Identity Theft and the Public Accounting Firm

From the Sept. 2008 Issue

This month’s column is an interview with Robert Listerman. Bob and I recently spent a lunch hour together and talked about the problem of identity theft and how technology plays a role in identity theft. It was a very informative, eye opening and interesting conversation, and based on what we discussed I thought it important to point out that practicing accountants need to understand this problem. Practitioners need to be aware of the requirements the government is imposing on all users of personal information and why these rules could potentially cause significant issues for our profession.

Generally, identity theft is not directly linked to specific technology, but technology becomes the enabler that allows identity theft to occur because the root cause could be a poorly implemented firewall, improper security patching or sloppy technical implementations. The technology is not to blame; rather, it is the way the technology is utilized or implemented. While the focus this month is on the problem of identity theft and some of the government requirements being placed on all businesses, including the accounting profession, you should also be mindful of the underlying technology issues as you read. Technology, properly implemented, can prevent identity theft in a firm. The key question should be whether enough has been done with the technology to ensure that it is not enabling identity theft.

Before we get into the content of the interview, I would like to introduce you to Bob. Robert Listerman (Bob) is a Michigan CPA with over 25 years of experience as a process improvement business consultant. He graduated from Michigan State University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member firm of Deloitte & Touche USA LLP. Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The Institute of Fraud Risk Management in 2007, which recognizes his knowledge and experience in identity theft risk management.

Over 50 percent of identity theft can be traced back to unlawful or mishandling of non-public data within the work place. Recent federal and state laws have been enacted to bring both criminal and civil liability to any organization that improperly maintains data on customers, employees, vendors and even its own non-public identifying information.

Now that we have an idea of Bob’s background, let’s take a look at this security problem that can affect public accounting firms just as much as it affects the business clients we serve.

John: What is identity theft?
Bob: Identity theft is the use of personal identifying information by someone other than the rightful owner of that information for purposes of criminal activity. Generally, the criminal is using this information to benefit financially. In many cases, the person using the information is also NOT the person who originally obtained the information. Some of the more common types of identity theft include the following:

• Driver’s license theft – the use of a fake ID to commit or cover a crime.
  
• Social Security number theft – the use of a person’s SSN to obtain income generally payable through a 1099 or W-2.
  
• Character/Criminal ID theft – the use of an ID to cover criminal activity from another state. For example, a criminal carrying an apparently valid driver’s license in Virginia using someone else’s identity covers up the fact that Maryland has revoked a criminal’s driver’s license because of too much drunken driving activity.
  
• Medical theft – the use of someone’s ID to obtain test results. For example, someone who suspects they might be HIV positive could use someone else’s identity to obtain the test and results.
  
• Financial Identity Theft – The theft of information for purposes of stealing money from the victim.