We've been suffering a bit of a black-out here at The Daily Caveat this morning. Blogger was not being cooperative so I'll be correcting the dearth of early-morning posts throughout the afternoon.

Let's start with a piece that ran in The Washington Post yesterday and has since show up reprinted all over the web, sometimes with really sexed-up headlines like "Internet betrays Sacred Numbers." No, they aren't talking about Kabbalah. Rather, the sacred digits in question are social security numbers, yours and mine.

The original article, by Johnathan Krim discusses at length the availability of social security numbers from a variety of on-line data resellers. Due to what Krim characterizes as lax security from these vendors, access to this key personal identifier is readily available to anyone with a credit card and a reasonable excuse.

Here's the lead:

Want someone else's Social Security number? It's $35 at www.secret-info.com. It's $45 at www.iinfosearch.com, where users also can sign up for a report containing an individual's credit-card charges, as well as an e-mail with other "tips, secrets & spy info!" The Web site Gum-shoes.com promises that "if the information is out there, our licensed investigators can find it."

Although Social Security numbers are one of the most powerful pieces of personal information an identity thief can possess, they remain widely and inexpensively available despite public outcry and the threat of a congressional crackdown after breaches at large information brokers.

Brokers such as ChoicePoint Inc. and LexisNexis have pledged to restrict the availability of such data after personal information on more than 175,000 people was purloined from the two firms by identity thieves posing as legitimate businesspeople.

So far, neither those moves nor revelations of a series of breaches at major banks and universities has curbed a multitiered and sometimes shadowy marketplace of selling and re-selling personal data that is vulnerable to similar fraud.

The commodification of the basic background check through data re-selling on the part of prime vendors such has Choicepoint or Lexis Nexis has allowed hundreds of small-time operators to make a living processing requests for data, whether it be under the auspices of business research, genealogical pursuits or what have you. As Krim's article shows, the potential for abuse with these resellers is apparently very high.

Due to the publicity of recent data thefts large data aggregators, companies like Choicepoint and Lexis, are already in the process of adding new protocols to protect against fraud. As enormous, high-profile, publicly traded firms, these entities are the most responsive to public outcry and legislative action. But a key part of these reforms must be an evaluation of how aggregators evaluate the conduct of their re-seller customers.

Better stewardship of personal information and more thorough customer vetting on the part of aggregators are imperative for the health and well-being of the investigative industry, which depends heavily on firms such as Lexis and Choicepoint. Our essential purpose as investigators is to facillitate business transparency and prevent fraud - not aid and abet it. We should expect no less from our vendors.

-- MDT

Labels: background checks