That’s Not Me!

identity theft
Identity Theft is real concern. Millions of people in the U.S. are victims of Identity Theft each year. Identity Theft has grown into a full-time business and spawned a new business, Identity Theft Prevention.

Identity Theft is defined as:

  • unauthorized use or attempted use of existing credit cards
  • unauthorized use or attempted use of other existing accounts such as checking accounts
  • misuse of personal information to obtain new accounts or loans, or to commit other crimes

Watching old movies, you’ve probably seen a character in a cemetary looking for a grave with the appropriate dates, then getting the birth certificate and driver’s license and applying for a social security number and passport. Did you ever wonder why no one cross checked for a death certificate?

I believe it’s trust. We just trust people. As a society, we have learned to question unsolicated emails and phone calls, and even to question websites that have offers too good to be true, but when you meet a new person, you just naturally trust him or her.

Working with our Spitfire Project Management System clients to solve software issues, I frequently use the sfPMS audit trail to find out when the data was entered or changed and who made the entry or change. With this information, I can directly go to the user and gather information regarding how the data was entered and if the user received any error messages or had any computer issues that day. Sometimes I hear: “That wasn’t me. I was too busy and Joe logged in as me.”  or  ” I didn’t enter that document. It must have been someone else. We all know each other’s logins and we all have the same password.”

OK, this may not qualify as Identity Theft under the Justice Department’s Criminal Code but it is an example of using another’s account. From a tech support perspective, this behavior makes it more difficult to track down info on the issue.  From a personnel perspective, the Work Accomplished report is corrupted and there is no accurate data per person; in addition, who needs training is more difficult to determine and there is no personal accountability. From a legal perspective, there may be paperwork to support a claim, but there won’t have any accurate record of who entered the data.

The Spitfire Project Management System does offer the means to tighten up security and we encourage our clients to think about their user security strategy. Users can be obligated to use longer, more complex passwords containing letters, numbers, special characters, etc., and be required to change those passwords periodically. This cuts down on the ease of sharing passwords. In addition, because Spitfire is a role-based system, it includes a proxy feature that allows one user to enter data for another without logging in as the other. Each of these proxy entries are recorded as “via Proxy user” so that the sfPMS audit trail is accurate and users never have to say “That’s not me.”

Set up correctly, there need be no Identity Theft in a project management system.