Symantec has unveiled a new tool that gathers some basic information about you and the links between your financial information and the Internet, then calculates what the value of your identity would be on the black market. The value it comes up with is sobering at best.
Data compromise and identity theft are both on the rise. Incidents like the Heartland Systems data breach put your personal information at risk even if you just use your credit card to get gas. Exploiting application and network weaknesses, a handful of individuals were able to steal data on over 130 million credit and debit card accounts.
Those are examples of large-scale, industrial-strength data breaches. There are also countless malware and phishing attacks aimed at average consumers designed to collect personal information and account data.
Identity theft is a thriving and lucrative business, so apparently all of these ID's are quite valuable. Not according to the Symantec tool. The calculator asks a number of questions regarding demographics, net worth, and how you interact online, especially with financial information. It then determines what your identity would be worth at auction on the black market. According to the Symantec calculator, I am worth $12.29.
Wow! $12.29? I went back and changed my answers to see what I could come up with. Assuming that I am a 60-year old male with a modest net worth of about $10,000 and do my banking and investing online that black market value skyrockets to...$32.29. No. I didn't miss any commas or decimals. It really says $32.29.
Have you ever had your identity stolen? Scratch that. Let's go with something even simpler and more common. Have you ever lost your wallet? That's fun- not.
You have to call all of your bank and credit card companies to put blocks on account activity and cancel the cards. Then you have to deal with the hassle of not having any bank or credit cards for the next 2 to 3 weeks while you wait for new ones to arrive in the mail. You have to take time out of your day to visit the Secretary of State (or DMV depending on your state) and wait for hours typically to get a replacement driver's license.
My bank proactively replaced my debit card earlier this year- I am assuming as a result of the Heartland data breach- and even that is a huge inconvenience. I had to wait for the new card, then change any automatic payments associated with the canceled card number. Even proactive ID theft response is a headache.
It is sobering to learn that for all of the time, effort, and expense that data compromise demands from you and your financial institutions, that the stolen information is virtually worthless to the thief. Of course, the thief isn't selling just your account. There is an economy of scale that comes with stealing millions of identities.
The data thief doesn't need to sell your identity for thousands of dollars because he has thousands, or millions, of accounts to sell. In the case of the TJX and Heartland breaches the thieves could have made $1 billion selling the stolen data for $7.70 per identity.
Plus, the data thieves don't want to be in the identity stealing business. The actual financial worth of the combined 130 million individuals could easily be in the tens of billions, but compromising those identities and extracting the funds comes with significantly higher risk. The data thief would much rather make a quick buck for selling the data and let someone else run the risk of actually stealing the identities.
What does this all mean to you? It means two things. First, don't make the mistake of believing that you have nothing of value to steal. There is very little difference in value on the black market between a broke college student and a wealthy retiree. Remember, your net worth is only one small part of the value of your identity which can be used to open new accounts and for a variety of other purposes.
Second, don't make the mistake of not protecting your data. There is only so much you can do, but you should at least do that much. Use computer security software and keep it updated. Keep your systems patched and updated. Most importantly, maintain a reasonable level of paranoia and skepticism and be vigilant about protecting your identity.
Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice, and reviews on information security and unified communications technologies on his site at tonybradley.com.