Identity theft is defined as wrongfully obtaining and using a business' or person's personal data for fraud or deception, generally for financial gain. That data can include anything from your company's bank details to your own personal credit card information. Use of the internet is undoubtedly a factor in the rise of this type of crime and online criminals are harder to trace.
- In the UK, identity theft soared to a record £29.7m in 2003, according to the Association of Payment and Clearing Services (Apacs).
- The Identity Theft Resource Centre (ITRC) based in America conducted a recent survey that stated the average time spent by each victim to rectify the problems associated with the theft of their personal information was 600 hours.
- It has been estimated that at the end of 2003, identity fraud in all its forms cost governments, businesses and individuals world-wide US$221 billion. This figure is estimated to triple to $2 trillion by the end of 2005.
What to watch out for
- "Shoulder surfing" - Watching and listening to you from nearby, for example when you are making a business call on the train, or in a hotel lobby confirming your booking details.
- Rubbish sifting - Rummaging through rubbish bins to find copies of cheques, bank or credit card statements, or just about anything else that bears any information about you or your business.
- Spam, phishing - Typically what looks like a legitimate corporate email but requesting certain key information from the recipient.
- Dishonest employees - With access to personal records who either provide this data to thieves or use it themselves.
- Business deception - Beware of fraudulent employees that may simply use invoices or company stationery to obtain goods and services or that create an entirely false trading history. Conversely criminals may copy a business website and trick customers into handing over payment details or money.
- Physical theft - The old fashioned way! This could be in an intentional form such as mugging, or the fault of the owner through misplacing belongings for instance.
- Hackers, crackers and key loggers - Potential evil lurks behind every web page, e-mail and online transaction. Spyware can capture every keystroke including passwords, account details, and pin numbers. This is forwarded back to the criminal that then gives them quick and easy access to your accounts.
Reduce your chances of being a victim
FAST advises businesses to ensure appropriate policies and procedures are in place to increase employee awareness of the risks and to educate and train employees to know the signs of identity theft.
- Establish a clear reporting procedure for any such incidences or suspicions.
- Shred all important papers especially anything with names or banking information on it.
- It is an unfortunate fact that a majority of serious fraud emanates from a company's own employees and management. Businesses must carry out checks on all employees with access to personal information, including any temporary and part-time employees and keep a record of all those who have access.
- Keep hard copies of personnel information in locked files.
- Do not provide any information without verifying exactly why the data is being requested.
- Implement regular auditing of fraud and risk management for all departments. Analysing any risks could highlight areas for concern or improvement in current procedures.
- Don't use credit cards to make internet purchases unless you have gone directly to the vendor's site, and be sure to confirm you have a secure connection - indicated by the prefix "https" at the beginning of the location or address line of your browser. *Request a copy of your credit rating at least once a year from a credit reference agency. Review it carefully and immediately address any anomalies. Monitor monthly bank and credit card statements.
Geoff Webster is CEO at FAST Corporate Services