Robert Siciliano Identity Theft Expert

Its been said before, company networks are like candy bars, hard on the outside and soft and chewy on the inside.

The Manhattan DA busted a 27 year old IT employee of Bank of New York Mellon for stealing the identities of 150 coworkers over an 8 year period, (he started when he was 19) to the tune of 1.1 million bucks. That’s almost $140,000 a year he bilked.

He was able to compromise the online bank accounts of numerous employees and wired money to accounts outside the bank that he set up under their names that he controlled.

This is a classic case of the fox watching the henhouse. This guy was in insider terrorist looking his colleagues straight in the eye and lying to them. I rank him with pedophiles and serial killers.

As much as 70% of all identity theft is committed by someone with inside access to organizations such as corporations, banks or government agencies, or simply someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it’s just too easy not to.

An identity thief begins by acquiring a target’s personal identifying information: name, Social Security number, birth date and address, account information etc. If the thief has regular access to a database, it makes it too easy.

Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim’s current address as “previous” and plugs in a new address, usually a P.O. Box or the thief’s own address, where the new credit card or statement will be sent. I’m amazed that a lender or credit card company can be careless enough to send a new credit card to a relatively anonymous P.O. Box. The lender just checks the victim’s credit and, since everything matches, no red flags pop up. The card is issued, the account is opened and the fun begins.

In this case investigators found dozens of bank and credit statements in the names of the victims at his home address.

Think for a moment about your home/flat/apartment and how you would break in if you lost your keys. And if a burglar knew what you knew about where you hide and store your stuff. How much damage could he do, knowing what you know? Insiders pose the same problem. They know the ins and outs of all systems in place and can wreak havoc on your operation while they are employed and sometimes after they are let go.

The problems begin when we put people in a trusted place. They are granted access because that’s their job to perform certain duties and they are granted carte blanche access. Ultimately this is a people problem and needs to be addressed that way.

Limited Sources; only grant access to a few trusted sources. Minimize the amount of personnel that have access to whatever systems in place. Supervise the supervisors.

Due Diligence; in the information age, our lives are an open book. Background checks from information brokers are very necessary. Not doing a background check increases your liability. A person previously convicted of a crime just might do it again.

Limit Access; even a good apple eventually can go bad. By restricting the access to those who are in a trusted position, in the event they turn sour, can limit damage.

Defense in Depth; audit, audit, audit. This is all about checks and balances. Separation of powers. Multiple layers of authorization. We’ve all watched the movie where in order to launch the missile there were 2 keys held by 2 people, who pressed 2 buttons in order for the missile to launch. Put systems in place that facilitate someone always watching over someone’s shoulder. This way the bad apple can’t hide or execute their malicious intent.

Prosecute the Guilty; in the event of a breach of trust, make an example of the person that others won’t forget. Public hangings set a strong deterrent.

Get a credit freeze. Go to and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.

And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”

It is human nature to trust each other. We are raised to be civil towards one another and to respect those in authoritative positions. It takes a significant amount of trust in your fellow human being to drive down the street while cars are heading toward you only separated by a thin painted line. Without trust we wouldn’t get out of bed in the morning.

The system is set up that we are all sheep and there are no wolves. Obviously this wolf got fat, then lazy, then caught. Nice job Manhattan DA!

Robert Siciliano identity theft speaker discussing identity theft on Fox News

Be Sociable, Share!