Smartphone Usage Increases Risk of Identity Theft
- Identity fraud up 13 percent since 2010
- People share too much on smartphones and don’t take steps to secure their information
- Even vetted apps can mine more data than they let on
Identity theft is an ever-growing problem in the United States, claiming 12 million victims in 2011, according to a recent report by Javelin Strategy and Research. That’s a rise of 13 percent from 2010, attributable in large part to the growing popularity of smartphones.
With an iPhone or Android, we can access email anywhere, and have a vast wealth of data at our fingertips. Unfortunately, sometimes that means other people can access your data too, through a variety of means.
Part of the problem is people aren’t judicious about protecting their software. Nearly a third of people don’t bother updating their operating system, according to the Javelin report, and another third store passwords for email and other personalized services on their phone. Over six in 10 people don’t password protect their phone, making everything saved on it easy pickings for a lucky thief.
“Consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity,” the report states. It identifies a number of ways that consumers might over-share and make themselves more vulnerable by revealing personal information to the world-at-large:
Over two thirds of people using social media included their birthday information
Sixty-three percent revealed what high school they attended
Phone numbers were included for 18 percent of social media users
Twelve percent of people shared their pet’s name, a item commonly used in passwords and account security questions
There’s more to worry about than just physically losing the phone. “To the unwary user, smartphones are just as susceptible to viruses as any other type of computer,” says Nicole Black, an attorney in New York and self-described legal technology evangelist. “When malicious viruses are downloaded to any device, including a smartphone, private data can be removed from the device, and in some cases, the device can even be operated remotely once the malicious software is installed.”
Even supposedly legitimate software can steal your information, with your unknowing permission. “In some cases, users may unintentionally give legitimate, non-malicious apps permission to access their device when accepting the user agreement,” Black explains. “For example, it was recently revealed that the Facebook app’s user agreement allows Facebook to access and read all user texts. Facebook acknowledged that this was true but denied that it intended to exercise that power in the near future.”
The mobile social network Path recently faced a firestorm of criticism for stealing address book information from its users without asking permission, information that could be potentially exploited by law enforcement and security agents, among others.
“The difficulty here is that many users seem to either not make the effort to find out how applications are gathering and using their data, and what’s worse, some applications may be gathering more data than they are letting on,” says Evan Brown, a Chicago attorney specializing in Internet law. “It’s a potentially serious consumer protection issue. Mobile devices allow individuals to gather, store and transmit more information about themselves — regarding communication, internet usage, and location — than any other mechanism we’ve ever known.”
There is a silver lining to the fraud perpetuated by advancing technology, according to the Javelin report. Though instances of identity theft continue to rise, the dollar amount stolen remained static last year, and the overall cost to consumers has dropped 44 percent since 2004, thanks to improved prevention and detection tools.
In a related breakthrough, the California Attorney General recently announced a global agreement with the largest app companies to strengthen privacy policies and limit data sharing between companies without the consent of the consumer.
What if it’s too Late?
There are a few simple steps consumers can take to protect their information, even for the absentminded susceptible to leaving a phone behind in a public place. “First and foremost, password protect your phone,” Black says. “If available, take advantage of apps that allow you to remotely locate and wipe data from your phone. And if you own an iPhone, don’t jailbreak it. Doing so makes it more susceptible to malicious software.”
If you lose your phone or suspect your personal information may have been compromised, it’s important to act immediately to try to limit the damage. “If you suspect you’ve been a victim of ID theft, one thing you can do is notify the major credit reporting agencies and have an alert placed on your accounts,” Black says. “You can also pay a fee to have your accounts monitored for one year.”
Move quickly to alert law enforcement and any applicable credit card companies, banks or other businesses that could be involved. Change any passwords that could have been compromised. The longer you wait, the more information, and more money, could be lost.
If the situation is truly dire, like a wrecked credit score or a crime committed in your name, there are lawyers who specialize in identity theft who can help mitigate the damage and get your identity back securely in the hands of its proper owner — you.