IDENTITY THEFT AND DATA SECURITY TRENDS TO WATCH IN 2016

Expect more tax and child identity theft, and data breaches involving payment card systems.

Will cyber exposures subside in the new year? Highly unlikely, according to data security and privacy experts.

Trends to expect: an increase in tax and child identity theft, wire transfer fraud, and data breaches, particularly those involving payment card systems.

ThirdCertainty sat down with IDT911's Eduard Goodman, chief privacy officer, Brian Huntley, chief information security officer, and Victor Searcy, director of fraud operations, for their 2016 forecast.

Data transfers and children’s privacy

Goodman: U.S. companies with a European presence will encounter a tremendous amount of uncertainty in 2016 with respect to Europe’s stricter Safe Harbor data privacy rules, relating to the sensitive data transfers to businesses in the United States.

European regulators can be expected to harass the likes of Facebook and Google. And the threat of sanctions for noncompliance with Europe’s tougher Safe Harbor standards could easily filter down to many smaller companies, as well.

In another area, the recent hacking of toymaker VTech and Hello Kitty parent company SanrioTown.com signals that the theft of children’s information could become a worrisome new trend. As children attain earlier access to social media, smartphones and Web-enabled toys, details of their personal information and preferences are rapidly becoming part of the greater data ecosystem.

As a result, we will see more breaches that involve the theft of information for individuals under the age of 18. Hopefully, we also will see more public dialogue about the concept of preserving children’s privacy, whether it be school record data, health information, or data files containing images, video and audio recordings.

Wire fraud and politics

Huntley: In the coming year, fraud and theft will plague the merchant payments and ACH wire transfer systems. Small and medium-size businesses (SMBs) are especially vulnerable. If enough SMBs get victimized it could result in a public outcry about the inherent vulnerabilities in these systems, especially as consumers and small business owners come to realize there is minimal regulatory protections in these types of cases.

This being an election year, U.S. presidential candidates will focus on cyber war strategy and armament. Armchair quarterbacking of the 2015 U.S.-China cybersecurity agreement will arise as the centerpiece of this debate. We could see the U.S.-China cyber accord ascend as the basis for peer agreements between other nation states.

Meanwhile, the search will continue in different industries for an information security control framework that is akin to what the financial services sector has in the Federal Financial Institutions Examination Council’s (FFIEC) Information Security Guidelines and the health care sector has in the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Taxpayers targeted—once again

Searcy: One of the most pervasive identity theft scams involves the filing of a faked federal tax return using an ill-gotten Social Security number (SSN). Sadly, this will continue to be true again in 2016.

In the 2010 and 2011 tax seasons, the Internal Revenue Service paid out $8.8 billion of taxpayer money to identity thieves. And statistics pulled from a sampling of customers assisted through IDT911’s Resolution Center in 2014 show a 120 percent increase in tax fraud victims in 2014 and a 134 percent increase in 2015.

We expect this number to grow again in 2016. It can take months for a victim to sort out the mess with the IRS. Worse, there is little stopping criminals from using a victim’s SSN and other personal information in other scams.

IDT911 shows that 16 percent of tax fraud victims also were victims of financial identity theft; 12 percent of customers experienced multiyear tax fraud; and 16 percent were victims of both federal and state tax fraud.

Byron V. Acohido is editor-in-chief of ThirdCertainty, where this article originally posted.