It is no longer a question if your identity will be stolen; it is a question of when. We are hearing that statement more and more from industry leaders. Fortunately, not everyone will have his or her identity stolen. However, if you are not taking an active role in defending your identity it is a question of when.
Debra recalls when there were approximately seven hundred thousand reported cases with the FTC about ten years ago, and today there are more than twelve million reported identity theft victims. A previous guest asked the simple question, “Is what we are doing making things better”?
Ten years ago, the Post Master General conducted a study that indicated that Identity thieves made approximately $10,000 dollars a day. That was ten years ago. Today Identity theft is a big business…Think large corporation, organized and sophisticated.
“At this rate, at the rate things are going, it’s not if you’ll be a victim of Identity theft, but when”, said Debra.
Identity theft is such a growing concern, specific legislation has passed called the “Red Flag Rules” that affects nearly all businesses. Debra Geister describes it as, “the first piece of legislation that requires anybody that is defined as a creditor to have an Identity theft prevention program in place”.
The reality is for small businesses to consider Red Flags Rule and an Identity theft program as a risk-based approach. The whole idea is to make sure someone is not trying to use another individual’s identity or smear his or her good name. Every business is unique and should stop and consider how an Identity thief would go about obtaining enough information to create or assume another’s identity.
Often small business owners assume that if they are PCI compliant, they are also compliant with “Red Flag Rules”. Unlike PCI compliancy that deals with the credit card environment, and making sure you are doing the right things according to the credit card companies. Red Flags Rule on the other hand addresses businesses that extend credit, credit reports, manage consumer data, multiple payments, and/or transactions, which defines a business as a creditor under the Red Flags Rule…A broad definition.
The whole idea is to make sure, as best as you can that the person making the transaction is indeed the person he or she claims to be. In addition the business owner will need to make sure the processing of those transactions are safe and secure by having adequate virus protection, firewall protection, etc. Data breech is a very big driver of Identity theft.
It may be good news, but on the other hand, it is also sad news. Debra mentioned that in a recent report in a FinCen study that 27% of the suspicious activity reports (SAR), relating to Identity theft, “reported that the victim of identity theft knew the subject of the SAR, who was usually a family member, friend, acquaintance, or employee working in the victim’s home.”
If any good news is in the latter statement, it is that you can do something to help prevent Identity theft from happening. The report is saying the number one cause in the rise of Identity theft is family, friends, and businesses. You can do something – keep private things private.
When it is all said and done, you have little control over your personal identifiable information from becoming compromised when stored on any large database. What is important is what you do when it becomes compromised, and how you respond to it.
Debra suggests your immediate response should be how I could be sure to protect myself. Be aware of any account that is being opened, contact your financial institution to alert them, contact the major credit bureaus (by law, telling one credit bureau, obligates them to inform the others), and place a freeze or fraud alert (or both) on your file.
As Debra pointed out, at the end of the day, “We are all attached to our identities, and really the biggest assets that we have. Our identities are our reputation out in the digital world or non-digital world of who we are.”
Following is a list provided by Debra Geister of things you should and should not do…Think Deter – Detect – Defend:
DETER identity thieves with safeguarding
• DO always shred documents with SPII
• DON’T carry your Social Security card with you
• DON’T carry cards you don’t use
• DO limit check writing and utilize security measures for payments
• DON’T EVER respond to emails or phone calls from anyone requesting personal information
• Install and maintain virus, firewall and anti-spyware systems
• DON’T hand your credit card to unknown people for processing
• DO ask questions
• DON’T be offended if a clerk asks for ID
• DO limit access to your personal information
DETECT suspicious activity
• DO be alert to signs that require immediate attention
o Bills that do not arrive as expected
o Unexpected credit cards or account statements
o Denial of credit for no apparent reason
• DO review your bank and credit card statements carefully
• DO monitor your credit report at least annually at www.annualcreditreport.com
DEFEND against ID theft quickly
• DO place a “Fraud Alert” on your credit report immediately if you suspect identity theft has occurred
• DO close accounts that have been tampered with or established fraudulently
• DO alert your financial institution
• DO file a police report
DO report the theft to the Federal Trade Commission
Your CyberHood Watch Partner,
david c ballard
Radio Security Journalist