IDENTITY THEFT: What Are YOU Worth On The Dark Web?
(Hint: It’s More than You Think!)
Does anyone else’s brain have certain topics that it zones out on? I am not sure why, but remembering to renew my driver’s license on time is a real struggle for me. Maybe it’s the years-long gap in between expirations. I’ve inexcusably dropped the ball on the renewal process two times in a row now. (Thank goodness I have never had a traffic violation (ever), especially during one of these mind-lapse/license-lapse periods!) Honestly, there’s not a more exhausting experience for me than the thought of driving to the Ohio Bureau of Motor Vehicles.
It’s not personal; the workers there have always been great and helpful, it’s just the multiple long and confusing lines that drain hours (this may be a slight exaggeration) from my life. And it doesn’t matter what day or time of day you go, you’re stuck. However, I must admit that the process this year proved enlightening, as I learned that there are new federal travel restrictions requiring secure identification for the state of Ohio, which will become effective in 2020.
To give you a brief overview: Starting in October 2020, the new federal travel restriction will make it a requirement for anyone looking to fly domestically, enter federal facilities or military bases to possess a “compliant card”. The newly issued compliant card is the equivalent of a driver’s license on steroids. To obtain a compliant card when renewing a license, customers will have to bring in additional documentation: passport or birth certificate, social security card, and two additional documents proving residential address to name of few. While the compliant license is said to be infinitely harder to fake, the bottom line is that it also stores a lot of valuable personal data on it as well.
Identity theft is defined as the illegal use of someone else’s personal information (PII), such as social security number, birth date, driver license number, etc., to impersonate another person especially with the intent to obtain money or credit. Identity theft happens hourly and affects millions of people worldwide each year. In fact, a recent well-documented security breach at the credit reporting agency Equifax potentially exposed over 145 million customers to identity theft. There are also multiple types of identity theft: Child ID theft, Tax ID theft, Medical ID theft to list a couple. And whether a fraudster is using your PII to open a new line of credit, falsify your tax returns with the IRS or fraudulently billing your health insurance provider it’s serious and downright scary stuff! Unfortunately, I’ve read about countless identity theft victims that ended up losing everything. The threat is real.
The undisputable reason identity theft is on the rise is because your PII is a lucrative commodity. According to Experian, a consumer credit reporting agency, the ten most common pieces of information sold on the dark web and their estimated worth (what they typically sell for) are as follows:
Social security number: $1
Credit or debit card: $5-$110 (with CVV number: $5, with bank info $15, Full info $30)
Online payment services login info (i.e. Paypal): $20-$200
Driver’s license: $20
Loyalty accounts: $20
General non-financial institution logins: $1
Passports (US): $1,000-$2,000
Subscription services: $1-$10
Medical records: $1 – $1,000+
While the listed prices can change over time, be dependent on how complete the information stolen is and vary per person (i.e. An individual with a high credit rating can fetch higher money than someone with a lesser credit score), the estimates per PII is staggering.
Since most of us are now accustom to shopping online, registering students online, banking online and routinely entering our valuable PII into websites without giving it a second thought, identity theft will continue to soar to new heights. Even youth sports programs now require online registration requesting proof of medical insurance, policy numbers, birth dates and digital authorizations. The amount of collected PII in today’s cyber world is mind boggling. And the frightening aspect of identity theft is that, for the most part it can be out of your control. After you’ve supplied your PII, you’re essentially at the mercy of the e-commerce website, banking or medical institute, credit score agency, or any other organization and their cyber security defenses (to thwart cyber-attacks). With that said, there are multiple measures you can take to protect your PII from showing up and being sold on the dark web. For example: for starters you can practice all the following security practices on all your devices (including your phones) that I detailed in a recent column. It may be a good idea to track and get alerts of your credit history from a consumer credit card agency. There are three national credit bureaus that offer such a service: Equifax, Experian and TransUnion. There is also an option to run a free dark web scan via Experian to see how much of your PII is viewable online.
With a standard driver’s license commanding $20 on the dark web, I wonder how much the (October 2020) Transportation Safety Agency (TSA) required compliant card will be worth to cyber criminals, as it will be combination of a driver’s license ($20), domestic passport ($1,000-$2,000) and social security card ($1) all wrapped up in one. Not-to-mention yet another agency or governmental institute that will systemically categorize all that PII into one comprehensive database. I believe it will be safe to assume that this database will be a high target for hackers.
I trust those in authority, as the Bible instructs us to, so I believe there will be overall value and benefit to this new security measure for United States citizens. But I also implore “us” to be vigilant and to open our eyes to the threat of the risks associated with our personal information online.
Sometimes you could not script the events of your life to be more ironic. I wrote the rough draft of this article yesterday afternoon. Possibly at the same time of my typing this article, my son and wife were online, and proceeded to attempt a purchase on a compromised website. They entered credit card information, a password, and personal information. These are my people! They read my articles, they hear my speeches about online safety and security. And yet, they fell prey to a fake-website and gave our information away. I say this (out of exasperation!), and also to realize with you that we are all susceptible to falling prey to illegitimate websites that imitate true-addresses. The struggle for keeping our information and identity secure is real, and it happens in my home as well as yours.
Ultimately, we are more than our credit card information and passwords. Our time on earth is swift and fleeting and because of that we have to make it count. In serving the Lord and in living wisely. Despite everything, our “value” is not in our PII or credit score but it comes from God. If you need a reminder of that today, see:
John 3:16 – “For God so loved the world, that he gave his only Son, that whoever believes in him should not perish but have eternal life.”
Ephesians 2:10 – “For we are God’s handiwork, created in Christ Jesus to do good works, which God prepared in advance for us to do.”
I am sure that in the coming months and years there will be many new Security and Identity developments, which will include the new “compliant card” from the BMV. And although the world and its ways are always progressing, some truths remain timeless and true.
Stay true to your good sense in staying safe online and enlighten your family about safety measures too!