A Special Advertising Section Identity Identity Theft & Fraud Fighting Back Written by aimpublications LLC I t’s the fastest-growing crime in the United States, annually costing 9 million to 10 million victims — and the organizations with which they do business — more than $50 billion. But com- panies that maintain and share personal data are doing plenty to prevent it. Here’s how you — and your company — can help. A few large-scale computer-based heists notwithstand- Protecting Electronic Payments Works ing, identity theft remains chiefly a personal crime. Fully Last year, for the first time ever, electronic payment trans- half of U.S. identity theft and the fraud resulting from it is actions in the U.S. exceeded paper-based check payments, committed by victims’ family members, friends and neigh- according to the 2004 Federal Reserve Payments Study. So bors, according to Javelin Strategy & Research’s 2005 it’s not surprising that the most prevalent form of identity Identity Fraud Survey Report. fraud involves credit cards. Nevertheless, the percentage of “ID theft not only impacts individuals, but their identity fraud involving credit cards has dropped dramati- employers as well,” notes Thomas Chapman, chairman cally in the last couple of years — from 41% in 2002 to just and chief executive officer of Equifax. “The process of 28% in 2004, according to the Federal Trade Commission cleaning up the damage caused by ID theft can lead to (National and State Trends in Fraud & Identity Theft, Janu- hours of lost productivity.” ary-December 2004). Yet, ID theft also remains a mostly low-tech crime. Less Certainly, the efforts of the major credit card payment sys- than 12% of the identity information used fraudulently was tems have helped. Visa, for instance, operates a global trans- obtained online, the Javelin study indicates. More conven- action processing network that provides better than 99.999% tional methods — lost or stolen wallets, theft of paper mail, reliability while settling nearly 100 million transactions a day. sticky-fingered family or friends — are not only far more “Visa’s approach,” says Susanne Lyons, executive vice pres- common, accounting for upwards of 68% of ID thefts, but ident and chief marketing officer for Visa USA, “has focused often result in higher losses than online ID crime. on developing layer upon layer of fraud tools and protec- Advertisement 2 tions, including Continuous Fraud Mon- itoring and ID Theft Assistance.” The company’s neural network-based early warning systems, risk management tools, security policies and programs, use of smart-card technology and col- laboration with other organizations (such as launching the Phish Report Network with Microsoft, eBay and Whole Security) add up: fraud now rep- resents less than one-tenth of 1% of total Visa card volume. “The ultimate protection for card- holders,” adds Lyons, “is our guaran- tee that they won’t be liable for If you have no access to online fraudulent purchases.” accounts, review paper bank and credit card statements monthly Preventing ID Theft and look out for missing bills or & Fraud: The 10 Best statements. Practices Shred sensitive paper documents Like all people who steal, identity as well as expired credit cards. thieves seek the easiest mark. Here are Pick up your paper mail promptly some steps to take to protect yourself and put sensitive outgoing paper against them: mail in a secure mailbox. What individuals can do. Despite Protect sensitive information and companies’ efforts to protect sensitive documents from the prying eyes of data and transactions, most ID theft family, friends, neighbors and and fraud is uncovered by individual domestic employees. This includes victims. Fortunately, there’s plenty that PINs, passwords, bank statements, individuals can do to both prevent paper checks and Social Security cards. identity theft and fraud and detect it Do not carry identifying data — promptly should it happen to them: such as your Social Security Go electronic. This means checking number, PINs or passwords — in financial statements online (at least your wallet or pocketbook. once a week), paying bills online Why: research indicates more ID whenever possible, signing up for theft occurs as a result of lost or stolen direct deposit of your paychecks, wallets than from any other cause. and canceling paper-based state- Report lost or stolen credit cards ments and bills. immediately and cancel any inac- Why: (1) Research points to paper tive credit card accounts. records and mail as the source of Do not click on any Internet links many ID thefts, whereas the Internet in e-mail messages from financial is the vector in just a small fraction institutions or other companies of cases. (2) Electronic detection of with which you do business; ID fraud is faster (18 days versus 114 instead, type the address you for discovery via paper-based state- already know into your browser to ments) and losses are lower. make online contact. Use e-mail-based alerts to review Why: ID thieves using scams with your credit report and monitor fake but legitimate-looking Internet account payments, withdrawals, addresses are likely “phishing” for transfers and low balances. your personal data. Why: ID fraud committed via new Install and faithfully update fire- accounts is tough to self-detect and wall, anti-virus software and anti- usually costs victims more than spyware. Why: this security software fraud involving existing accounts. can protect your computer and the Equifax, for instance, offers services sensitive data residing on it from most that track all three credit reporting criminal attacks. agencies and send alerts about key As organizations of all types transition changes within 24 hours. from paper-based to online record- Advertisement 4 EQUIFAX keeping, there’s much they can do to Check employee backgrounds. This Protecting Employees, protect the sensitive personal data of is especially important for those with Customers … employees and customers that has been access to sensitive information and and Yourself entrusted to them: those with access to areas where Store sensitive data in databases sensitive information resides (such as and data storage environments cleaners, contractors, temp workers). With the increase in identity secured via defense-in-depth systems Undertake regular staff training theft, Equifax has developed and techniques. Be sure to secure all in privacy and security policy and a series of programs and computer systems — including responsibilities. Don’t forget to tools designed to help you mobile devices like laptops and include contractors and temps. proactively protect your credit PDAs — that contain sensitive data. If a security breach involving sen- standing. Store paper documents and sitive information occurs, notify microfiche in spaces that are affected customers and/or employ- Take Control of Your Credit secured and monitored. ees. In compliance with California is an Equifax free credit Develop a comprehensive privacy law (Civil Code 1798.29 and education program available policy that articulates how sensitive 1798.82-1798.84). in English and Spanish at data should be collected and used. www.mycrediteducation.com. This includes establishing a data Its monthly e-mail newsletter, collection policy based on the idea available at Equifax.com, pro- that you collect only the information vides updates on managing and unequivocally needed to do busi- protecting your credit. ness — do you really require Social Security numbers or full birth dates? This also includes assigning roles The free Equifax Toolbar helps and responsibilities, honing a protect against identity theft via response plan to deal with ques- phishing by warning consumers tions and complaints, and creating a before they visit a fraudulent crisis-management plan in the event This doesn’t have to be daunting — Web site. of loss, theft or electronic breach. services are available to help organi- Pay as much attention to disposing zations protect against identity theft Most important, Equifax offers of sensitive data as to collecting it. and fraud. Equifax, for instance, pro- comprehensive identity theft Electronic files should be “wiped” vides solutions that authenticate iden- protection products that are using special software, disks and tities online, automate online risk and best-in-class. Its premium service, CDs should be destroyed, paper fraud assessment and identity authen- Equifax Credit Watch™ with documents should be shredded tication, predict fraud potential, spot 3-in-1 Monitoring, alerts you using cross-cut shredders, and high-risk applicants who warrant fur- within 24 hours of key changes dumpsters should be locked and ther investigation and help companies to any of your three nationwide not publicly accessible. comply with government screening Develop a policy limiting display regulations. credit reports. This in-depth ser- and disclosure of sensitive data on “In this day and age,” says Equifax’s vice provides online dispute documents, badges, paychecks and Chapman, “it’s shocking that people guidance to clear up errant timesheets. Do not use Social Secu- believe ‘it won’t happen to me.’” He and/or fraudulent information. rity numbers as any sort of person- advises vigilance for both individuals al identifier for any purpose. and organizations. “Being notified Equifax also offers programs Carefully craft and execute an within 24 hours … enables you to that help businesses protect organizational security policy that quickly and effectively respond to pos- their employees and their cus- establishes who is allowed access to sible threats, minimizing or avoiding tomers, including proactive sensitive data and under what con- any serious damage.” value-added programs and ditions such access is allowed. Written by aimpublications LLC (www.aimpublications.com), emergency services in response Access to sensitive data should be provider of analytic and editorial consulting about key to lost or stolen information. limited to a need-to-know basis, and business and technology issues and trends. penalties for unauthorized access or browsing should be strict and severe. WEB DIRECTORY www.equifax.com Deploy systems that constantly monitor and audit your organiza- EQUIFAX tion’s collection and use of sensitive www.equifax.com data. Conduct unannounced spot VISA checks and reward those who www.visa.com/security adhere to best practices.