Exploitable Identity Component

From an identity theft and fraud management standpoint, an exploitable identity component refers to the identity component which can be used for identity theft and fraud purposes. Some identity components are more vulnerable to exploitation for theft and fraud purposes and may be exploited with or without other identity components. For example, in the United States of America, a Social Security Number (SSN) is heavily relied on to identify individuals and approve transactions. As such, many of the identity monitoring services primarily and rightfully focus on monitoring an individual’s SSN to notify when the SSN is used for a transaction in order to allow the individual to validate the transaction. On the other hand, an exploitable identity component may have to be combined with another piece of identity component for identification purposes such a gym membership card which must be validated with another photo identification card or personal identifier to verify the person’s identity.

Our identities are comprised of many components some of which are more important than others because a) they are private information and we prefer that they remain non-public, and b) they are used by businesses and governments to authorize our transactions which if stolen, can lead to identity fraud and disclosure. When we talk about identity theft management and protection, we really are talking about the pieces of our identities which can be exploited by identity thieves. Sometimes, the term "identity theft" is used to refer to unrelated cases or irrelevant identity components. Some identity components are not as exploitable by themselves and must be combined with other pieces of personal information for authorization purposes. Such standalone and un-exploitable identity components include a gym membership card as mentioned above which must be presented with a piece of identification for verification purposes. This also brings up an important point that even exploitable identity components present varying degrees of vulnerability and damage which should be considered in our identity protection efforts.

Therefore, as we apply best identity protection practices to protect the identities of our customers and employees, or our own identities, we have to be somewhat discriminatory by first identifying our personal information starting with the most exploitable identity component and then applying more stringent security practices to our most vulnerable personal information. If a society places much importance on a single piece of identity component for identifying and verifying the identities of its citizens, then that identity component must be treated with due care.