Since 2002, almost all copies that have been manufactured for business use and some that are for home use, contain a hard drive that will store the record of every item copied, printed or scanned. Although this information is ‘encrypted’, it has been shown to be easily hacked by identity thieves. If you consider the kind of proprietary business information that may be stored on the devices as well as personal information, including bank accounts and credit card numbers, the potential for identity theft is escalated to staggering numbers.
Now consider this factor: What happens to those old printers, fax machines and copiers when they are finally out of commission? Many businesses as well as private individuals donate them to charities or schools, while others sell them to clearinghouses that then resell them in bulk quantities. All of those sensitive documents that were scanned, printed and faxed remain on the hard drive and can be accessed to create false credit cards and charges.
Identity theft in SA businesses exceeded R1 billion within the last year. South African Fraud Prevention Association is an organisation that is attempting to lead financial institutions and banks to share information on not only those that are committing the frauds, but their methods as well. Organisation representative, Carol McLoughlin indicated that the scale of identity theft is on the rise as more transactions are done electronically and catching the thieves has become incredibly difficult as they are first perceived as legitimate consumers. She continued to state, “But the money they steal is often linked to a fraudulent account. There is nothing that links the crime to the perpetrator… Last year we had 3,600 cases of identity fraud and this year we could top 4,000. They are ghosts. The crime has increased by more than 200% in six years.”
There are some clearinghouses that are aware of this type of fraud and they have established guidelines that include wiping all of the printer, copier and fax machine hard drives clean prior to reselling them. However, this practice is completely optional and up to the individual organisation. In the United States, some states have passed laws requiring that the hard drives be cleaned, but this requirement is state-specific.
The vulnerability of the standard copier/fax/printer doesn’t just exist in the home and business environment, but consider the standard machinery that is available for general public use at meetings, events and office supply stores.
Sharon Knowles, CEO of Da Vinci Forensics says:
The sophistication of today’s printers, copiers and fax machines includes hard drives that are not only large capacity, but easily to remove from the machinery. In the business world, accessing sensitive data can be a game changer, affecting everything from company practices, security procedures, and even detailed organisational plans and financial information. Cyber criminals are now seeing these technologies as a goldmine. Da Vinci Forensics consults with companies to advise companies in the ways and methods to protect their technologies from this type of crime.”