At ChoicePoint, the weak link in the chain of authorizations, authentications, passwords, access controls and data warehouse administrations was the business process.1 In particular, ChoicePoint's account initiation process reportedly accepted the documentation provided by the scammers, who were then authorized to open accounts. The process of background checking ("authentication") of those permissioned to access the data warehouse and related data stores reportedly allowed some 50 fraudulent accounts to be set up. This provided the occasion for further unauthorized changes, including identity theft.

The irony here is that the data warehousing systems of such data sellers as Acxiom, ChoicePoint and LexisNexis are used by employers, insurers or clients to perform background checks on prospective applicants. If insurance companies go to ChoicePoint to qualify their applicants, then to whom does ChoicePoint go in order to assure the authenticity of its own applicants? This is like the shoemaker's children having no shoes.2

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access