional blogs to consider. A couple look pretty good!”

Share This

[Post from Infoglide] Start Early on Data Quality

“Identity resolution plays a vital role in data quality applications. Applying identity resolution on the front-end can ensure that error-filled and fraudulent identity information is detected and kept from entering production systems.”

Nashua Telegraph: Owners take on workers at issue

“In addition, the business avoided more than $368,000 in worker’s compensation insurance premiums by under-reporting the number of workers they had hired, prosecutors claim.”

Kiplinger Business Resource Center: Government to Take over Screening from Airlines

“Under a program dubbed Secure Flight, the Transportation Security Administration (TSA) will assume responsibility for checking passengers against a watch list of known and suspected terrorists. Currently, that job is performed by the airlines, and each one has its own process.”

CSO Security Leadership: Opposing Forces in a Down Market

“In a tightening economy, history has proven that the risks faced by businesses increase significantly. When times begin to get tough for individuals, many will turn to crime to abate their diminishing financial situations.”

Share This

By the Infoglide Team

info4security: The Cybercrime Arms Race

“Criminal activity has always mirrored legitimate business. The image of a Mafia accountant may be the first to spring to mind. However, it’s worth noting that cybercrime is not currently organised into one or more worldwide Mafia-like organizations with a Dr No figure at the helm. Rather, it’s an interdependent world based on groups who have complementary functionality.”

Portfolio.com: Insider Trading Suspects Settle Up

“In what the S.E.C. called the ‘Wall Street Serial Insider Trading Ring,’ 14 defendants, in two different schemes, traded repeatedly on non-public information in exchange for cash kickbacks, according to the complaint. Overall, they allegedly made at least $15 million in illegal profits.”

SecurityFocus: Two-thirds of firms hit by cybercrime

“More than 7,800 companies responded to the survey (pdf), which classified cybercrime into cyber attacks, cyber theft, and other incidents.”

Information Week: Congress Extends Cybercrime Laws

“The U.S. House of Representatives approved the bill — H.R. 5938 — Monday. The amendment — part of Senate bill S. 2168 — expands the ability of the federal government to prosecute identity theft crimes and allows victims to obtain restitution for the time and money they spend trying to restore their credit. The legislation, which must be signed by President George W. Bush, allows a fine and up to five years imprisonment for spyware.”

NRF LPInformation: Update on ORC Hearing, September 22 (Monday) at 4pm

“The House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security is scheduled to address H.R. 6713, the ‘E-fencing Enforcement Act of 2008′, H.R. 6491, the ‘Organized Retail Crime Act of 2008′ and S. 3434, the ‘Combating Organized Retail Crime Act of 2008′.”

Share This

By Robert Barker, Infoglide Senior Vice President & Chief Marketing Officer

At the recent International Conference on Cybercrime Forensics Education and Training in Canterbury UK, international experts discussed the challenges involved in keeping up with increasingly sophisticated criminals who target children on the internet. They covered a wide array of subjects that illustrated the complex ways that computer systems are exposed, including topics like mobile phone forensic investigation, the social effects of Spam, digital intrusion forensics, implications and methodology of facial ID training, and virtual reality police training.

Pedophiles use multiple forms of internet communication to share information, including photographs. A recent infamous example in the UK is Philip Anthony Thompson. A British police unit discovered that his home computer was hosting a quarter of a million child porn images, including 3000 depicting sadistic abuse, and that Thompson served as an administrator of a forum that enabled and encouraged sharing of images and knowledge. 

Is the fact that Thompson was caught a sign that law enforcement has the problem under control? Not exactly. Denis Edgar-Nevill, chairman of the cybercrime forensics conference, pointed out that “people should not believe that cybercrime is being dealt with well or that it is something law enforcement agencies are on top of.” He was not being critical of law enforcement, and in fact he commended them for work in certain areas. It’s just that the scale of the problem is so huge, and with the growing number of avenues for people to communicate, it’s incredibly difficult for enforcement agencies to keep up. Their resources are divided across a number of cybercrimes, and, for better or worse, financial crimes are often considered more serious.

Given the finite human resources of police agencies, can technology fill the gap? Sexual predation depends on the use of fraudulent identities. Identity resolution technology has been used to fight many other types of fraud. It can find stolen goods being fenced on eBay by ORC groups. Stock exchanges find hidden relationships that lead to identification of insider trades. Retailers use it to detect and prevent deceptive returns of stolen merchandise by deceitful employees. Lotteries can detect false claims with winning tickets. Workers’ compensation agencies leverage identity resolution to identify fraudulent claims. And terrorists are prevented from boarding airplanes.

With proper cooperation between law enforcement agencies and information technology vendors, surely identity resolution technology can enable the development of automated systems that will shine a light on predators and greatly diminish their ability to operate under the radar of police groups.

Share This

“It is unfair to label Iranian and other immigrants as dangerous based solely on the activities of their government’s leaders. This one-sided post unnecessarily causes fear towards immigrants from Iran, Cuba, Sudan, and Syria. […] Immigration did not cause 9/11.”

That’s one of our own, Joe Alavi, Web Developer for Infoglide Software, taking us to task for our post on Monday, Much Ado About Ahmadinejad. But What of the Other 3,100 Iranians in the US? And of course, he’s right.

There was no intent to impugn every immigrant from these countries. Instead, we wanted to call attention to a new GAO report that warns that U.S. government is not taking adequate steps to properly resolve the identities of immigrants who apply through the Diversity Visa (DV) program. The report says, “Consular officers at 6 of the 11 posts we reviewed reported that widespread use of fake documents, such as birth certificates, marriage certificates, and passports, presented challenges when verifying the identities of applicants and dependents. Difficulty in verifying identities has security implications because State’s security checks rely heavily on name-based databases.”

In making our point, instead of keying off this provocative headline from Reuters, U.S. admits nearly 10,000 from “terrorism” states, we could have employed this more balanced story from the Washington Post — Risk of Fraud High in Visa Program.

Another story from the San Antonio Express News reported that of the 10,000 immigrants who have migrated here from states that sponsor terrorism, “None of those immigrants has been linked to terrorist investigations or acts. But the program should be overhauled, the 51-page report concluded, because the risk remains high and there are other lingering problems, such as rampant fraud.”

However, Investor’s Business Daily, CNSNews and Sen. Jeff Sessions (R-Ala.) all call attention to one exception: Mohamed Hadayet. He earned a green card through his wife and she gained entry through the DV program. Mohamed Hadayet was the terrorist who shot and killed two people at the El Al counter at LAX in 2002. For the sake of balance, we should point out that Hadayet was an Egyptian and Egypt is not listed as a state sponsor of terrorism.

And balance is what our post on Monday was missing.

Thank you, Joe, for writing

“The post does not mention that the vast majority of immigrants from these countries are peaceful, intelligent, law abiding citizens that make a positive impact on this country on a daily basis. It is irresponsible to single out Iranians in the title of the post because there are no facts to suggest that these Iranians are dangerous whatsoever. They are coming to this country to receive an education, a better way of life, to visit relatives, etc. They are not coming to be spies or terrorists as this post suggests.”

Joe also called us out for not balancing our post with the very real accomplishments of Iranian-Americans.

He’s right about that and he’s also right about this:

“The United States was founded by immigrants in Plymouth, Massachusetts and Jamestown, Virginia. The first transcontinental railroad (one of the greatest technological achievements of the 19th century) was constructed largely by hard working Irish and Chinese immigrants in very dangerous and grueling conditions.

“This country receives tremendous benefit by welcoming immigrants because often they are very intelligent individuals seeking higher education, and end up working in various industries, giving our country a competitive edge over the rest of the world. They bring fresh ideas and perspectives and give credibility to our country as an open minded society. Just because 9/11 happened does not mean that immigration is an epidemic. Immigration did not cause 9/11.”

Thanks again, Joe, for speaking up and keeping the blog on the right path.

Share This

[Daily Post from Infoglide Software] Knowledge Center: The Return of Loss Prevention Expert Jeff Stein

“Twenty-year Loss Prevention (LP) veteran, Jeff Stein, returns [today] with a chilling new guest post on the often mortal peril LP professionals face in the line of duty.”

EmpireStateNews.net: 15 members of ring charged with making fake IDs, other crimes

“State and federal authorities Wednesday announced the unsealing of an indictment charging 15 individuals with crimes including producing fake identification documents, using those documents to commit various fraud crimes, and selling and transporting stolen vehicles.”

NY Post: Fake-ID Ring Made $10M: Feds

“One accused ring member, Fayyaz Ahmed, 40, used a fake New York driver’s license and credit card in a bizarre bid to buy $10,000 in gift cards from a Lowe’s store, in New Jersey in January 2005, according to court papers. He allegedly used the same bogus ID to buy $19,000 in appliances at a Home Depot store.”

Share This

Sam Walton used to tie employees’ bonuses to the amount of inventory theft in individual stores because he said that theft was retail’s biggest profit killer. Public disclosures today from Walton’s own company prove that he was right. According to the Associated Press, theft will cost Wal-Mart $3 billion dollars this year. In the article, industry analysts conjecture as to why Wal-Mart, which traditionally suffered half the shrinkage rate of its nearest competitors, is suddenly experiencing a surge in theft to the point that it’s nearly material enough to affect stock holdings.

Did this precipitous rise in the amount of shrinkage come from the company’s well-publicized policy to stop prosecuting thefts of $25 or less? Wal-Mart did announce this week that it would much more aggressively prosecute shoplifting teenagers — even if they were as young as 16, and even if it was the first time. Perhaps shrinkage is up because employee morale is down due in part to smaller bonuses this year (which are no longer affected by the rate of theft). AP quotes an employee who claims:

“People would walk out with bags of merchandise … I heard the alarms go off and people wouldn’t even look.”

And here’s someone who really felt disgruntled:

“In one of the more brazen employee thefts, a man wearing dark clothing and a ski mask entered a Port Clinton, Ohio, Wal-Mart store last January at midnight unnoticed by employees and stole $45,000 from the store safe. The store’s night manager, Dana Walker, 30, was later arrested for the crime. He became a suspect because he knew the combination to the safe.”

Wal-Mart is a perfect example of the need for employee screening. Bad hires greatly increase an organization’s exposure to theft, fraud and other risks like on-the-job violence. Though for theft and fraud, “last year, retail companies’ losses total $41.6 billion with a loss of 1.61% of sales to theft and fraud,” according to a National Retail Federation survey. The most telling fact uncovered by this is survey is that nearly 47 percent of this loss came from employee theft, while shoplifting accounted for only about 32 percent.”

So it’s obviously critical to the health of your organization that you either do not hire or do not retain employees who pose a risk. For many organizations, this means doing costly third-party background screening. However, if you collect risk-oriented data on individuals, such as bad check writers, slip and fall incidents, and known shoplifters, you already have useful information that may prevent you from making a costly hiring decision. You just need a tool to access it.

This is where identity resolution comes in handy. With an identity resolution system in place, using your own risk data, it’s possible to screen new hires with multiple, hidden or similar identities and also hidden relationships to individuals with negative histories.

Rather than busting 16 yr-olds, it’s much more profitable to screen out risky employees while ensuring that the employees you hire can be trusted.

Share This

Here’s an unusual twist on identifying a shoplifting suspect. A man was recently arrested for shoplifting at a Kroger in Richmond, VA and according to the local paper

”’When we pulled up his mug shot at the jail, he had the same Dale Earnhardt shirt on in his mug shot as he did when he [previously] stole the TV at Wal-Mart,’ Gregg said. ‘It wasn’t too hard (to identify him).’”

Unfortunately, the more sophisticated shoplifters—especially those who belong to organized retail crime (ORC) rings—can’t be easily ID’d by their NASCAR t-shirts. The ORCs move from city to city, changing their identities as they go, and to catch these criminals loss prevention professionals must have the ability to resolve multiple identities and utilize all their data, even data siloed off in legacy systems.

As shoplifters slip through the gaps in loss prevention, it leaves consumers paying up for losses totaling nearly $41.6 billion in 2006 alone. In a previous post, we wrote that if you add to that the annual cost of property/casualty insurance fraud and retail fraud, American consumers spent over $600 a year per household paying for theft and fraud.

How widespread is shoplifting? According to National Association of Shoplifting Prevention

“…shoplifting has become one of the most prevalent crimes in the U.S., averaging about 550,000 incidents per day resulting in more than $10 billion worth of goods being stolen from retailers each year. That is more than $25 million in losses per day. Current estimates are as high as 1 in 11 Americans who shoplift in our nation today.”

To combat shoplifting it’s critical to access and utilize all the customer data across the entire enterprise. If you can figure out who is who in real time, then you catch the bad guys without upsetting the good customers.

While retail theft is at an all-time high, the problem is not all due to shoplifters. Actually, employees did the most damage in 2006. Of the $41.6 billion in last year’s losses, employee theft was responsible for 19.5 billion, followed by shoplifting, at $13.3 billion. Other losses came from administrative error at $5.8 billion, and vendor fraud at $1.7 billion.

How can retailers combat employee theft? For this, your data also needs to be able to tell you who knows whom. Here are just a few questions every loss prevention pro should ask:

• Are you about to hire someone who has been caught shoplifting in one of your stores? Are they working for you right now? Or a sister company’s store?

• Which employees are returning merchandise without identifying themselves?

• Who is purchasing at discount and returning for full price?

• Does a multiple-return item match a missing shipment?

• Which customers have multiple identities? And why?

• Do any of those identities correlate to an employee or vendor?

• Is there a relationship between an incident victim and an employee eye witness?

A successful loss prevention program, one that saves just 10% of shrinkage delivers the same effect on profit as opening 15 new stores, but with dramatically less risk and investment. Combining multiple analytics in real time ensures that good customers have great experiences, while the same system stops fraudulent transactions before they start.

Comments

Share This

Sometimes being secure on social networks is easy. It’s easy enough to figure out that the unintelligible friend-request from “younghottie1234″ on MySpace is probably a threat. However, as cyber-criminals grow consistently better at manipulating identity, some questions about social networks’ identity screening process demand answers. Specifically, why don’t social networks like MySpace and Facebook utilize more effective identity screening solutions, especially to protect minors who use the sites?

Obviously, social networks collect lots of data from their users. However, that data isn’t always used effectively or protected as well as it should be. For example, Facebook recently had to upgrade their advanced search feature when a blog post revealed that private information was showing up in search results. In a Times Online article, Jonathan Richards writes that

“anyone could search for a user’s name and, by narrowing the query according to various categories, find out details that the user did not intend to disclose.”

And Facebook is widely considered to have higher privacy levels than some of its competitors. While Facebook users typically use their real names, for instance, other social networks like MySpace and Bebo almost exclusively feature pseudonyms, which further complicates identity resolution.

On these sites, both innocent users and cyber-criminals use fictional names, and that creates a general acceptance of fraudulent identities. According to data compiled by McAfee, many users - especially younger ones - rarely “question the legitimacy of e-mails and have been hit by identity-theft scams and other fraud” (from SeattlePI.com).

These concerns echo questions we asked in a previous post about whether privacy and security is the domain of the people offering services or the users of that service. It seems that when a site’s norm is to obscure identity, that site needs to have protection in place to resolve identities for the protection of all users. Consider MySpace’s troubles with sexual predators. A report by Webroot Software found that

“43% of children aged 11 to 17 who use social-networking sites reported having been contacted online by complete strangers, while 37% said they’ve received a sexually explicit e-mail or pop-up advertisement over the past year.” (from Information Week)

Whatever identity resolution measures MySpace has in place clearly allow a significant number of threats into the system. It seems that better software needs to be deployed, maybe that could cross-reference identities with law enforcement databases. If anonymity is inherent in the public use of so many social networks, the networks need to be able to target specific threats by using real data on the back end.

Share This

Some interesting claims by Gareth Herschel, research director with Gartner, got us thinking. In a post on Data Management News Herschel muses about how and why an organization deploys solutions for getting useful data out of potentially huge databases. He says that before an organization gets too deep into data-mining, they should ask themselves several questions including:

• What type of questions is an organization hoping to get answered with customer data mining?
• Who is going to be asking those questions — analysts, business users or both?
• How, and where, will the results of analysis be deployed into the business? Will they go into one specific application or potentially to many places — such as difficult call centers, point-of-sale or retail applications?

and

• Where is the data? Is it all cleansed in a data warehouse or spread out in different data marts? What form is it in?

Sure, his focus is on customer data mining, but the same issues seem applicable to identity resolution. In retail, the goals of identity resolution might be screening current or future employees. Or it might be resolving the fraudulent identities of a repeat shoplifter. In other scenarios, identity resolution might have the goal of accurately targeting security threats, say among mass-transit passengers. The point is that understanding exactly what your goals are in acquiring the data puts you one step closer to responsibly using the data.

That notion of responsibility really speaks to Herschel’s other questions, and they all point to the question of privacy. Regardless of a business’ goals in acquiring data, the privacy of identities within the data should always be maintained. That’s why knowing answers to “who goes looking for the data” and “how will the data be deployed” are key to protecting the security of the information.

Understanding those issues is even more important if you plan on using (or selling) secondary data. As Bruce Schneier points out in a Wired post, legislation and technology should come together and do what they can to protect our rights in secondary data, but people play an important role too. He reminds us that

“It’s easy to build systems that collect data on everything - it’s what computers naturally do - but it’s far better to take the time to understand what data is needed and why, and only collect that.”

So while acquiring various kinds of data, especially resolving identities across multiple data sources, can be vital to a business’ success, a great burden rests on the shoulders of those doing the acquisition. Figuring out your needs for the data and controlling the flow of that data, through direct human contact and/or a well designed vertical search engine, will help ensure not only that you get “good data” but that you are protecting individuals’ rights to privacy.

Share This