2017’s States Most Vulnerable to Identity Theft & Fraud
3:11 AMPosted by: Richie Bernardo
Equifax has proven that absolutely no one is immune to cybercrime. In September 2017, the credit bureau announced that it had fallen victim to one of the biggest data breaches in recent history. As a result of the hack, an estimated 145.5 million American consumers’ information had been compromised. Indeed, even credit bureaus, government agencies and financial institutions — the organizations consumers trust and expect to treat their confidential information with utmost care and security — cannot take enough precautions to prevent such attacks.
But the Equifax incident is but one of thousands that have affected Americans this year. In fact, according to the Identity Theft Resource Center’s most recent Data Breach Report, 2017 is on track to register the highest number of data breaches since the center began tracking them in 2005. As of Oct. 10, nearly 8,000 breaches with access to more than one billion records had occurred, representing a 630 percent increase from the previous historic high of 1,093, recorded just in 2016, and nearly 5,000 percent since 2005.
And while the federal government and various businesses in recent years have taken more aggressive measures to build up our defenses, criminal strategies continue to evolve and grow in sophistication, keeping consumers vulnerable to identity theft and fraud.
But some Americans are more susceptible than others to such crimes. In order to determine who is most likely to be exposed to and affected by identity theft and fraud, WalletHub’s analysts compared the 50 states and the District of Columbia across eight key metrics. Our data set ranges from identity-theft complaints per capita to average loss amount due to fraud. Read on for our findings, tips for protecting your personal information and a full description of our methodology.
Main FindingsEmbed on your website<iframe src="//d2e70e9yced57e.cloudfront.net/wallethub/embed/17549/geochart-identitytheft.html" width="556" height="347" frameBorder="0" scrolling="no"></iframe> <div style="width:556px;font-size:12px;color:#888;">Source: <a href="http://ift.tt/2yw7N0U;
Worst States for Identity Theft & Fraud|
Overall Rank* |
State |
Total Score |
‘Identity Theft’ Rank |
‘Fraud’ Rank |
‘Policy’ Rank |
|---|---|---|---|---|---|
| 1 | California | 69.43 | 1 | 19 | 10 |
| 2 | District of Columbia | 67.66 | 9 | 6 | 10 |
| 3 | Rhode Island | 68.29 | 3 | 18 | 1 |
| 4 | Texas | 64.20 | 13 | 7 | 30 |
| 5 | Georgia | 66.48 | 7 | 10 | 30 |
| 6 | Florida | 67.55 | 12 | 2 | 30 |
| 7 | Nevada | 64.26 | 14 | 5 | 30 |
| 8 | Michigan | 64.41 | 8 | 12 | 10 |
| 9 | New York | 63.97 | 5 | 20 | 10 |
| 10 | Connecticut | 62.25 | 2 | 39 | 30 |
| 11 | New Mexico | 60.05 | 15 | 13 | 30 |
| 12 | Massachusetts | 59.07 | 6 | 45 | 1 |
| 13 | Illinois | 57.78 | 4 | 50 | 10 |
| 14 | South Carolina | 59.12 | 17 | 14 | 10 |
| 15 | Delaware | 55.39 | 30 | 1 | 48 |
| 16 | Minnesota | 57.09 | 16 | 35 | 1 |
| 17 | Indiana | 55.74 | 10 | 31 | 30 |
| 18 | North Carolina | 55.16 | 26 | 4 | 30 |
| 19 | Pennsylvania | 53.37 | 28 | 15 | 1 |
| 20 | North Dakota | 52.65 | 18 | 40 | 1 |
| 21 | Vermont | 51.53 | 11 | 51 | 10 |
| 22 | Alabama | 52.99 | 36 | 3 | 10 |
| 23 | Colorado | 50.84 | 19 | 26 | 10 |
| 24 | New Jersey | 50.46 | 25 | 24 | 1 |
| 25 | Tennessee | 52.02 | 32 | 8 | 30 |
| 26 | Missouri | 49.16 | 24 | 30 | 1 |
| 27 | Virginia | 49.66 | 29 | 16 | 30 |
| 28 | Arizona | 47.07 | 27 | 23 | 30 |
| 29 | Oregon | 47.23 | 22 | 33 | 10 |
| 30 | Montana | 46.26 | 20 | 44 | 10 |
| 31 | Maryland | 44.82 | 21 | 37 | 48 |
| 32 | Mississippi | 47.47 | 44 | 9 | 30 |
| 33 | Washington | 44.83 | 23 | 43 | 10 |
| 34 | New Hampshire | 45.86 | 37 | 21 | 1 |
| 35 | Arkansas | 43.59 | 34 | 27 | 30 |
| 36 | Nebraska | 44.99 | 40 | 17 | 10 |
| 37 | Idaho | 41.98 | 35 | 41 | 1 |
| 38 | Alaska | 42.82 | 42 | 22 | 10 |
| 39 | Oklahoma | 41.45 | 39 | 29 | 10 |
| 40 | Ohio | 40.08 | 33 | 36 | 48 |
| 41 | Maine | 41.32 | 31 | 47 | 10 |
| 42 | Utah | 40.09 | 43 | 28 | 30 |
| 43 | Louisiana | 39.38 | 47 | 25 | 10 |
| 44 | Kentucky | 38.63 | 38 | 46 | 10 |
| 45 | Kansas | 37.17 | 45 | 38 | 30 |
| 46 | Wisconsin | 37.83 | 46 | 32 | 30 |
| 47 | Wyoming | 36.03 | 50 | 34 | 10 |
| 48 | South Dakota | 38.25 | 51 | 11 | 30 |
| 49 | Hawaii | 34.67 | 41 | 48 | 30 |
| 50 | West Virginia | 32.29 | 49 | 49 | 10 |
| 51 | Iowa | 31.67 | 48 | 42 | 48 |
*No. 1 = Most Vulnerable
- Emphasize Email Security: It’s obviously important to use strong passwords for all financial accounts, but you may not realize how essential it is to focus on email in the course of shoring up such cyber defenses. Your primary email address will likely serve as your username and means of resetting your password on other websites, so if it’s vulnerable, all of your other accounts will be, too. As a result, make sure to use an especially secure password and establish two-step verification for this account.
- Sign Up for Credit Monitoring: Credit monitoring is the best way to keep tabs on your credit report, providing peace of mind in the form of alerts about important changes to your file, including potential signs of identity theft. WalletHub offers free monitoring of your TransUnion credit report.
- Leverage Account Alerts & Update Contact Info: Setting up online management for all of your financial accounts (e.g., credit cards, loans, Social Security), and keeping your phone number, email address and street address up to date will make them harder for identity thieves to hijack. Establishing alerts for changes to your contact info and other suspicious account activity will serve as a safeguard.
- Use Common Sense Online: Don’t open emails you don’t recognize. Don’t download files from untrustworthy sources. Don’t send account numbers and passwords via email or messenger applications. And don’t enter financial or personal information into websites that lack the “https” prefix in their URLs.
For more tips and information, check out WalletHub’s Identity Theft Guide.
Ask the ExpertsAs a cyber-oriented culture, it’s natural to wonder whether and how our daily habits assist hackers in stealing our personal information. We consulted a panel of experts for answers to such questions and advice on how to safeguard our data against cybercriminals. Click on the experts’ profiles to read their bios and thoughts on the following key questions:
- What can individuals do to guard against identity theft?
- How should consumers choose among third-party providers offering services to protect their identity and personal data?
- Should victims of identity theft be able to change their Social Security number? How can we make this number more difficult to steal and use (e.g., add more digits)?
- Is the recent expansion of social media facilitating identity thefts?
- Should the federal government intervene to establish a clear process for victims of identity theft looking to clear their name?
- What measures can authorities undertake in order to avoid cases like the recent Equifax leaks? Should credit bureaus be tested for security breaches by authorities on a regular basis? If so, would the Consumer Financial Protection Bureau play a larger role in regulation and enforcement of bureaus?
Michael Bowman Associate Professor of Telecommunications System Management in the Department of Computer Science and Information Systems at Murray State University
Elisa Bertino Samuel Conte Term Professor of Computer Science and Research Director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University
Brian Ray Professor of Law and Co-Director of the Center for Cybersecurity and Privacy Protection at Cleveland-Marshall College of Law
Albert Gidari Director of Privacy at the Center for Internet and Society at Stanford Law School
What can individuals do to guard against identity theft? Identity theft is as great a threat today as a personal assault or home burglary. Everyone must learn to take daily precautions, regardless of age or financial situation. Most of us have learned to lock our doors at night, walk only in well-lit areas, and protect our wallets or purses. We need to learn and follow similar practices with our personal data. It is probably impossible to avoid creating an electronic and online profile today, but we must learn to be as selective with our sharing of electronic information as we are with our personal physical safety. I always advise social media users to never tell your audience where you are going – instead, tell the audience where you have just been. It is probably fine to share with an audience what you had for lunch today, but a very bad idea to share your correct date of birth. Most of us would not walk down a dark alley in a strange town. We need to be just as cautious about sharing personal and financial information online. We have to become just as cautious about clicking on a link in an email or website as we are about crossing a busy street. We must collectively use the power of our purse and opinion to force vendors to protect our information as well as, or better than they protect their own information. Any vendor or website that fails to protect our information should be quickly forced to shut down due to lack of business. Anyone affected by the 2017 Equifax data breach or a similar situation has to take immediate and drastic action to protect themselves. If their credit is currently in order, they should immediately lock their credit with the major tracking agencies like Equifax. They should also be loudly demanding that their government representatives move the risk of financial loss due to identity theft to entities suffering data breaches, and the vendors erroneously lending money to the identity thieves. How should consumers choose among third-party providers offering services to protect their identity and personal data? While credit monitoring is an acceptable first step, it is no longer sufficient. Consumers should look for and use vendors that offer identity theft correction and reversal services. Unfortunately, those services are rarely free. Consumers must immediately begin demanding that governments enforce regulations directing that companies or agencies that suffer data breaches be forced to pay for adequate consumer protection. Should victims of identity theft be able to change their social security number? How can we make this number more difficult to steal and use (e.g., more digits, etc.)? Changing the SSN is not a solution. The SSN was never intended to be a closely held secret. The government has suffered countless data breaches making U.S. SSN information widely available. I am a U.S. Army veteran and retiree. In the 12 years I have been retired, I have been notified three times that the Army, the Veterans Administration, and/or the Federal government have had data breaches that have exposed my SSN and personal information. Knowledge of a person’s SSN should not be the recipe for identity theft that it is today. There are technical approaches available today, like two-factor authentication (personal password and a second piece of information, like a code sent to a cell phone) or biometrics (fingerprint or face recognition) that can enhance security, but the real solution is to put the burden of potential loss on the vendors, lenders, and government agencies when they accept imposters. The credit card industry works fairly well today because the card companies know they are financially responsible when fraud occurs. Correcting an erroneous credit card bill in the 1980s and 1990s could be a nightmare. Now that the card companies are responsible, they routinely detect and correct fraud before the consumer ever knows about it. The same should be true today for lenders and government agencies. Yes, their additional checks will slow down new credit applications, but the delay will be well worth it to consumers. Is the expansion of social media facilitating identity thefts? Yes, social media can be an important part of the identity theft issue. If a consumer is careless about what they post and who they share the information with, it can lead to identity theft. Protecting yourself is not as simple as just being careful about who you choose to connect with. Facebook, Twitter, and the rest of the social media sites are just as vulnerable to data breaches as anyone else. If you give them your personal information details, it is just a matter of when, not if, they will lose it. See my comments above about sharing information on social media. Should the Federal government intervene to establish a clear process for victims of identity theft looking to clear their name? The U.S. Federal government is a huge part of the problem with regard to identity theft. They routinely issue erroneous tax returns and identity documents. Government agencies like the IRS must be made to own up to all their mistakes -- even to the point of making government employees personally responsible. As I have said above, the solution is for the law to place the financial burden of identity theft onto the vendor, lender or government agency that erroneously accepts an imposter. When the vendors, lenders, and agencies know they are financially responsible for losses, they will clean up their act. What measures can authorities undertake in order to avoid cases like the recent Equifax leaks? Should credit bureaus be tested for security breaches by authorities on a regular basis? If so, would the CFPB play a larger role in regulation and enforcement of bureaus? See my comments above about the government assigning financial loss responsibility on the vendor, lender, or government agency that erroneously accepts an imposter. The consumers will never be able to adequately protect themselves in today’s data-driven society. The corporations, companies, and government agencies reaping the major financial benefits of the data-driven environment (Facebook, Twitter, Amazon, Google, IRS) must carry the full financial burden of the consequence of identity theft that they have created. Just as we see with modern credit cards, when the data giants know they are responsible for the consequences of identity theft, they will devise the mechanisms to eliminate it. Yes, the consumer will pay a price in convenience and higher prices, but the expense will be worth the reward. Elisa Bertino Samuel Conte Term Professor of Computer Science and Research Director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University 
What can individuals do to guard against identity theft? It is important to minimize the disclosure of personal information as much as possible, especially when the information that a party (e.g., a service provider, an e-commerce site, etc.) asks for is not very relevant for the service or product we are trying to acquire. Organizations are often very keen on acquiring such information, as it can be critical to better tailor advertising to specific customers, and thus increase revenue. However, we, as the "providers" of this information, should be able to make an informed decision about which information to provide. Should victims of identity theft be able to change their social security number? How can we make this number more difficult to steal and use (e.g., more digits, etc.)? I think that providing the possibility of changing social security numbers is useful. However, as these numbers are pervasively used, the actual costs and time for propagating such changes would be very high for customers and governmental agencies. Therefore, if we were to allow such a possibility, tools and processes supporting such change would be required. I believe that making it more difficult to steal this number is an important and critical step. However, just making the number longer would not be an effective approach. Perhaps approaches by which such a number should be presented in conjunction with additional, personally identifiable information from the individual would help (like multi-factor authentication in computer systems). More sophisticated techniques would be possible; for example, we developed approaches by which information like social security numbers is never shown in clear, and is hidden into some cryptographic tokens. Those approaches, however, are more complex to deploy and would require the support of proper organizational processes. Research is steadily progressing and effective solutions may be available in the next few years. However, as it is always the case with security and privacy technologies, organizational processes and customer education are also equally critical for the successful deployment of technological solutions. Is the expansion of social media facilitating identity thefts? I believe that this is the case. Spear phishing attacks (by which attackers target specific victims) are based on trying to gather as much information as possible about the victim. Social media makes such gathering very easy. Should the Federal government intervene to establish a clear process for victims of identity theft looking to clear their name? I believe that the problem of identity management, including supporting the victims of identity theft, needs a comprehensive set of organizational processes. I believe that such processes cannot be the responsibility of private organizations; they rather require the collaboration of all involved stakeholders, and should definitely be coordinated by the federal government. Brian Ray Professor of Law and Co-Director of the Center for Cybersecurity and Privacy Protection at Cleveland-Marshall College of Law 
What can individuals do to guard against identity theft following a data breach? There are several steps individuals should take once they learn their data has been compromised in a data breach. First, find out what information was compromised. Determining the relative sensitivity and risk of the data will help dictate what steps to take to protect against identity theft. Social security numbers (which were disclosed in the Equifax breach) and account information (which was not at issue in Equifax) are among the most sensitive. If those are disclosed, you should always take steps to protect your identity as soon as possible. These include:
- Change your passwords and replace them with long passphrases (and use a password manager to help remember them);
- Adopt two-factor authentication for every account that offers it;
- Regularly review your debit and credit card statements, and scan carefully for unauthorized charges;
- Obtain a free credit report from each of the credit reporting agencies and review it carefully -- if your credit card or bank account information or social security number was disclosed, contact the credit reporting agencies and place a fraud alert on your account;
- Consider a credit freeze -- this is the most effective step you can take to protect your identity; however, it often entails a fee, and makes obtaining credit yourself more complicated;
- Sign up for an identity monitoring service.
What measures can authorities undertake in order to avoid cases like the recent Equifax leaks? Should credit bureaus be tested for security breaches by authorities on a regular basis? If so, would the CFPB play a larger role in regulation and enforcement of bureaus? I have thought for a long time that we are asking the wrong question (i.e., how do we stop breaches), because the real question is how do we stop identity theft? People have been handing out their SSNs for decades, and if you asked anyone, "Name everyone that has your SSN," no one would have a clue. The "breach" occurred because it is easy to pull together identity information from disparate sources, even without resorting to the "dark web." The SSN outlived its usefulness as a valid identity device long ago, and we need to move quickly to a better system -- this is something that blockchain could help solve, for example. In the meantime, the burden ought to be on those that rely on the system to extend credit to make a sale, not on the average person who has no means to really protect themselves or restore their identity, once stolen. If you don't know your customer, don't make the sale or extend the credit. It’s that simple and that complex today. If you track the number of breaches over the last decade, every person in the U.S. has had their information exposed four times over. If businesses want to rely on credit reporting agencies, fine, but then they shouldn't be able to ruin a person's life because they or one of their business members lost the keys to that consumer's identity. And no, I'm not sanguine that Congress will do anything.
Methodology
In order to determine where American consumers are most vulnerable to identity theft and fraud, WalletHub’s analysts compared the 50 states and the District of Columbia across three key dimensions: 1) Identity Theft, 2) Fraud and 3) Policy.
We evaluated those dimensions using eight key metrics, which are listed below with their corresponding weights. Each metric was graded on a 100-point scale, with a score of 100 representing the most vulnerable.
Finally, we determined each state and the District’s weighted average across all metrics to calculate its total score and used the resulting scores to rank-order our sample.
Identity Theft – Total Points: 47.5- Identity-Theft Complaints per Capita: Full Weight (~23.75 Points)
- Average Loss Amount Due to Online Identity Theft: Full Weight (~23.75 Points)Note: This metric was calculated using the following formula: Total Loss Amount / Total Number of Online Identity-Theft Complaints.
- Fraud & Other Complaints per Capita: Full Weight (~15.83 Points)
- Average Loss Amount Due to Fraud: Full Weight (~15.83 Points)Note: This metric was calculated using the following formula: Total Reported Amount Paid / Total Number of Complaints Stating the Amount Stolen. “Total reported amount paid” is based on the total number of fraud complaints for which the amount paid was reported by the victims. The amount paid ranges from $0 to $999,999.
- Persons Arrested for Fraud per Capita: Full Weight (~15.83 Points)
- Availability of Security-Freeze Law for Minors’ Credit Report s: Full Weight (~1.67 Points)Note: This binary metric considers the presence or absence of legislation allowing parents, legal guardians or other representatives of minors to place a security freeze on the minor’s credit report.
- Availability of Identity-Theft Passport Program : Full Weight (~1.67 Points)Note: This binary metric considers the presence or absence of Identity-Theft Passport programs that help victims of identity theft reclaim their identity. When presented to a law-enforcement agency, an “identity-theft passport” allows a victim to prevent his or her arrest for offenses committed by an identity thief.
- Compliance with REAL ID Act : Full Weight (~1.67 Points)Note: According to the Department of Homeland Security, the REAL ID Act “establishes minimum security standards for license issuance and production and prohibits Federal agencies from accepting for certain purposes driver’s licenses and identification cards from states not meeting the Act’s minimum standards. The purposes covered by the Act are: accessing Federal facilities, entering nuclear power plants, and, boarding federally regulated commercial aircraft.”
This binary metric considers a state’s compliance, noncompliance or extension of time to comply with the ACT. An extension allows a state to accept driver’s licenses and identification cards issued by that jurisdiction to accept those forms of identification for official purposes, under the condition that the state has provided adequate justification for noncompliance.
Sources: Data used to create this ranking were collected from the Federal Trade Commission, Internet Crime Complaint Center, Federal Bureau of Investigation, Department of Homeland Security and National Conference of State Legislatures.
from Wallet HubWallet Hub
via Finance Xpress
0 comments