Holidays are high season for identity theft for consumers and small businesses

  • Share:
October 22, 2018

From The Virginian-Pilot:

The holiday season can provide the greatest opportunity for sales growth but can also be a great opportunity for fraudsters to steal your consumers’ information or that of your business.

Identity theft is the fraudulent acquisition and use of a person's private identifying information, usually for financial gain. These stolen identities are frequently used for fraudulently obtaining loans, accounts, credit cards or other expensive purchases.

Businesses routinely gather Personal Identifying Information (PII) from credit transactions. Information such as SSN, credit card numbers, birth dates, etc. This data is frequently maintained in databases and transmitted over the internet. Stealing this information has become big business for fraudsters.


All it takes is for a business to have one data breach and it could spell certain doom and result in having to close its doors. A data breach will cost a business countless amounts to make the consumer(s) whole but that doesn’t do much for the tarnished reputation that will soon follow the breach.

In fact, small businesses are often targeted because they don’t have the resources or finances to pay for rigorous identity theft safeguards and protections. The average cost of a data breach has risen to over $200 per record!

A few common examples in which small businesses have breaches include:

Insider mistakes – 15 percent

Malicious insiders – 45 percent

Outside attacks – 40 percent

Insider mistakes result when a well-meaning employee misplaces a laptop that contains personal identifying information. Data can be intercepted via email. It can also be downloaded onto a thumb drive and removed from the company premises.

Malicious insiders include disgruntled former employees who may have saved personal identifying information about the client base and taken it with them. They may sell the data to hackers or turn around and use it themselves.

Outside attacks can include breaking into a company's computer network through a variety of means, from exploiting vulnerabilities to malware attacks to figuring out default passwords. The attacks have become so sophisticated that hackers can map out a business's system and locate and capture personal information.

Other examples of business identity theft include a variety of schemes involving the fraudulent use of company’s information, including:

Establishing temporary office space and/or merchant accounts in a company’s name.

Ordering merchandise or services with stolen credit card information or with bogus bank account details.

Scamming company employees or using phishing attacks to get to a company’s banking or credit information.

Going through a business’s trash and recycling bins for account numbers and other sensitive data.

• Filing bogus documents to change the business’s registered address or the names of directors, officers or managers of the company, which can later help thieves establish lines of credit with banks and retailers.


 

METHODS OF PREVENTION

When you encrypt your data, it’s important to have the “keys” to unencrypt it. It’s also important to be very careful who within your company has those keys. Encryption will not prevent the data from being obtained. The purpose of encryption is to render the data unintelligible.

A good analogy is a paper shredder. Encryption slices up the data and requires a great deal of time to “reassemble” it. In the time it would take to make the data usable, it will become useless. However, be sure to upgrade the encryption software from time to time as it continues to improve to stay ahead of fraudsters.

Ensure that all computers have anti-virus and anti-spyware protection.

Protect the company's network with a firewall.

Keep software and browsers up-to-date with security patches.


 

Train your employees to recognize tactics used by fraudsters for obtaining sensitive information. These fraudster interactions could be face-to-face, over the phone or even through email. The culprits could be looking for the sensitive information itself or even clues that would enable them to obtain the keys to access such information.

WHAT TO DO

If your business has been affected by identity theft, immediately report the incident to your attorney and law enforcement. Remember to keep all documents and communications as it pertains to the fraud.

If you are a consumer and have had your identity compromised, the first thing to do is notify the authorities. If you want to check your credit file for unauthorized activity, visit AnnualCreditReport.com or call 1-877-322-8228. This is the government site for obtaining a credit file. Victims of ID theft are eligible for a free credit file.

If fraud is found on your credit file, a dispute can be filed online.

As a business owner and consumer, remember to:

Familiarize yourself with ways fraudsters try to get personal information (ie phone, computers, emails, etc).

Instill precautions (encryption, firewalls, anti-virus, etc) in your business and home.

Update and upgrade protection programs when needed to stay ahead.

Educate and train staff and family members about identity theft and how to prevent it.

Monitor your credit report for fraudulent activity.

Act immediately if unknown activity is found. Do not wait!


 


 

Contact:
Phil Liso, Contact
(562) 322-7376