Are you a thief’s best friend? (Identity Theft and your company)
Identity theft is defined as the process of using someone else’s personal information for your own personal gain.
Statistics published by SpendOnLife.com show that identity fraud involving Credit Cards, Utilities, Bank Accounts & Loans, and Employment represent 78% of the identity fraud cases reported.
Low-tech methods for stealing personal information are still the most popular for identity thieves. Stolen wallets and physical documents accounted for 43% of all identity theft, while online methods accounted for only 11%.
More than 35 million data records were compromised in corporate and government data breaches in 2008 (ITRC).
So, what is one to do? The battle being fought is actually on two fronts. The customers’ information is always on the forefront, and often the first security risk that comes to mind. But as an employer, you are also responsible for the security of your employees’ data as well. Both of these responsibilities are enforced by federal as well as state and local laws.
It has happened more than once, while trying to buy a part for my very-well-used car, that the clerk would complain about the lines being down and his inability to run my credit card. “But, just let me write down your card number, and I will run it as soon as the lines come back up.”
Are you kidding me?
Look around your business. Are there trash cans with orders or invoices thrown in them? Maybe a few credit card receipts? Perhaps a hand written name with a credit card number left beside a cash register? Anyone has access to this. Don’t be a thief’s best friend!
Protecting your customers’ data
Today’s organizations depend and thrive on data for marketing, customer Relevant Products/Services service and staff management, and like anything that is valuable, criminals have been seeking it to commit ID theft, blackmail or other crimes. (The Free Library)
Contact center staff are on the data security front lines. Properly trained they can thwart intrusion. Unfortunately contact centers too frequently have environments that foster data loss and theft. Employees are typically low-paid and have minimal or no benefits, are often poorly supervised, rushed to meet metrics, and face enormous stress.
To limit ID fraud U.S. Federal Trade Commission requires financial institutions and creditors to comply with its new Red Flags; after much delay enforcement begins Nov. l, 2009. The regulations mandate these firms to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft.
Another recommended checklist of 6 items to protect your customers is provided by Javelin Strategy & Research.
- Be Vigilant—Monitor your accounts regularly online at bank and credit card websites, ATMs or by phone and set up alerts that can be sent both online and to a mobile device. Americans who monitor their accounts frequently are most likely to uncover suspicious or unauthorized activity. The survey found that those victims who took more than six months to detect the fraud saw four times higher average costs. Meanwhile, too many cases of fraud are detected via slower methods, such as when consumers review credit histories, paper statements or are contacted by a debt collector.
- Keep Personal Data Private—Do not provide sensitive financial information over the Internet or phone, including Social Security Numbers, passwords, personal identification numbers (PINs) or account numbers, unless you initiated the interaction to a verified and trusted location, such as the number or web address on the back of a credit card, debit card or statement.
- Online is Safer Than Offline When Consumers Use Available Security Controls—Consumers should install and regularly update anti-virus and anti-spyware software, and keep operating systems and browsers updated. Once online access is secure, consumers should move financial transactions online to eliminate many of the most common avenues fraudsters use to obtain personal information and gain more control compared to traditional channels. Moving online includes turning off paper invoices, statements and checks, including paychecks, and replacing them with electronic versions. Avoid mailing checks to pay bills or deposit funds in your banking account. Instead, pay bills online and use remote deposit check imaging services.
- Be Aware of Those Around You—Be mindful of your environment and others who may be in proximity of overhearing sensitive financial or personal information or watching you text. This includes purchases over the phone or use of your Social Security Number for identification.
- Ensure Credit and Debit Cards are Protected—Obtain credit and debit cards from financial institutions that provide zero liability if a card is ever lost, stolen or used without authorization. Nearly all financial institutions automatically protect you against any unauthorized transactions made at merchants, over the phone, on the Internet or at the ATM.
- Learn About Identity Protection Services—There are additional services for those consumers who want extra protection and peace of mind. These include credit monitoring, fraud alerts, credit freezes and database scanning, some of which can be obtained for a fee and others at no cost. At a minimum, consumers should review their credit report no less than once per year, either for free at AnnualCreditReport.com or through many financial institutions’ websites.
Protecting your employees’ data
Employers have a duty to protect their employees from identity theft. That means making sure no unauthorized party can gain access to employees’ Social Security numbers, banking information (that might show up on direct-deposit authorizations, for example), dates of birth or any other data criminals could use to steal their money or compromise their privacy.
The federal Fair and Accurate Credit Transaction Act (FACTA) of 2003 says employers that negligently or purposely let employees’ personally identifiable data fall into the wrong hands can face fines of up to $2,500 per infraction. (FACTA applies to customer data, too.)
The laws at local, state, and federal levels can be quite a dizzying array of do’s and don’ts, and attempts to figure them all out can become futile. A better way is to develop a blanket plan for your organization maintaining the highest standard of data security – a policy that meets the most stringent requirements.
A recommended check list of 6 basic items is provided by Business Management Daily
- 1. Secure job applications, which contain sensitive information. Store paper applications in a locked area with limited access. Receive applications over the Internet only through encrypted web pages.
- 2. Require confidentiality agreements for employees who handle and process hiring or payroll information. Make it clear that employees selling, distributing or even negligently exposing personal information may be subject to criminal prosecution.
- 3. Run background checks on staff who handle personal information.
- 4. Implement a data-removal policy that limits who can take sensitive information from your premises and how they must secure it. It’s best to make sure employee data stay within your walls. But if you do allow employees to remove personal data—say on laptops—make sure to password-protect and encrypt the data.
- 5. Don’t cover up breaches Inform employees right away so they can work with financial institutions to limit the damage. Law enforcement officials may ask you to stay mum while they investigate, but most states require you to notify employees as soon as the police give the go-ahead.
- 6. Implement a document-destruction protocol. State laws generally don’t dictate when you should destroy old documents, but some dictate how. The strictest states require you to shred paper documents before discarding them. Electronic records must be erased completely, and all duplicate records destroyed.Protecting your customers’ data
FACTA information: http://www.privacyrights.org/fs/fs6a-facta.htm
Federal Trade Commission “Red Flag” law: http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm
Federal Trade Commission Anti-Identity Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft/
State Laws (by state): http://www.ncsl.org/?tabid=12538