Identity Theft _ Identity Fraud by wuyunqing


									                                                A Special Advertising Section

        Identity                                                                Identity
         Theft                                          &                         Fraud

        Fighting Back                                                                           Written by aimpublications LLC

   t’s the fastest-growing crime in the United States, annually
   costing 9 million to 10 million victims — and the organizations
   with which they do business — more than $50 billion. But com-
panies that maintain and share personal data are doing plenty
to prevent it. Here’s how you — and your company — can help.
   A few large-scale computer-based heists notwithstand-         Protecting Electronic Payments Works
ing, identity theft remains chiefly a personal crime. Fully         Last year, for the first time ever, electronic payment trans-
half of U.S. identity theft and the fraud resulting from it is   actions in the U.S. exceeded paper-based check payments,
committed by victims’ family members, friends and neigh-         according to the 2004 Federal Reserve Payments Study. So
bors, according to Javelin Strategy & Research’s 2005            it’s not surprising that the most prevalent form of identity
Identity Fraud Survey Report.                                    fraud involves credit cards. Nevertheless, the percentage of
   “ID theft not only impacts individuals, but their             identity fraud involving credit cards has dropped dramati-
employers as well,” notes Thomas Chapman, chairman               cally in the last couple of years — from 41% in 2002 to just
and chief executive officer of Equifax. “The process of          28% in 2004, according to the Federal Trade Commission
cleaning up the damage caused by ID theft can lead to            (National and State Trends in Fraud & Identity Theft, Janu-
hours of lost productivity.”                                     ary-December 2004).
   Yet, ID theft also remains a mostly low-tech crime. Less         Certainly, the efforts of the major credit card payment sys-
than 12% of the identity information used fraudulently was       tems have helped. Visa, for instance, operates a global trans-
obtained online, the Javelin study indicates. More conven-       action processing network that provides better than 99.999%
tional methods — lost or stolen wallets, theft of paper mail,    reliability while settling nearly 100 million transactions a day.
sticky-fingered family or friends — are not only far more           “Visa’s approach,” says Susanne Lyons, executive vice pres-
common, accounting for upwards of 68% of ID thefts, but          ident and chief marketing officer for Visa USA, “has focused
often result in higher losses than online ID crime.              on developing layer upon layer of fraud tools and protec-
Advertisement 2

tions, including Continuous Fraud Mon-
itoring and ID Theft Assistance.”
   The company’s neural network-based
early warning systems, risk management
tools, security policies and programs,
use of smart-card technology and col-
laboration with other organizations
(such as launching the Phish Report
Network with Microsoft, eBay and
Whole Security) add up: fraud now rep-
resents less than one-tenth of 1% of total
Visa card volume.
   “The ultimate protection for card-
holders,” adds Lyons, “is our guaran-
tee that they won’t be liable for               If you have no access to online
fraudulent purchases.”                          accounts, review paper bank and
                                                credit card statements monthly
Preventing ID Theft                             and look out for missing bills or
& Fraud: The 10 Best                            statements.
Practices                                       Shred sensitive paper documents
  Like all people who steal, identity           as well as expired credit cards.
thieves seek the easiest mark. Here are         Pick up your paper mail promptly
some steps to take to protect yourself          and put sensitive outgoing paper
against them:                                   mail in a secure mailbox.
  What individuals can do. Despite              Protect sensitive information and
companies’ efforts to protect sensitive         documents from the prying eyes of
data and transactions, most ID theft            family, friends, neighbors and
and fraud is uncovered by individual            domestic employees. This includes
victims. Fortunately, there’s plenty that       PINs, passwords, bank statements,
individuals can do to both prevent              paper checks and Social Security cards.
identity theft and fraud and detect it          Do not carry identifying data —
promptly should it happen to them:              such as your Social Security
    Go electronic. This means checking          number, PINs or passwords — in
    financial statements online (at least       your wallet or pocketbook.
    once a week), paying bills online           Why: research indicates more ID
    whenever possible, signing up for           theft occurs as a result of lost or stolen
    direct deposit of your paychecks,           wallets than from any other cause.
    and canceling paper-based state-            Report lost or stolen credit cards
    ments and bills.                            immediately and cancel any inac-
    Why: (1) Research points to paper           tive credit card accounts.
    records and mail as the source of           Do not click on any Internet links
    many ID thefts, whereas the Internet        in e-mail messages from financial
    is the vector in just a small fraction      institutions or other companies
    of cases. (2) Electronic detection of       with which you do business;
    ID fraud is faster (18 days versus 114      instead, type the address you
    for discovery via paper-based state-        already know into your browser to
    ments) and losses are lower.                make online contact.
    Use e-mail-based alerts to review           Why: ID thieves using scams with
    your credit report and monitor              fake but legitimate-looking Internet
    account payments, withdrawals,              addresses are likely “phishing” for
    transfers and low balances.                 your personal data.
    Why: ID fraud committed via new             Install and faithfully update fire-
    accounts is tough to self-detect and        wall, anti-virus software and anti-
    usually costs victims more than             spyware. Why: this security software
    fraud involving existing accounts.          can protect your computer and the
    Equifax, for instance, offers services      sensitive data residing on it from most
    that track all three credit reporting       criminal attacks.
    agencies and send alerts about key         As organizations of all types transition
    changes within 24 hours.                 from paper-based to online record-
                                      Advertisement 4
                                      keeping, there’s much they can do to            Check employee backgrounds. This
  Protecting Employees,               protect the sensitive personal data of          is especially important for those with
      Customers …                     employees and customers that has been           access to sensitive information and
       and Yourself                   entrusted to them:                              those with access to areas where
                                         Store sensitive data in databases            sensitive information resides (such as
                                         and data storage environments                cleaners, contractors, temp workers).
  With the increase in identity
                                         secured via defense-in-depth systems         Undertake regular staff training
theft, Equifax has developed
                                         and techniques. Be sure to secure all        in privacy and security policy and
a series of programs and
                                         computer systems — including                 responsibilities. Don’t forget to
tools designed to help you               mobile devices like laptops and              include contractors and temps.
proactively protect your credit          PDAs — that contain sensitive data.          If a security breach involving sen-
standing.                                Store paper documents and                    sitive information occurs, notify
                                         microfiche in spaces that are                affected customers and/or employ-
  Take Control of Your Credit            secured and monitored.                       ees. In compliance with California
is an Equifax free credit                Develop a comprehensive privacy              law (Civil Code 1798.29 and
education program available              policy that articulates how sensitive        1798.82-1798.84).
in English and Spanish at                data should be collected and used.               This includes establishing a data
Its monthly e-mail newsletter,           collection policy based on the idea
available at, pro-           that you collect only the information
vides updates on managing and            unequivocally needed to do busi-
protecting your credit.                  ness — do you really require Social
                                         Security numbers or full birth dates?
                                         This also includes assigning roles
 The free Equifax Toolbar helps          and responsibilities, honing a
protect against identity theft via       response plan to deal with ques-
phishing by warning consumers            tions and complaints, and creating a
before they visit a fraudulent           crisis-management plan in the event         This doesn’t have to be daunting —
Web site.                                of loss, theft or electronic breach.     services are available to help organi-
                                         Pay as much attention to disposing       zations protect against identity theft
  Most important, Equifax offers         of sensitive data as to collecting it.   and fraud. Equifax, for instance, pro-
comprehensive identity theft             Electronic files should be “wiped”       vides solutions that authenticate iden-
protection products that are             using special software, disks and        tities online, automate online risk and
best-in-class. Its premium service,      CDs should be destroyed, paper           fraud assessment and identity authen-
Equifax Credit Watch™ with               documents should be shredded             tication, predict fraud potential, spot
3-in-1 Monitoring, alerts you            using cross-cut shredders, and           high-risk applicants who warrant fur-
within 24 hours of key changes           dumpsters should be locked and           ther investigation and help companies
to any of your three nationwide
                                         not publicly accessible.                 comply with government screening
                                         Develop a policy limiting display        regulations.
credit reports. This in-depth ser-
                                         and disclosure of sensitive data on         “In this day and age,” says Equifax’s
vice provides online dispute
                                         documents, badges, paychecks and         Chapman, “it’s shocking that people
guidance to clear up errant
                                         timesheets. Do not use Social Secu-      believe ‘it won’t happen to me.’” He
and/or fraudulent information.           rity numbers as any sort of person-      advises vigilance for both individuals
                                         al identifier for any purpose.           and organizations. “Being notified
  Equifax also offers programs           Carefully craft and execute an           within 24 hours … enables you to
that help businesses protect             organizational security policy that      quickly and effectively respond to pos-
their employees and their cus-           establishes who is allowed access to     sible threats, minimizing or avoiding
tomers, including proactive              sensitive data and under what con-       any serious damage.”
value-added programs and                 ditions such access is allowed.          Written by aimpublications LLC (,
emergency services in response           Access to sensitive data should be       provider of analytic and editorial consulting about key
to lost or stolen information.           limited to a need-to-know basis, and     business and technology issues and trends.
                                         penalties for unauthorized access or
                                         browsing should be strict and severe.
                                                                                             WEB DIRECTORY                   Deploy systems that constantly
                                         monitor and audit your organiza-                      EQUIFAX
                                         tion’s collection and use of sensitive    
                                         data. Conduct unannounced spot
                                         checks and reward those who          
                                         adhere to best practices.

To top