Illustration by Fernando Capeto for Forbes; Photos by Malerapaso/Getty Images; Pete Starman/Getty Images
Just before sunset on a chilly Spring day in 2019 armed German special agents broke down the door to the Frankfurt home of a 22-year-old hacker who the government has only identified as Coder420, the developer of a dark web exchange called Wall Street Market.
At its peak, the enterprise was the largest of its kind, conducting about €50 million in sales between October 2016 and April 2019, selling everything from cocaine to credentials. At the time of Coder420’s arrest, he had roughly 1,000 bitcoins, then worth $5.5 million.The operation was a huge success. The German state of Hesse, home to Germany’s finance capital Frankfurt, seized 2,200 bitcoin and other cryptocurrencies from Coder420 and two collaborators. “It was a classical takedown of a darknet marketplace,” says Jana Ringwald, 41, a senior prosecutor for the attorney general of Frankfurt.
To this day, it’s the largest trove of cryptocurrency ever seized by a German governmental body, and it set off a series of events that resulted in the state and a tiny German bank, with a mere €40 million of assets (about $40 million), overcoming a huge obstacle to bringing tainted crypto out of the shadows.
Though less than one percent of cryptocurrency transactions last year were considered illicit, according to blockchain data firm Chainalysis, that was still a record $20 billion, most of which is marked as dirty by a cottage industry of blockchain-data startups managing independent and unofficial blacklists. Crypto sitting on a blacklist is difficult to use and many crypto exchanges like Coinbase and Kraken refuse to accept it.
Instead of selling those assets at an auction the way the U.S. Justice Department has done for 185,000 bitcoins it has seized over the last nine years, attorney Ringwald partnered with Frankfurt-based Bankhaus Scheich, which has a fledgling side business in cleaning the blacklisted cryptocurrencies. So far it has cleaned and sold some €150 million worth of dirty digital assets for the state of Hesse.
Yesterday, in partnership with the FBI and German Federal police, the state of Hesse seized another €46 million worth of bitcoin and other cryptocurrency from two servers they believe are responsible for laundering $700 million for North Korea and an undisclosed amount to help the Russian military buy malware.
Over the past month, two other states have signed deals similar to Hesse’s, according to the bank’s managing director of digital assets, Nils von Schoenaich-Carolath, 34, and other German states are currently exploring similar services, he says. As U.S. banks with crypto exposure are facing an existential threat in the wake of the ripple effects surrounding the bankruptcy of crypto exchange giant FTX, Bankhaus Scheich’s CEO and co-founder Wolfgang Beck, sees his firm’s work as a model for how clear regulations and innovative banking practices can upgrade financial infrastructure while protecting users.
“This new digital-asset business is for so many people kind of a strange thing, which they do not understand,” says Beck, 64, who is the bank’s sole shareholder. “So I’m trying to give them the feeling that an old house for trading securities is now doing the same thing with a digital asset. We want to take all of these people, all these institutions, to find a solution for their clients in the new markets. So they have to go over the bridge, plug in, and onboard on our platform for digital assets.”
Bankhaus Scheich was founded in 1985 as Scheich & Partner Börsenmaklermarket, an OTC trader for fixed-income products like bonds. Over the past eight years, the firm has expanded in a number of ways, laying the foundation for its forays into crypto. In 2015, it was licensed as a securities trading bank by Germany’s financial services regulator and now transacts hundreds of millions of euros a day worth of traditional OTC volume and fixed-income assets listed on the Frankfurt Stock Exchange, including securities of Bayer, Lufthansa and Volkswagen.
In 2018, Bankhaus Scheich expanded to capital markets. Recognizing the traditional need for companies to pre-fund million-dollar investments through regulated brokers, the firm started building a suite of institutional crypto services, called Tradias, that lets financial-services firms conduct OTC trades, market making and create securities tokens on the Ethereum and Polygon blockchains. Periodically, the crypto trades are netted out internally, and the bank buys and sells digital assets on exchanges, including Kraken, Binance and formerly on now-defunct FTX.
At around the same time Bankhaus Scheich entered the capital markets, Ringwald, the Hessen prosecutor, began her work with the state’s Ministry of Justice to figure out how to liquidate 100 bitcoins (then worth about €200,000) that had been seized in 2014 and were just laying around.
Absent any formal process to auction the assets as local governments do all the time for seized drug dealer Lamborghinis for example, Ringwald had to personally, painstakingly, piece together a process by which her team could sell the bitcoin. Two years later she was called on again when her team grabbed the much larger 2,200 bitcoin booty from the Wall Street Market.
Since her first, highly manual sale of bitcoin, digital-asset regulation had advanced, she says, “and you could see step by step that coins were becoming more and more actual financial instruments. They’re not cars,” she says.
“So I put pressure on my boss and said, ‘I need a professional partner.’” In spite of increasing regulatory clarity in Germany, Ringwald had trouble finding institutions that actually had all of the required licenses to deal directly with crypto. So over the course of more than a year she assembled a team including two lawyers to find a qualified broker.
Enter tiny Bankhaus Scheich, which had decided that embracing digital assets could give it a strategic edge after German regulators updated rules to allow for the creation of funds tracked on “crypto securities registers.” In January 2021, the Federal Financial Supervisory Authority, known as BaFin, approved such a prospectus, allowing Bankhaus Scheich to convert European Union investment funds into assets issued on a blockchain through a process called tokenization that lets assets settle around the clock.
In pilot projects, the bank has so far tokenized real estate, private equity and a convertible bond. Nine months later, Bankhaus Scheich signed a deal with Frankfurt-based Universal Investment, which provides administration and risk-management services that allows its crypto subsidiary to trade crypto and tokenize securities for banks, asset managers, and custodians in Germany, Luxembourg and France.
Bankhaus Scheich’s crypto conversion and immersion has not been without hiccups. Recently an eight million euro tokenization pilot of a fund of funds fizzled after German neo-bank partner Nuri became insolvent in the aftermath of the FTX collapse.
Though von Schoenaich-Carolath, who is also the Tradias chief revenue officer, declined to share cost savings from cutting out securities depositories like Luxembourg-based Clearstream, it’s client Cashlink, which helps Scheich tokenize commodities and securities, put the savings at between 35% and 65%.
Before Hessen attorney Ringwald partnered with Bankhaus Schiech to clean her seized digital assets, she brought them to a crypto exchange, to see with her own eyes what would happen if the tokens were sold as they were. “The machines reacted and said, ‘this is no good,’” she recounts, “and that proved that we would have had a huge problem.”
Ringwald’s team identified Bankhaus Scheich in November of 2021 as a crypto service provider capable of legally accepting the number and variety of crypto assets Hesse had seized. A month later, the contract was signed.
To clean the funds, Ringwald first had to make sure her colleagues and bosses at the state government were okay with writing an official letter in English for international companies on German state letterhead, something that’s normally frowned upon.
In a form letter she sent to Scheich, then forwarded to Chainalysis, CoinFirm, Ellipse and other cryptocurrency blacklist creators, Ringwald confirmed her cybercrime center has the legal authority to “collect the respective purchase price” of digital currencies seized during legal proceedings, according to a copy of the letter provided to Forbes, confirms the office’s contractual relationship with Bankhaus Scheich and gives permission for the tokens to be sold to the bank.
Instead of dealing directly with exchanges that might disappear overnight, the state sells the assets directly to the bank at a discount. “We only have direct contact to Bankhaus Scheich,” says Ringwald. “Never to the market itself.” Other clients looking to trade crypto place orders directly with the bank, which fulfills the orders from its own crypto reserves.
To keep the total crypto it holds below a one million euro limit that it set after witnessing cryptobank Silvergate’s demise, the bank periodically nets the transactions with its other crypto buy and sell orders, selling them at market prices on 20 exchanges, liquidity pools and via over-the-counter (OTC) brokers that use the same security firms to check for blacklisted money.
After the buy and sell trades are netted, the position is closed out on cryptocurrency exchanges. “We don’t want to be long,” says von Schoenaich-Carolath. “We don’t want to be short.” “This white-listing process was then done for the first time in December 2021,” says Ringwald. “And then we had 100 million euros after that.”
Ironically, much of laundering process for tainted bitcoin and other dirty digital assets is accomplished manually via emails and phone calls. The whole process of cleaning tainted crypto takes about two weeks. Since its first crypto-washing cycle, the attorney general’s cybercrime unit has cleaned an additional €50 million worth of seized cryptocurrency using the Bankhaus Scheich process.
Yesterday morning in Frankfurt, Ringwald’s team, and the German Federal Criminal Police (the Bundeskriminalamt) surreptitiously acted as administrators of two servers to seize at additional 1,909 bitcoin and other cryptocurrencies along with seven terabytes of data about the operation. Germany expects to keep the proceeds of the sale of the assets, which should occur in the next week or two. “The FBI had a very big interest in this mixing service,” says Ringwald. “As many do. It was the biggest one on the dark web until yesterday.”
The funds will be turned over to the state’s Ministry of Finance and are expected to be partially used to support the state’s judicial offices, according to Ringwald. In part as a result of her work, Ringwald was appointed chair of the Hessen office on cryptocurrencies and is informally helping the other 15 German states explore ways to deal with dirty crypto.
“What is happening now in Germany is that other states are adopting that,” says Ringwald. Von Schoenaich-Carolath says two states have already signed a deal with the bank but declined to name them. In addition to its German state clients, Bankhaus Scheich is working with more than 30 institutions offering it other blockchain services, including, traditional securities exchange Börse Stuttgart, broker Trade Republic and Deutsche Telekom.
While some crypto initiatives, including a bitcoin exchange-traded note with Fidelity International, are run from the main bank offices, the majority are housed at subsidiary Tradias, which has grown to nearly 100 employees from just 10 a year ago. Chief Executive Beck owns 100% of Bankhaus Scheich and 60% of Tradias, with the other 40% owned by his son Christopher, who is the subsidiary’s CEO.
In February, the bank filed its annual statement for 2021, showing €14 million in crypto trading revenue, representing roughly a third of the €47 million in total trading income that year, compared to almost nothing the year before. That also doesn’t count Tradias’ revenue, which is not disclosed.
Given Bankhaus Scheich’s crypto-trading operation and the fact that it sells most of the crypto it cleans back to various crypto exchanges around the world, it maintains accounts at many of them. One of them happened to be recently shuttered FTX. In November, along with most of FTX’s other customers, the exchange froze Bankhaus Scheich’s funds, including about €2 million worth of bitcoin, ether and stablecoins.
The German bank is suing FTX, but the global exchange’s collapse may wind up bringing new business to Bankhaus Scheich as mainstream companies seek third parties to represent them in their crypto trading and tokenization efforts. “The clients now understood after FTX that there’s something like counterparty risk in the market,” says von Schoenaich-Carolath, who admits to already signing up three new clients that were formerly considering working with FTX.
“We put our money in 20 different baskets within our risk limits,” he says. “And when we lose some, nothing happens.” It’s possible that FTX’s collapse could create billions more in cryptocurrencies in need of cleansing, depending on which seized assets analytics firms decide to blacklist.
It is clear that U.S. regulators have prioritized enforcement over establishing clear regulatory rules and that’s likely to result in more crackdowns, seizures and untradeable crypto. In fact, in January, the U.S. Federal Reserve Board, the Federal Deposit Insurance Corp., and the Office of the Comptroller of the Currency issued a rare joint statement warning banks about the “vulnerabilities related to cyber-attacks, outages, lost or trapped assets, and illicit finance” and seizures and forfeitures are expected to increase as regulators around the world crack down on illegal uses of cryptocurrency.
All of this could be good news for Bankhaus Scheich, its in house crypto specialist Tradias and its budding digital asset laundry.
There are more and more remote workers in the modern age. Companies are realizing how effective it can be to have their staff based at home and opening up the possibilities of employing people without having to worry too much about where they are based. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
How Does Identity Theft Happen?
It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
It’s easy to think that identity theft isn’t too much of a big deal or assume that nobody could impersonate you so there’s nothing to worry about. Actually, once they have your details people can take advantage in a lot of different ways. Identity theft crime statistics are scary. 16.7 million people in America suffered some form of identity theft in the year 2017. That figure is continuing to grow. Billions of dollars are stolen every year using identity theft methods.
If you find yourself the victim of identity theft it might be impossible to recover all of the assets you have lost or the damage to your reputation or the company you work for. This means that identity theft is a huge issue that can impact years of your life. Also, people can commit crimes and run up debts in your name. This can leave you facing a legal battle in the future, too. Make no mistake about it, identity theft is incredibly rife and can make an impact for a number of years in the future.
This is not something you will necessarily have out of the way in a matter of weeks. Even if you contact the authorities and explain that you have been the victim of identity theft, the onus might be on you to prove this. Cybercrime is on the rise. 3.2 million identity theft, cybercrime, and other forms of fraud were reported in 2019. As you can see from this article, almost half of the time when people stole someone’s identity, they applied for a credit card. This debt doesn’t automatically get written off. You will need to prove that you were a victim of fraud and take action if this happens to you. Until then the debts could be in your name.
How Does Identity Theft Happen?
It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
It’s easy to think that identity theft isn’t too much of a big deal or assume that nobody could impersonate you so there’s nothing to worry about. Actually, once they have your details people can take advantage in a lot of different ways. Identity theft crime statistics are scary. 16.7 million people in America suffered some form of identity theft in the year 2017. That figure is continuing to grow. Billions of dollars are stolen every year using identity theft methods.
If you find yourself the victim of identity theft it might be impossible to recover all of the assets you have lost or the damage to your reputation or the company you work for. This means that identity theft is a huge issue that can impact years of your life. Also, people can commit crimes and run up debts in your name. This can leave you facing a legal battle in the future, too. Make no mistake about it, identity theft is incredibly rife and can make an impact for a number of years in the future.
This is not something you will necessarily have out of the way in a matter of weeks. Even if you contact the authorities and explain that you have been the victim of identity theft, the onus might be on you to prove this. Cybercrime is on the rise. 3.2 million identity theft, cybercrime, and other forms of fraud were reported in 2019. As you can see from this article, almost half of the time when people stole someone’s identity, they applied for a credit card. This debt doesn’t automatically get written off. You will need to prove that you were a victim of fraud and take action if this happens to you. Until then the debts could be in your name.
How Does Identity Theft Happen?
It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
Identity theft used to require physical documents to commit this kind of fraud, but now, things have changed. Details can be stolen in a number of ways and networks and websites can be hacked to allow fraudsters to find PII.
How Serious is Identity Theft?
It’s easy to think that identity theft isn’t too much of a big deal or assume that nobody could impersonate you so there’s nothing to worry about. Actually, once they have your details people can take advantage in a lot of different ways. Identity theft crime statistics are scary. 16.7 million people in America suffered some form of identity theft in the year 2017. That figure is continuing to grow. Billions of dollars are stolen every year using identity theft methods.
If you find yourself the victim of identity theft it might be impossible to recover all of the assets you have lost or the damage to your reputation or the company you work for. This means that identity theft is a huge issue that can impact years of your life. Also, people can commit crimes and run up debts in your name. This can leave you facing a legal battle in the future, too. Make no mistake about it, identity theft is incredibly rife and can make an impact for a number of years in the future.
This is not something you will necessarily have out of the way in a matter of weeks. Even if you contact the authorities and explain that you have been the victim of identity theft, the onus might be on you to prove this. Cybercrime is on the rise. 3.2 million identity theft, cybercrime, and other forms of fraud were reported in 2019. As you can see from this article, almost half of the time when people stole someone’s identity, they applied for a credit card. This debt doesn’t automatically get written off. You will need to prove that you were a victim of fraud and take action if this happens to you. Until then the debts could be in your name.
How Does Identity Theft Happen?
It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
Identity theft is nothing new. People have been stealing identification via Social Security numbers and other details for a long time, usually by stealing wallets, but historically some people would go through mail to find details for identity theft. In the modern age of the internet, it is easier for people to find personally identifiable information. This is sometimes abbreviated to “PII”. This allows people to commit fraud and pretend to be you. They can sometimes steal money directly in this way, but they can also do things to impact upon your reputation or, in the case of employees they might be able to gain access to company servers or more.
Remote workers need to think about the impact of their identity being stolen, access to their online accounts, and more, but if you don’t take the right precautions you can even be responsible for issues regarding your work details.
Identity theft used to require physical documents to commit this kind of fraud, but now, things have changed. Details can be stolen in a number of ways and networks and websites can be hacked to allow fraudsters to find PII.
How Serious is Identity Theft?
It’s easy to think that identity theft isn’t too much of a big deal or assume that nobody could impersonate you so there’s nothing to worry about. Actually, once they have your details people can take advantage in a lot of different ways. Identity theft crime statistics are scary. 16.7 million people in America suffered some form of identity theft in the year 2017. That figure is continuing to grow. Billions of dollars are stolen every year using identity theft methods.
If you find yourself the victim of identity theft it might be impossible to recover all of the assets you have lost or the damage to your reputation or the company you work for. This means that identity theft is a huge issue that can impact years of your life. Also, people can commit crimes and run up debts in your name. This can leave you facing a legal battle in the future, too. Make no mistake about it, identity theft is incredibly rife and can make an impact for a number of years in the future.
This is not something you will necessarily have out of the way in a matter of weeks. Even if you contact the authorities and explain that you have been the victim of identity theft, the onus might be on you to prove this. Cybercrime is on the rise. 3.2 million identity theft, cybercrime, and other forms of fraud were reported in 2019. As you can see from this article, almost half of the time when people stole someone’s identity, they applied for a credit card. This debt doesn’t automatically get written off. You will need to prove that you were a victim of fraud and take action if this happens to you. Until then the debts could be in your name.
How Does Identity Theft Happen?
It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
One issue that a lot of people ignore, but one that is still utterly vital, is identity theft. A number of people simply don’t realize how much of a threat this can be to their life and the problems it can cause. As a remote worker, you might have to consider both your own personal information and that of the company you work for.
In this guide, we’re providing some of the information you need to ensure you are preventing and tackling ID theft. We also show you what steps you can take if you are unfortunate enough to fall foul of online fraudsters.
What is Online Identity Theft?
Identity theft is nothing new. People have been stealing identification via Social Security numbers and other details for a long time, usually by stealing wallets, but historically some people would go through mail to find details for identity theft. In the modern age of the internet, it is easier for people to find personally identifiable information. This is sometimes abbreviated to “PII”. This allows people to commit fraud and pretend to be you. They can sometimes steal money directly in this way, but they can also do things to impact upon your reputation or, in the case of employees they might be able to gain access to company servers or more.
Remote workers need to think about the impact of their identity being stolen, access to their online accounts, and more, but if you don’t take the right precautions you can even be responsible for issues regarding your work details.
Identity theft used to require physical documents to commit this kind of fraud, but now, things have changed. Details can be stolen in a number of ways and networks and websites can be hacked to allow fraudsters to find PII.
How Serious is Identity Theft?
It’s easy to think that identity theft isn’t too much of a big deal or assume that nobody could impersonate you so there’s nothing to worry about. Actually, once they have your details people can take advantage in a lot of different ways. Identity theft crime statistics are scary. 16.7 million people in America suffered some form of identity theft in the year 2017. That figure is continuing to grow. Billions of dollars are stolen every year using identity theft methods.
If you find yourself the victim of identity theft it might be impossible to recover all of the assets you have lost or the damage to your reputation or the company you work for. This means that identity theft is a huge issue that can impact years of your life. Also, people can commit crimes and run up debts in your name. This can leave you facing a legal battle in the future, too. Make no mistake about it, identity theft is incredibly rife and can make an impact for a number of years in the future.
This is not something you will necessarily have out of the way in a matter of weeks. Even if you contact the authorities and explain that you have been the victim of identity theft, the onus might be on you to prove this. Cybercrime is on the rise. 3.2 million identity theft, cybercrime, and other forms of fraud were reported in 2019. As you can see from this article, almost half of the time when people stole someone’s identity, they applied for a credit card. This debt doesn’t automatically get written off. You will need to prove that you were a victim of fraud and take action if this happens to you. Until then the debts could be in your name.
How Does Identity Theft Happen?
It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.
What Happens When Your Identity is Stolen?
Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes. Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal.
As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.
How to Prevent Identity Theft
If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you. If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.
The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future. Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.
It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue.
It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.
There are some basic things you can do: Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples.
Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing. Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff. Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.
How to Tackle Identity Theft When it Happens
If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way. You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.
Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts. Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away. Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take.
Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world. Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media. Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.
Conclusion
There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future. If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously.
Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.
“Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.
1. Let’s go back in time. What piqued your interest in cybersecurity in the first place?
While working for the government, Wilson saw how criminal activity (such as financial crime) often involved cybercrime, because criminals used digital technology as part of their crimes. While at the FBI Counterterrorism Division (CTD), Wilson observed that at some point everything became a cyber issue, because of digital technologies used for travel or recruiting.
2. How has your career path given you cybersecurity expertise?
Wilson started with the Department of Defense (DOD) as a special agent for the Air Force Office of Special Investigations (AFOSI). There he looked at various criminal activities and threats to the Department of Defense. He also worked in counter-terrorism. He says that starting 10-15 years ago, more of these activities were occurring online.
Next, Wilson went to the FBI Counterterrorism Division (CTD). He points out that travel and communication are mostly done online, and even many physical transactions (such as depositing money at a bank) leaves a digital footprint.
After that, Wilson was a liaison for the Department of Defense and Pacific Command (PACOM), looking at transnational organized crime. Here too he dealt with digital footprints.
Next Wilson went back to the FBI, dealing with nation-state cyber actors. He says these groups are very good at hiding who they are, and they use different tools and platforms to hide their tracks.
3. What are the biggest challenges or threats consumers face related to cybersecurity or digital privacy?
According to Wilson, the biggest challenge is that “you have no idea who is holding your data.” He explains that the company you’re giving your data to may share it with third parties.
Another challenge, says Wilson, is that you don’t know where your login credentials (username and password) are stored by organizations.
Wilson says that another challenge is that you don’t know that your data has become available to those who shouldn’t have it until it’s too late; you often don’t find out until a criminal uses your data or steals your identity.
4. What can people do about those challenges and threats?
Several times during the interview, Wilson recommended using an identity theft monitoring service.
Be vigilant about your passwords, advises Wilson. Don’t use the same password for multiple accounts. If you do that, and one account is breached, hackers can use that password to get into your other accounts. This is known as credential stuffing. He recommends that you make each password unique.
Wilson also recommends that you encrypt your passwords. A password manager can do this.
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.We may earn a commission if you click this link and make a purchase at no additional cost to you.
5. How can parents protect their kids online, and help their kids protect themselves?
Because the threats to kids and adults are similar, Wilson advises that your entire family practice good cyber hygiene.
Wilson recommends that you monitor your kids, to know what sites they’re going to. He says you need to understand that kids click links without thinking carefully first. He points out that you can use apps for monitoring, and/or look at your router logs, or configure your router to block sites. The earlier you can educate kids about online safety, the better, says Wilson.
6. Let’s zoom in on identity theft. What are the most effective ways people can protect their identities?
Use an identity theft monitoring service, advises Wilson. Be vigilant, Wilson says, about who you’re giving access to your info. Be aware of scams that request personal info, which often spikes during tax season, says Wilson.
7. What are the biggest mistakes people make when using social media, which increases the risk of identity theft?
Posting photos that reveal your location, for example, a family photo that shows your address, is a mistake, says Wilson.
Don’t reveal that you’re traveling by posting about it, advises Wilson. Doing so tells criminals that it’s a good time to target your financial accounts, since you’re probably not closely watching your accounts while traveling. In addition to these dangers, says Wilson, high-net-worth individuals should be cautious of the threat of physical harm to themselves and their loved ones that can result from revealing their location or travel plans.
8. How much does a credit freeze help to reduce the risk of identity theft?
“I don’t know how effective it is,” says Wilson. “It’s more of a pain for you than it is for the cybercriminals, because they’ll find ways around it.” He explains that criminals can steal your identity or hurt you in other ways without getting access to your credit.
9. Is there anything people should do with their postal mail to reduce the risk of identity theft?
If you’ll be away from home, stop your mail, recommends Wilson.
I don’t think there’s a very large threat that way for identity theft.
Wilson explains that your address is already available online, without someone needing access to your mail to get it.
10. What steps should parents take to protect their kids’ identities?
Use an identity theft monitoring service for your kids, advises Wilson. He also recommends that you pay attention to the sites your kids are visiting and that you block sites as necessary, and educate your kids about online safety.
Wilson has seen identity theft happen to kids under 18. He says identity thieves can combine identity data from multiple sources to create a complete identity profile; for example, combining personal data from video games and data from the Equifax breach.
I won’t say they’re all very smart, but they’re very creative about how to monetize the data.
11. What should a person do if they suspect or know that their identity has been stolen?
Wilson notes that you’ll need to take steps to prove that a thief, not you, is using your identity.
12. Most people don’t understand the terms Deep Web and Dark Web. How do you explain these to the average person?
Wilson explains that the Deep Web refers to websites that aren’t indexed by search engines like Google, so you need to know the exact address of a Deep Web site to visit it.
The Dark Web sits within the Deep Web, says Wilson. The Dark Web is several marketplaces that sell goods and services such as narcotics, stolen identities, and guns. Their addresses usually end in .onion (rather than .com, .org, etc.).
Deep Web: Websites and webpages that aren’t indexed by search engines, so you can’t get to them through Google or other search engines. You can get to them using a normal browser, as long as you know the website address or click a link to it. There are good and bad, legal and illegal sites in the Deep Web.
Dark Web (or Dark Net or Darknet): Websites that aren’t indexed by search engines, so you can’t get to them through Google or other search engines. They can’t be visited using a normal browser, and typically require a Tor browser to visit, and that you know the website address or click a link to it. The Dark Web is home to an underground trade in illegal goods and services (though not all Dark Web content is illegal).
13. How well is the US government handling current cyber threats? How well do you think it’s prepared to handle future cyber threats?
I think they’re handling cyber issues very well. It’s always a game of cat-and-mouse. You catch up to one issue, one problem, and then another one happens. And the criminals always have a leg up, because they’ll go where we won’t. … There’s laws, rules, and regulations that we [the government] have to abide by in order to catch these guys. … it takes us a little while to get through those, but then we eventually get through them and we start catching the guys. Then they change their MO [mode of operation] again and we have to go through that whole cycle before we catch them again.
There are think tanks and groups that focus on potential future threats, says Wilson. Some threats cross lines between several government agencies and commercial organizations, says Wilson. He points out that the challenge is to figure out how the federal government can help an institution defend itself against a nation-state attack, and how the government will respond to such a situation.
14. Several governments have pushed back against end-to-end encryption, or requested backdoor access so they can monitor encrypted communication. What’s your opinion?
We’re always battling privacy and security, and that’s the main debate here.
Wilson advocates caution. “Would I want anyone to have full access to all my data and everything? No, I wouldn’t,” he says. But he points out that if there was another national crisis such as the September 11 attacks, he would want the government to have backdoor access to the phone of a suspect.
There’s a fine balance there, and I can see both sides of “hey, we need access to this as the government” but then also “as a private citizen, my information is private.”
Although Wilson doesn’t worry about the government monitoring him because he says he’s not doing anything wrong, he recognizes that other governments intrude into the private lives of their citizens.
Wilson thinks there should be some way for the government to get access to private communications when necessary. “I don’t think total anonymity is the key for everyone,” he says.
15. You’ve witnessed digital security and privacy trends over the last couple of decades. Are you optimistic or pessimistic about the future?
“I think I’m pretty optimistic,” Wilson says. He points out that as new technology pops up, we need to figure out the privacy concerns involved.
16. The 4iQ website shares news and advice about data breaches and identity theft. How else do you recommend people stay informed of cybersecurity and privacy issues?
Wilson does a lot of reading about data breaches, including websites such as Data Breach Today. For consumers, he recommends an identity theft monitoring service that watches for your specific data, and notifies you of breaches.
17. Do you have any other warnings, advice, or encouragement you’d like to share before we conclude?
It’s the holidays, so this is where things gear up. … be very careful about where you spend your money … also … giving [your] information out. If it doesn’t seem right, then don’t do it. … Be very vigilant during the holidays about what kind of information, and what kind of digital footprint you’re leaving out there.
How to Avoid Identity Theft: What You Should Do
Consider signing up for an identity theft monitoring service for yourself and other members of your family, including children. Don’t use the same password for multiple accounts. Make each password unique. Use a password manager to securely store your passwords. Monitor your kids, to know what they’re doing online. You can use apps for monitoring, and/or look at your router logs, or configure your router to block sites.
When Robyn Mathis, a 41-year-old food production plant worker from Brunswick, Georgia, stepped off a flight to Philadelphia last June, she expected an easy passage to her destination. She was set to pick up her rental car and charge it to her Chime card, as she had done several times before. For the last few years, the digital bank’s debit and credit cards had been her payment methods of choice. But at the Budget car rental desk at Philadelphia’s International Airport, Mathis got an unpleasant surprise.
Budget would not accept her Chime credit or debit card. Frustrated, Mathis, who was traveling with her two college-aged children, called other airport rental outlets—Enterprise, Avis and Dollar. All said they wouldn’t take her card. After two hours, Mathis finally gave up and called an Uber. Fintech had failed her. Upon returning home, she moved most of her money from Chime to her account at Bank OZK, a regional institution with more than 200 branches and roots stretching back to 1903.
Digital-first “neobanks” like Chime are one of the hottest sectors in the fintech revolution. They offer fast approval and low- or no-fee accounts, all without any brick-and-mortar branches—a powerful selling point during a pandemic. Chime grew from 7 million U.S. customers at the start of 2020 to more than 13 million by the end of this year, according to estimates by eMarketer.
Chime’s valuation hit a stunning $25 billion in August, and an initial public offering that could value the enterprise at $45 billion is in the works. Square’s Cash App, which began as a peer-to-peer money transfer service and has evolved into a digital bank, added 12 million users in 2020. Square’s stock has more than tripled since the pandemic began, and it now boasts a market capitalization of about $90 billion.
But the same “frictionless” signup and ease-of-use features that make digital banks appealing to customers have given crooks an opening to wreak havoc through various schemes. That includes “first-party fraud,” where customers (with accounts in their own names) do everything from racking up charges and yanking the money to pay those charges out of their accounts before a transaction settles to illegally collecting unemployment insurance in states where they don’t live or work.
Another tactic: exploiting America’s tortoise-like bank-to-bank transfer network by moving money from one account to another and then withdrawing the same funds from both accounts while the transfer is in process. Fintech providers also appear to be more susceptible to identity theft and “account takeovers,” where swindlers get access to another person’s account and start spending.
Take the case of Shayla King, a single mother of four from Tampa, Florida, who became a Chime fraud victim in July 2021. She first noticed the problem when she woke up on a Friday to see dozens of automated texts on her iPhone asking if she had made 62 transactions totaling $744 from different businesses in India. She texted back “no” and then got an automated text confirmation that the charges would not go through. King says she also immediately rang Chime’s customer support line to report the charges were fraudulent. But come Monday, her Chime account was nearly emptied.
“Companies used to build financial products starting with the risk … Everything today is built starting with marketing, and risk oftentimes comes way further down the funnel.”
King disputed the charges, but Chime denied her claim. She tried twice more, eventually copying an investigative consumer reporter at a local ABC affiliate on her email to Chime. Four days later, after the reporter contacted Chime, it returned the money, more than a month after King first reported the incident. (Chime admits it made an “initial error” in its dealing with King, but says it corrected the problem after King appealed, and not because of the TV reporter’s inquiry.)
“I will never in my life bank with an online bank again,” adds King, who says she spoke on the phone with more than a dozen different customer service reps during the ordeal. “That’s my car payment, my electricity bill … I’m a paycheck-to-paycheck person, and I’m still trying to climb out of that hole.”
According to data from Aite-Novarica Group, fintech companies like neobanks and robo advisors have an average fraud rate of roughly 0.30%. That’s as much as double credit cards’ historical rates of 0.15% to 0.20% and three times higher than debit cards’ less than 0.10% fraud rate. While these percentage differences might seem small, they’re significant given that banking profitability is measured in basis points or hundredths of a percent.
And these seemingly tiny percentages add up. In 2020, identity fraud alone caused $56 billion in losses across all U.S. financial services firms, according to research firm Javelin. Facing growing incidents of fraud, some merchants have begun limiting or even blocking the debit and credit cards being offered by Chime, Cash App and other neobanks.
“Companies used to build financial products starting with the risk,” says a fraud expert and executive at a San Francisco fintech company. “Everything today is built starting with marketing, and risk oftentimes comes way further down the funnel.”
Rental car agencies and hotels have so far taken the most consequential actions in response to fintech’s fraud problem. In March, Avis, which owns the Budget and Payless car rental brands too, blackballed Chime. Said one tweet to a customer, “Only Chime cards we no longer accept due to many fraud reports. Have a great day!” Avis also hung up signs at branch locations announcing the ban and over the summer its FAQ singled out “prepaid debit/gift cards and Chime debit/credit cards” as not acceptable for vehicle pick-ups.
Avis’ restrictions prompted a backlash from Chime and its card network, Visa, in late summer. Visa has a strict “honor all cards” policy for merchants who generally must accept any Visa card from any issuer. After Forbes reached out to Avis for comment, its policy page was updated to remove mention of its Chime restriction. An Avis spokesperson declined to explain the reason for its Chime ban, simply saying that Chime cards are accepted as payment upon returning a rental car, which would still require customers to have a different card for vehicle pick-up.
Enterprise and Hertz, the two largest rental car agencies in America, have also instituted fintech card bans. Forbes spoke with 10 Hertz storefronts across ten states, and most said cards tied to Chime were not welcome, with Cash App, Paypal or Venmo also rejected by some. An Enterprise customer service rep said locations at airports don’t accept Chime cards either. Some of the non-airport branches called by Forbes said they do accept Chime, though they cited various special restrictions such as requiring a utility bill. Nearly half of the dozens of Marriott Courtyard, Holiday Inn, Extended Stay America and La Quinta franchise locations Forbes spoke with said they don’t accept Chime or Cash App cards, either.
Spokespeople for Hertz and Extended Stay America said company-managed locations had banned Chime or Cash App cards, while spokespeople for Marriott and Enterprise claimed the cards are accepted. (Enterprise failed to clarify its airport policy.) The owners of the La Quinta and Holiday Inn brands did not respond to multiple requests for comment by Forbes.
Brian Mullins, Chime’s senior vice president of risk, downplays the problem. “In July, we had 50,000 transactions across all Marriott and Courtyard Marriotts … There may just be some individual locations where [a rejection of Chime cards] had occurred.” Chime had already done $150 million in Enterprise car rental transactions in 2021, he said in late August. “If it’s an issue, it’s not affecting our customers,” he insisted.
According to experts, much of the fraud seen by rental car agencies and hotels is so-called first-party fraud, where card holders run schemes under their real identities. One way they can do this involves taking advantage of a quirk in the U.S. payments system, says Mary Ann Miller, a vice president at identity and fraud company Prove. When someone picks up a rental car or checks into a hotel, the merchant processes a pre-authorization charge on their debit or credit card that puts a “hold” on a set amount of money.
That hold expires after a short period of time—say, three days, depending on the terms set by the bank that issued the card. Once it expires, a bad actor, who might have rented the car for a week for example, can spend the money, since it’s no longer locked up. When the rental car agency finally goes to charge the customer after the car is returned, the bank account tied to the debit card is empty or the limit on the credit card is exhausted, and the merchant or bank can’t collect.
Another fraud tactic is for a customer to dispute large numbers of legitimate charges. Chime says its systems try to weed out serial disputers, but its frictionless interface makes refusing Chime charges as easy as a few taps on its mobile app. “Account takeovers” are another scam that fintechs like Chime are particularly susceptible to, because fraud rings often target new technology, thinking it’s more likely to have holes. In one rip-off, scammers buy information on the dark web to figure out Chime customers’ usernames and passwords, then gain access to their accounts and go on a buying spree.
Can’t traditional banks’ accounts be taken over too? Yes, but the digital banks may be both more vulnerable and more likely to be targeted. “Digital-focused banks have a target on their backs because fraudsters know that the banks want to make the user signup flow and banking experience as seamless as possible,’’ says Vice President of Trust and Safety Kevin Lee at fraud prevention firm Sift.
Because of Visa’s and Mastercard’s dispute protection policies, merchants hit with various forms of fraud can often escape being held liable for the unauthorized charges themselves. But trying to clean up a rash of illicit activity is costly, involving many hours of research and internal meetings across different corporate teams.
Chime vigorously denies that its app has become a haven for fraud. Still, part of its problems may stem from the company’s aggressive customer acquisition campaigns, often using social media to attract unbanked or underbanked prospects who have little or no credit histories. In September, the company offered cash prizes of up to $1,000 to TikTok users who made videos including the hashtag “ChimeHasYourBack.” Two months later, TikToks sporting the hashtag had collectively garnered 7.3 billion views.
Chime declined Forbes’ request to provide its overall fraud rates, saying only that they’re significantly below the maximum thresholds set by Visa and Nacha, the nonprofit association that runs ACH, the U.S. bank-to-bank payments network. The fintech’s CEO Chris Britt instead blames the merchants for any problems that have developed.
“I think there’s a limited number of merchants that are not applying the industry standard of due diligence before giving consumers access to these rental cars,” he says. He adds that Chime doesn’t run credit checks on its users—it’s the rental car agencies’ job to determine consumers’ creditworthiness.
Chime isn’t the only fintech wrestling with fraud and delinquency problems, and these issues date back to the earliest fintech companies in America. From July through October of 2000, two years after PayPal got off the ground, the company lost $6 million to fraud at a time when its revenue was less than $5 million. PayPal was losing $1,900 an hour to fraud. More recently, phony jobless claims have been a problem for Green Dot and Square’s Cash App, as well as Chime.
Ten residents of Palm Beach County, Florida were arrested in September for attempting to raid other states’ unemployment benefit coffers. According to court records, the defendants typically opened accounts at Chime, Cash App or Green Dot under their own names, then applied for unemployment checks from states they had neither lived nor worked in.
Explaining how to commit the fraud to an unnamed associate, one 21-year-old defendant suggested using the three fintechs for direct deposit of the swindled funds: “States like Arizona and Pennsylvania hittin fasho…FREE GAME,” he wrote in an Instagram message reprinted in court records. “Chime Greendot cash app.”
“There’s no risk of needing to show identification in person, no surveillance video to show who’s utilizing the bank account.”-Kyle Kinney, detective at a local Florida police department
Kyle Kinney, a detective at the local Florida police department who investigated the cases, says the offenders likely preferred digital banks for their convenience, compared to brick-and-mortar alternatives. “There’s no risk of needing to show identification in person, no surveillance video to show who’s utilizing the bank account,” he explains. “Transferring and receiving funds to and from co-conspirators is pretty easy.”
The flood of extra unemployment money tied to the pandemic, as well as the expanded categories of people eligible for payments, has likely exacerbated the problem. The U.S. Labor Department’s Inspector General recently estimated that, based on an historical mispayment rate of 10%, between March 2020 and September 2021, $87 billion in enhanced benefits could have been improperly paid, with “a significant portion attributable to fraud.”
But, the IG added, the actual number—based on a preliminary audit—was likely higher. Frank McKenna, cofounder of fraud prevention firm Point Predictive, suspects that Chime was “one of the preferred ways that a lot of these fraudsters took money from the government, because they could easily go online, set up a Chime account very quickly, have the funds transferred into the account, and then quickly have those funds diverted elsewhere …
I think what you’re seeing now is the result of a lot of growth, and a lot of the fraud that might have gotten into the portfolio while all the stimulus came in.” He also says that there’s an active market on messaging app Telegram for people to buy Chime accounts.
It’s not just the merchants who have become wary of doing business with big fintechs like Chime and Cash App. HMBradley, a three-year-old, Santa Monica-based online bank with $375 million in assets, saw a startling rise in fraud coming from the transfers it gets from Chime and Cash App accounts. The schemers would typically open an HMBradley account, then connect it to an existing Chime account.
They’d request to transfer funds from Chime, and when the money reached HMBradley, they’d quickly ferry it into a third bank account. Often, the funds HMBradley was pulling in from Chime didn’t exist—and that’s possible because of the way the U.S. bank-to-bank transfer network, or the Automated Clearing House (ACH) system, works.
The ACH network, first built in the 1970s, lacks real-time verification and it can take days for transactions to settle through ACH. So when a neobank allows a customer to pull money from an outside account via ACH, it takes on the risk of finding out several days later that the customer only had $1 in his account even though he requested to transfer $1,000. ACH still underlies most money transfers, to the tune of $62 trillion in 2020, and is run by Nacha, a nonprofit association funded by financial institutions.
While HMBradley typically only sees about $500 worth of fraud per month, in May it lost tens of thousands of dollars, split between Cash App and Chime users, according to CEO Zach Bruhnke. To stop the bleeding, Bruhnke put longer holds on transfers so that a customer trying to pull in funds from a Chime or Cash App account would have to wait a few more days to see the funds arrive in HMBradley.
Another new online bank called One has also placed longer holds on Chime transactions. “It’s a reflection of how frequently the accounts tend to be fraudulent and how much loss tends to be taken on those transactions,” says One CEO Brian Hamilton. Chime CEO Chris Britt again prefers to shift the blame. He says that small companies like HMBradley and One “probably don’t have the same level of sophistication in terms of how to process things like ACH transactions and transfers from online accounts.”
Betterment, a robo-investing app with $29 billion in assets, blocked all new connections to Chime, Cash App, Square, Robinhood, Green Dot and Metabank in May due to “a trend of attempted fraudulent activity,” according to an email Betterment sent to some customers that was reviewed by Forbes. Britt says there are a “number of companies” that Chime “runs much more volume through … that are managing just fine.”
According to Bruhnke, Chime’s team was helpful in troubleshooting HMBradley’s fraud spike. Bruhnke tried to work with Cash App to get help, too, but their support was “almost non-existent,” he says. Today, HMBradley no longer puts longer holds on Chime transactions, but for most Cash App customers, he extends HMBradley’s typical two-day hold period for transfers to five business days and caps daily transactions to between $100 and $500.
Bruhnke says of Square’s rapid customer growth, “They’re a public company, and they’re sort of padding their user numbers by perpetuating this.” Square declined to make an executive available for an interview, but told Forbes via email that fraud prevention is a top priority and that Cash App maintains teams dedicated to resolving merchant acceptance issues.
Stock trading app Robinhood recently highlighted its own ACH fraud challenges. “Customers initiate deposits into their accounts, make trades on our platform using a short-term extension of credit from us, and then repatriate or reverse the deposits, resulting in a loss to us of the credited amount,” it wrote in its second quarter regulatory filing. As a result, its provision for credit losses for the first half of the year surged 54% to $37 million.
In February, a payments processing company that works with hundreds of merchants that sell age-restricted products like alcohol saw 45% of its fraudulent ACH transactions come from Chime, according to an executive at the payments company.
It noticed a pattern where some people had used multiple Chime accounts under slightly different names but with the same IDs. They’d buy alcohol from one merchant, but before the transaction settled, they’d quickly pull the rug out by moving that money into another Chime account, a maneuver made possible by the settlement lags of the ACH system.
The liquor stores saw tens of thousands of dollars of losses, and when the payments company determined that Chime wasn’t going to do anything to fix the problem, it permanently blocked Chime transactions altogether. Says the payments company executive, “If they’re not actively doing anything about it, then we have to actively do something about it.”
I’m a reporter on Forbes’ wealth team covering the world’s richest people and tracking their fortunes. I was previously an assistant editor for Forbes’ Money & Markets section, and I
I lead our fintech coverage at Forbes and also cover crypto. I edit our annual Fintech 50 list and 30 Under 30 list for fintech, and I’ve written frequently about leadership and corporate
Five years ago, from her prison cell, trans whistleblower Chelsea Manning sketched out a new way to protect online privacy. Now, she is helping an MIT-affiliated cryptographer bring the next generation of privacy software online.
Chelsea Manning’s long blonde hair catches in a cool summer breeze as she turns the corner into Brooklyn’s Starr Bar, a dimly lit counter-cultural haunt in the heart of the hipster enclave of Bushwick. The 33-year-old best known for leaking hundreds of thousands of top-secret government documents to Julian Assange in 2010, then coming out as a transgender woman, walks past a poster depicting sea turtles, humans and geese merging to form the outline of a dove. Beside the image are the words, “Your Nations Cannot Contain Us.”
Dressed in a black suit and wearing a silver Omega watch, she makes her way to a small wooden table illuminated by a shaft of sunlight. She orders a Coke. Contrary to what one might expect, this whistleblower turned trans icon looks uncomfortable in the hip surroundings. A fan reverently approaches her and welcomes her back. “This is my life,” she says after he leaves, expressing gratitude for the well wishes and lamenting the loss of her privacy. “I’m not just famous—I’m in the history books.”
While serving the longest sentence ever doled out to a whistleblower after she used the privacy-protecting Tor Network to anonymously leak 700,000 government documents, she used her time in incarceration to devise a better way to cover the tracks of other online users.
Knowing that the nonprofit Tor Project she used to send files to Wikileaks had become increasingly vulnerable to the prying eyes of intelligence agencies and law enforcement, she sketched out a new way to hide internet traffic using blockchain, the technology behind bitcoin, to build a similar network, without troublesome government funding. The entire plan was hatched in a military prison, on paper.
Fixing the known weaknesses of these networks is about more than just protecting future whistleblowers and criminals. Private networks are also vital for big businesses who want to protect trade secrets. The privacy network industry, including the virtual private networks (VPNs) familiar to many corporate users, generated $29 billion in revenue in 2019 and is expected to triple to $75 billion by 2027.
Manning thinks that not-for-profit efforts like Tor, which relies on U.S. government funding and a worldwide network of volunteers to run its anonymous servers, aren’t robust enough. “Nonprofits are unsustainable,” says Manning casually, sipping from her Coke. “They require constant upholding by large capital funds, by large governments.”
By January 2017, she was 7 years into a 35-year sentence at Fort Leavenworth, home to the likes of former Army Major Nidal Hasan, who killed 14 fellow soldiers in 2009. As President Barack Obama prepared to leave office, he granted Manning an unconditional commutation of her sentence. Newly tasting freedom, she was contacted by Harry Halpin, the 41-year-old mathematician who worked for World Wide Web inventor Tim Berners-Lee at MIT from 2013 to 2016 helping standardize the use of cryptography across Web browsers.
Halpin asked Manning to look for security weaknesses in his new privacy project, which eventually became Nym, a Neuchâtel, Switzerland-based crypto startup. Halpin founded Nym in 2018 to send data anonymously around the Internet using the same blockchain technology underlying Bitcoin. To date, Nym has raised some $8.5 million from a group of crypto investors including Binance, Polychain Capital and NGC Ventures. The firm now employs ten people and is using its latest round of capital to double its team size.
Halpin was impressed by Manning’s technical knowledge. More than just a famous leaker who happened to have access to secret documents, Manning struck Halpin as someone with a deep technological understanding of how governments and big business seek to spy on private messages.
“We’ve very rarely had access to people who really were inside the machine, who can explain what they believe the actual capabilities of these kinds of adversaries are, what kinds of attacks are more likely,” says Halpin. “She’ll help us fix holes in our design.”
Born in Oklahoma on December 17, 1987, Manning had her first exposure to what’s called network traffic analysis in high school. She and her Welsh mother, Susan, had moved to Haverfordwest, Wales, in 2001, when Manning was 13. In a computer class there, in 2003, she first learned to circumvent blocks put in place by the school to prevent students downloading certain files—and got caught pirating music by Linkin Park, Jay-Z and others.
The headmaster had been watching remotely. “It was the first moment where it dawned on me, ‘Oh, this is a thing. You can do this.’ By 2008 Manning’s interest in network traffic analysis first brought her to The Onion Router (Tor), a volunteer network of computers that sits on top of the internet and helps hide a user’s identity. The nonprofit organization leveraged something called “onion routing,” which hides messages beneath layers of encryption.
Each message is only decipherable by a different member of the network, which routes the message to the next router, ensuring that only the sender and receiver can decipher it all. Ironically, the network colloquially known as the “Dark Web,” used by Manning to send classified documents to WikiLeaks, was developed by the U.S. government to protect spies and other government agents operating online.
At around the same time Manning discovered Tor, she joined the U.S. Army. As a young intelligence analyst her job was to sort through classified databases in search of tactical patterns. After becoming disillusioned with what she learned about the fighting in Iraq and Afghanistan, she plugged into her computer, put in her headphones, and loaded a CD with music from another of her favorite musicians, Lady Gaga.
Instead of listening to the album, though, she erased it and downloaded what would eventually be known as the largest single leak in U.S. history, ranging from sensitive diplomatic cables to video showing U.S. soldiers killing civilians, including two Reuters journalists.
In prison she studied carpentry, but she never stopped exploring her earlier vocation. “I’m a certified carpenter,” she says. “But when I wasn’t doing that, I would read a lot of cryptography papers.” In 2016, she was visited in prison by Yan Zhu, a physicist from MIT who would later go on to become chief security officer of Brave, a privacy-protecting internet browser that pays users in cryptocurrency in exchange for agreeing to see ads.
She and Zhu were concerned with vulnerabilities they saw in Tor, including its dependence on the goodwill of governments and academic institutions. In 2020 53% of its $5 million funding came from the U.S. government and 27% came from other Western governments, tax-subsidized nonprofits, foundations and companies. Worse, in their opinion, the technology being developed to break privacy was being funded at a higher rate than the technology to protect it.
“As the Dark Web, or Tor and VPN and all these other services became more prolific, the tools to do traffic analysis had dramatically improved,” says Manning. “And there’s sort of been a cold war that’s been going on between the Tor project developers, and a number of state actors and large internet service providers.” In 2014, the FBI learned how to decipher Tor data. By 2020 a single user reportedly controlled enough Tor nodes to steal bitcoin transactions initiated over the network.
Using two lined pieces of composition paper from the prison commissary, Manning drew a schematic for Zhu of what she called Tor Plus. Instead of just encrypting the data she proposed to inject the information equivalent of noise into network communications. In the margins of the document she even postulated that blockchain, the technology popularized by bitcoin, could play a role.
Then, this February Halpin woke her up late one night with an encrypted text message asking her to take a look at a paper describing Nym. Developed completely separately from Manning’s jailhouse sketch, the paper detailed an almost identical system disguising real messages with white noise. A hybrid of the decentralized Tor that relies on donor support and a corporate-owned VPN that requires trusting a company, this network promised the best of both worlds.
Organized as a for-profit enterprise, Nym would pay people and organizations running the network in cryptocurrency. “The next day I cleared my schedule,” she says. By July she’d signed a contract with Nym to run a security audit that could eventually include a closer look at the code, the math and the defensive scenarios against government attacks.
Unlike Tor, which uses the onion router to obscure data sent on a shared network, Nym uses what’s called a mix network, or mixnet, that not only shuffles the data, but also alternates the methods by which the data is shuffled, making it nearly impossible to reassemble.
“Imagine you have a deck of cards,” says Manning. “What’s really unique here is that what’s being done is that you are taking essentially a deck of cards, and you are taking a bunch of other decks of cards, and you are shuffling those decks of cards as well.”
And, as it, turns out, not every government is comfortable using a privacy network largely funded by the U.S. government. Despite Halpin’s commitment to build a network that doesn’t require government funding to operate, in July Nym accepted a €200,000 grant from the European Commission to help get it off the ground.
“Knowing that Wikileaks had become increasingly vulnerable to prying eyes from intelligence agencies and law enforcement, she sketched out a new way to hide internet traffic using blockchain, the technology behind bitcoin.”
“The problem is that there was never a financial model that made any sense to build this technology,” says Halpin. “There was no interest from users, venture capital and big companies. And now you’re seeing what we consider a once-in-a-lifetime alignment of the stars, where there’s interest in privacy from venture capital. There’s an interest in privacy for users.
There’s interest in privacy from companies. And most of the interest from the venture capital side and the company side and the user side has been driven by cryptocurrency. And this was not the case even five years ago.”Even Tor itself is exploring how to use blockchain to create the next generation of its software. After receiving 26% of its total donations in cryptocurrency last year, the Tor Project received a $670,000 grant from advocates of the Zcash cryptocurrency and sold a non-fungible token (NFT) representing the first .onion address for $2 million in May, 2021.
Now, Tor cofounder Nick Mathewson says the Seattle-based nonprofit is exploring some of the same techniques developed by cryptocurrency companies to create Tor credentials that let users develop a reputation without revealing their identity. What he calls an “anonymous blacklistable credential.”
“If you’ve got a website, and somebody does something you don’t like, you can ban them,” says Mathewson. “You can ban the person who did that activity without ever finding out what other activities they did or figuring out whom you banned.”
Though Mathewson is interested in the possibility of using blockchain to upgrade Tor itself, he warns that making for-profit privacy infrastructure could lead to more money being spent on marketing than product development. “Our mission is to encourage the use of privacy technology,” says Mathewson. “I don’t really care whether that privacy tool is the one I made or not.”
Ironically, the same cryptocurrency culture Halpin says brought so much attention from investors, deterred Manning from getting involved earlier. Though she counts herself among the earliest bitcoin adopters, claiming to have mined cryptocurrency shortly after Satoshi Nakomoto activated it in 2009, she sold her bitcoin last year for decidedly nonmonetary reasons.
“I am not a fan of the culture around blockchain and cryptocurrency,” she says. “There’s a lot of large personalities that are very out there, like your Elon Musks and whatnot,” she says. “And it‘s very, like, ‘Oh, we’re going to get rich off of blockchain.’ It’s very nouveau riche. Like a new-yuppies-bro-culture that’s surrounded it. It has gotten a little bit better in some corners. But I think that culture is what I’m talking about. It’s like Gordon Gekko, but blockchain.”
Illustration by Fernando Capeto for Forbes; Photos by Malerapaso/Getty Images; Pete Starman/Getty Images
Though less than one percent of cryptocurrency transactions last year were considered illicit, according to blockchain data firm Chainalysis, that was still a record $20 billion, most of which is marked as dirty by a cottage industry of blockchain-data startups managing independent and unofficial blacklists. Crypto sitting on a blacklist is difficult to use and many crypto exchanges like Coinbase and Kraken refuse to accept it.
