|
 |
|
|
HOW TO
KEEP YOUR IDENTITY—AND YOUR MONEY—WHERE THEY BELONG...
By Pam Droog Jones
Have you seen the latest television commercials, the ones that feature
the voice of a credit card thief superimposed over their unsuspecting
victim? They may be funny, but the subject of the ads—identity
theft—is anything but humorous. According to the Federal Trade
Commission (FTC), identity theft robbed U.S. businesses and financial
institutions of about $48 billion in 2002 alone. And that doesn’t
include $5 billion in related expenses, such as bounced check fees,
or the hundreds of hours it takes to recover from a typical identity
theft crime.
MasterCard is continually developing security features
for card users, issuers and merchants. The Global
Technology and Operations Center is located in O’Fallon,
Mo. |
|
“Think about how dependent we are on transactional-based activities,”
says Katie Crepps, vice president for risk products at MasterCard
International. “Identity theft is a big thing to clean up.”
So what can an individual do to keep their identity safe? It starts
with the plastic in your wallet or purse. Nearly 20 percent of identity
thefts involve misuse of a credit card, Crepps says. As a result,
MasterCard is continually developing security features for card
users, issuers and merchants.
“The main information that’s stolen is someone’s
name and social security number,” Crepps says. “Unfortunately,
thieves are getting smarter and information is getting easier to
find.” For example, criminals can easily learn the maiden
name of your mother—a commonly used password—just by
visiting popular genealogy Web sites.
Recent innovations have sought to stop credit card fraud at the
point of purchase—whether that be in person, over the telephone,
or on line. For example, MasterCard displays the full account number
on the front of its cards, plus three digits on the back. When ordering
merchandise over the phone, many merchants will ask you to provide
the back number as well as the front, thus ensuring the card is
actually in your possession.
"THINK
ABOUT HOW DEPENDENT WE ARE ON TRANSACTIONAL-BASED
ACTIVITIES; IDENTITY THEFT IS A BIG THING TO CLEAN
UP."
Katie Crepps
vice president for risk products,
MasterCard International
|
|
Of course, businesses are also potential victims for identity thieves.
To protect issuing banks, MasterCard introduced SecureCode, which
requires the cardholder to enter additional passwords or security
codes before an online transaction is allowed. Merchants can also
take advantage of MasterCard’s Address Verification Service,
which uses a portion of your billing address to validate your identity.
Criminals with nothing but a credit card account number will likely
not have the additional information requested by the merchant, Crepps
says.
|
SEVEN
WAYS TO PROTECT YOURSELF
|
1. Be
proactive. Put passwords on all credit cards and bank accounts.
Don’t use easy password information like your birthday or
phone number.
2. Secure personal information. Shred pre-approved credit
card applications, and be vigilant regarding people working
in your home.
3. Don’t give out personal information through the phone,
mail, or Internet unless you’re sure it will be secure. Identity
thieves are very skilled liars.
4. Shred unwanted documents—credit card statements, receipts,
doctor bills, etc. Don’t leave your trashcan on the street
for long periods of time.
5. Deposit outgoing mail at U.S. Postal Service mailboxes
or at the post office itself. Put mail on hold if you’ll be
away.
6. Limit the number of credit cards you carry with you, and
secure your purse and wallet while at work.
7. On your home computer: update virus protection software;
don’t download files from or link to Web sites of strangers;
install a firewall; don’t store financial information; use
a password with both letters and numbers; don’t use an automatic
logon.
Source: Katie Crepps of MasterCard International.
|
|
SEVEN WAYS TO PROTECT YOUR BUSINESS
|
1.
Use an effective password protection system, such as proximity
cards or biometrics.
2. Keep your firewall updated and review the logs.
3. Limit access to computers, files and information; critical
information should be encrypted.
4. Avoid file-sharing access to Web sites like Napster; Chat
rooms and joke Web sites also may expose your network.
5. Educate employees regarding suspicious e-mails or other
signs of identity theft. Train them to completely shut down
computers every time they leave, even briefly. Discuss what
to do if your computer is infected.
6. Have a plan in place regarding employees who leave the
company.
7. Perform regular audits to discover weaknesses within your
infrastructure that could be exploited.
Source: Mike Weber of Computer Forensics Investigative
Services
|
Taking it to another level, an increasing number of companies have
biometric security systems in place for employees, vendors and visitors.
This technology uses your body’s unique physical characteristics
to positively identify you. One St. Louis company, Access Denied
Systems Inc., installs biometric systems, such as fingerprint scanners.
“The irony is that everybody thinks they’re protecting
their computer against all known assailants,” says Sid Furst,
president of Access Denied. “But who cleans the offices at
night? All of those people have access to every office. Our system
prevents unauthorized people from getting into your computer and
stealing your company’s identity.”
MasterCard employs biometrics at its Purchase, N.Y., headquarters,
but Crepps says there are limits to how far the company will go.
“We see a lot of companies saying biometrics are the way to
go,” she says, “but that can be intrusive for consumers.”
For executives, much of what an identity thief needs to steal from
your organization can be found in the garbage. To prevent this,
some companies are turning to professional on-site shredding services,
such as St. Louis’ ShredPro.
“A few years ago people threw documents into dumpsters, but
now we’re recycling—and that’s just not secure,”
says company owner Rick Nast. “Documents leaving the premises
in their entirety can be read or sold.”
Some companies are turning to professional on-site
shredding services, such as St. Louis’ ShredPro, to
prevent identity theft. |
|
Nast says companies take definite risks by destroying their own
documents. “Documents pile up in the back room until someone
has the time to shred them,” he says. This system also relies
entirely on some of your company’s lowest paid workers—many
of whom have not been thoroughly vetted.
Which brings us to an uncomfortable truth: well over 50 percent
of corporate identity theft is internal, carried out by disgruntled
employees. Mike Weber, president of Computer Forensics Investigative
Service, says, “A lot of corporate identity theft, especially
the serious cases, requires the help of insiders. Information within
companies, like social security numbers, credit reports or trade
secrets, is worth a certain amount of money on the street.”
Weber’s company investigates cases of corporate identity theft
(taking over a company’s identity) and identity fraud (creating
a fictitious identity). “It’s just another way to do
an age-old con game to take people’s money, with data as the
new currency,” he says. “Unfortunately, business is
booming.”
Weber gives some examples: “Extortion is on the rise. What
happens is hackers get into very secure and sensitive information,
and when company officials log on they get a message saying, ‘We
have access to your customer list, but if you pay us $100,000 we
won’t put it out on the Internet.’”
In other cases, Weber says, “customers receive a letter supposedly
from a bank or retailer, saying, ‘We’ve had issues with
Internet fraud, and to make sure you’re not a victim, please
complete this form.’ The letter looks legitimate, but actually
it’s from a hacker. You’d be amazed at how many people
will fill it out and return it, only to have their identity stolen
as a result.”
Weber emphasizes businesses must take steps to prevent identity
theft because, “it can do a lot of damage to a company’s
reputation. But the companies that can effectively assure customers
their privacy will be protected will do okay.”
Pam Droog Jones is a freelance writer based in Jefferson City,
Mo. |
|
|
|
|
-
- - - - -
- - - - -
- - - - -
- -
-
- - - - -
- - - - -
- - - - -
- -
-
- - - - -
- - - - -
- - - - -
- -
-
- - - - -
- - - - -
- - - - -
- -
|
