We recently wrote an article on identity theft, published in Inside Business.
We have included it below for your reference.
The holiday season can provide the greatest opportunity for sales growth but can also be a great opportunity for fraudsters to steal your consumers’ information or your businesses’!
Identity theft is the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain. These stolen identities are frequently used for fraudulently obtaining loans, accounts, credit cards, or other expensive purchases.
At Risk Data: Personal Identifying Information
Businesses routinely gather Personal Identifying Information (PII) from credit transactions. Information such as SSN, credit card numbers, birthdates, etc. This data is frequently maintained in databases and transmitted over Internet. Stealing this information has become big business for fraudsters.
What it Means for Businesses
All it takes is for a business to have one data breach and it could spell certain doom and could result in having to close their doors. A data breach will cost a business countless amounts to make the consumer(s) whole but that doesn’t do much for the tarnished reputation that will soon follow the breach.
In fact, small businesses are often targeted because they don’t have the resources or finances to pay for rigorous identity theft safeguards and protections. The average cost of a data breach has risen to over $200 PER RECORD.
A few common examples in which small businesses have breaches include:
- Insider Mistakes – 15%
- Malicious Insiders – 45%
- Outside Attacks – 40%
Insider Mistakes: A well-meaning employee misplaces a laptop that contains PII data. Data can be intercepted via email. PII data can also be downloaded onto a thumb drive and removed from the company premises.
Malicious Insiders: Disgruntled former employees could have saved PII information about the client base and took it with them. They may sell the data to hackers or turn around and use it themselves.
Outside Attacks: These attacks can include breaking into a company’s computer network through a variety of means, from exploiting vulnerabilities to malware attacks to figuring out default passwords. The attacks have become so sophisticated that hackers can map out a business’ system and locate and capture PII.
Other examples of business identity theft include a variety of schemes involving the fraudulent use of company’s information, including:
- Establishing temporary office space and/or merchant accounts in a company’s name.
- Ordering merchandise or services with stolen credit card information or with bogus bank account details in the name of a victimized company.
- Scamming company employees or using phishing attacks to get to a company’s banking or credit information.
- Going through a business’ trash and recycling bins for account numbers and other sensitive data.
- Filing bogus documents with the Secretary of State’s office in order to change the business’ registered address or the names of directors, officers or managers of the company, which can later help thieves establish lines of credit with banks and retailers.
Methods of Prevention
- When you encrypt your data, it’s important to have the “keys” to de-encrypt it. It’s also important to be very careful who within your company has those keys. Encryption will NOT prevent the data from being obtained. The purpose of encryption is to render the data unintelligible. A good analogy is a paper shredder. Encryption slices the data up and requires a great deal of time to “reassemble” the data. In the time it would take to make the data usable, it will become useless. However, be sure to upgrade the encryption software from time to time as it continues to improve to stay ahead of fraudsters.
- Ensure that all computers have anti-virus and anti-spyware protection.
- Protect company network with a firewall.
- Keep software and browsers up-to-date with security patches.
- Educate your employees. Train your employees to recognize tactics used by fraudsters for obtaining sensitive information. These fraudster interactions could be face to face, over the phone, or even through email. The culprits could be looking for the sensitive information itself or even clues that would enable them to obtain the keys to access such information.
What to do – Businesses
If your business has been impacted by identity theft, immediately report the incident to your attorney and law enforcement. Remember to keep all documents and communications as it pertains to the fraud.
What to do – Consumers
If you are a consumer and have had your identity compromised, the first thing to do is notify the authorities. In the event that you want to check your credit file for unauthorized activity, please visit www.annualcreditreport.com or by calling: 1-877-322-8228, or by mail to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. This is the government site for obtaining a credit file. Victims of ID theft are eligible for a free credit file. If fraud is found on your credit file, a dispute can be filed online. Disputes with Equifax can be filed electronically by going to: https://www.ai.equifax.com/CreditInvestigation/home.action
As a business owner and consumer, remember to:
- Familiarize yourself with ways fraudsters try to get PII. (ie phone, computers, emails, etc).
- Instill precautions (ie encryption, firewalls, anti-virus, etc) in your business and home.
- Update and upgrade protection programs when needed to stay ahead.
- Educate and train staff and family members about identity theft and how to prevent it.
- Monitor your credit report for fraudulent activity.
Act immediately if unknown activity is found. DO NOT WAIT.