Most thinking about security of online financial transactions focuses on security of the connection to the financial institution and the institution’s ability to police its systems from unauthorized access. But spoofing—gaining access to a site by masquerading as an authorized user—financial institutions doesn’t necessarily entail getting into your preexisting data.
Lizette Alvarez at the NYTimes had an usettiling piece this weekend (With Personal Data in Hand, Thieves File Early and Often) about a new and frighteningly creative strategy being used by identity thieves.
With nothing more than ledgers of stolen identity information — Social Security numbers and their corresponding names and birth dates — criminals have electronically filed thousands of false tax returns with made-up incomes and withholding information and have received hundreds of millions of dollars in wrongful refunds, law enforcement officials say.
Essentially, thieves file a tax return with fake data in your place before you do with fake data, and then get a refund through a debit card in the mail. That’s bad enough, of course, but imagine the kind of problem you would have when you go and file your legitimate claim!
There are points to be made here about methods for securing systems, and the IRS will need to think about that a lot.
But it seems to me that the more important lesson here is that making the choice to avoid using electronic systems (like e-file) doesn’t mean you are technology-free. Your life is still enmeshed with digital systems. Banks, grocery stores, retail outlets, educational institutions, newspapers, and cable providers all keep copious records of your activities. You have digital footprints, even if you don’t log on. Your information can still be compromised.
When thinking about how to act thoughtfully and intentionally in the world, we tend to look at what we do. But sometimes, we don’t have to do anything to be doing something.