Friday, December 21, 2007

ID Theft - Apathetic complacence, or the cost of doing business?

I just read this article in the Boston Globe this morning, and a smirk crossed my face in that it proves a widely held theory I share with my friends in this space that Identity Theft and a massive breach is simply the cost of doing business. Unbeleiveable.

Or is It?

With services out there like Lifelock and the fact that the company who f'ed up covering the cost of monitoring, what's $100/year for their services or free for monitoring. You'll save at least that much shopping at TJX companies or the mom and pop shop with no overhead, and no security in place... Right?



The Boston Globe Article

Consumers don't stay angry in the face of a good deal.

That's a lesson emerging from the data breach at TJX Cos., the Framingham retailer that a year ago discovered an intrusion into its computer security that compromised as many as 100 million payment-card accounts. While the episode led to lawsuits from banks and many complaints, sales at TJX stores such as TJ Maxx and Marshalls have risen steadily this year.

Customers like Florida businesswoman Hanna Lipman help explain why. In April, Visa canceled one of Lipman's credit cards, saying it was compromised in the breach. By then, she had stopped going to the TJ Maxx store in Boca Raton.

But now, Lipman said, she is back to spending about $100 a month at the store, on pocketbooks and other items. She expects TJX will be extra-cautious about protecting her information.

"They got nailed from so many banks, I have to believe whatever can be done they have done," Lipman said.

Another customer whose card was canceled, Phil Dunkelberger, said he still shops at a TJ Maxx store in California, but pays by cash or check to reduce his risk of data theft. "I think they're much safer than other vendors who haven't had a breach and gone through the pain," he said.

Tuesday, December 11, 2007

This just in - Lobsterman gets into identity theft

This story is from my neck of the woods. Fishing in the winter does stranges things to people...

Apparently the LobsterMAN used a WOMAN'S credit card to buy a ton of toiletries, cigars, some shoes, and a latte. Is this the latest breakdown of our Identity systems? I think not. It just goes to show you that a Lobsterman can be a woman in the real world now and not just online... Having a girly name like Evgeny helps though... And the shoes and a latte are just further gender blending cover ups... Let's see those receipts. Any mascara on there? Us Magazine or InStyle? Lip gloss?


PORTSMOUTH — A lobsterman with no permanent address and a criminal history, including a prison sentence for armed robbery, used a city woman's credit card to go on a three-hour, six-store shopping spree, even stopping to buy coffee with the stolen card, said police.

Charged with a felony count of fraudulent use of a credit card and two misdemeanor charges of receiving stolen property, Evgeny Healy, 22, was arraigned in Portsmouth District Court on Monday and ordered held on $3,500 cash-only bail.

According to an affidavit by Officer Andre Wassouf, Healy was arrested following a "lengthy investigation" into the Nov. 18 crimes.

Wassouf's report to the court says that on that date Healy first used the stolen Bank of America card at a Mobil gas station, where he charged $100 worth of merchandise at 9:02 a.m. At 9:20 a.m., he used the card at the Breaking New Grounds coffee shop for a $5.25 purchase, then went to a CVS drug store and charged $245 worth of goods at 10:37 a.m.

By 10:49 a.m., he moved onto a Rite Aid drug store and charged $266 worth of items and at 11:39 a.m. he charged $280 worth of goods at the Federal Cigar store, according to Wassouf.

The shopping trip ceased, said police, at 12:13 p.m., when Healy charged $190 worth of goods at a shoe store.

According to court records, Wassouf interviewed employees at all of the stores and reviewed video surveillance images from the pair of pharmacies, all leading to a warrant for Healy's arrest.

Brought to the district court in the custody of local police, Healy entered not-guilty pleas and denied the charges.

"I know there's cameras in all those stores," he said. "It's not me."

Judge Sawako Gardner noted Healy's criminal history as including the armed robbery conviction, in addition to past guilty findings for theft, being a fugitive from justice, shoplifting, breach of bail conditions and criminal threatening.

Healy is scheduled to return to the district court on Dec. 18 for a probable-cause hearing and has applied for a public defender. He provided the court with an address of 53 Dover Ave., Hampton, saying he moved there a few weeks ago.

2007 - The year the Identity Shine Came Off my Apple

2007 – Identity in Review

It’s been a while since I’ve posted, and there is a specific reason for it. I’m over Identity Management as I know/knew it. I still follow Identity Theft stuff, have my alerts set up so I get a dump of 20-30 articles and blog updates every morning in my inbox. Bottom line is Identity Management, at least for me is not new and shiny anymore. I feel some level of sadness about it because I truly believe that Identity Management's evolution was a necessary and exciting thing to have happen in computing.

I have sent my playbook out to over 150 people around the world. The furthest away were folks in South Africa, and the Ukraine this year. I have seen an uptick in my PCI Playbook requests as well the last few months. Deadlines and the threat of fines create urgency I guess.

So why is the shine off the apple for me so soon? I guess I am waiting for the maturation of IdM to be come a service, and it’s solutions and processes to cannibalized as quickly as possible and extract all cost from the business end of provisioning. That’s what happens as IT Markets (driven by application adoption) mature.

Look at email, security, applications at the desktop. As these market segments have matured new pricing models emerged a la Software as a Service. Companies want to pay for the functionality and the inherent benefits of it, not the license cost, or the license management, or the ongoing maintenance fees. In talking to a recent customer a decision was made to stay on Exchange 2003 because the company didn’t feel like paying millions for an upgrade in functionality that was the equivalent of paying $10M for the highlighter function in Microsoft Word. But they still want email, and they want to reduce costs.

So as I look at 2007 for Identity Management I see the maturation of products, the maturation of the marketplace (acquisitions galore), some nice news stories led by the TJX breach and subsequent fines to them and Fifth Third Bank and some successful implementations.

Where do I think the action is in 2008? Software as a Service. Stay tuned for my next post where I’ll get into that in some depth. I will also start to explore some other topics like component based computing (remember Grid?), Virtualization and how it's a 'Green' play, and where there is tremendous growth in 2008-2009.