Wednesday, April 18, 2007

Help prevent identity theft & credit fraud!

Identity theft is one of the fastest growing crimes of all times! But it is also one of the most preventable. Identity theft can ruin a person's credit rating, making it difficult to buy a home, automobile, rent an apartment, or otherwise obtain credit. Repairing the horrifying consequences of identity theft can take years. Similarly, credit fraud costs consumers, banks, and businesses billions each year. Moreover, if your company is negligent in its duty to protect customer and employee personal records you can be sure you will make the 6:00 news.

If you are a business owner, you have an ethical responsibility to help prevent theft of customer and employee personal identifying information. This information can include social security numbers, credit card numbers, driver license numbers, signatures, or any other information that could be of use to a fraud artist. Consider these real cases, and how simply they could have been prevented:

Case 1: The Negligent Retailer
A retailer interested in saving money instructed all of its stores to purge old transaction records by discarding old records in the dumpster behind each of the stores. This lead to several instances of "dumpster diving" in major metro areas where a single credit card number can be sold for between $8.00 - $11.00. In some cases the discarded material included signed credit card applications. Credit card numbers were pulled out of the dumpster by local indigents, who passed them on or sold them to accomplices. The accomplices then entered various stores in the neighborhood to make purchases, or, placed phone orders to local merchants for large amounts of merchandise.

In this case both the company and its customers suffered. Merchandise purchased fraudulently was charged back to the retailers by the various credit card companies. Additionally, the company's reputation suffered and many customers were lost when the story hit the local news. This could have been avoided had the company subscribed to a proper document disposal program!

Case 2: The Charitable Boss
The Home Office was diligent about having sensitive documents destroyed. To make it easy, each home office department was provided a "recycle" bin in which to place the material intended for shredding. This material was collected regularly by mail room personnel and taken to the basement where it was stored for disposal. The material included all types of sensitive material including employment applications, credit card numbers, and more. Monthly, the company subscribed to a document destruction service that would pick up and destroy the material on the company's premises.

When the mailroom supervisor, who was also pastor at a local church, mentioned that his church made money on the paper they recycled, his boss had an idea. Why not let the good pastor hall off the documents for the church where the proceeds could do some good for charity. Additionally, the boss could save some money on his budget by eliminating the document disposal fees. "A no-brainer and a done deal" said the boss! Unfortunately, multiple home office employees and others became identity theft and credit fraud victims as the result of this well intentioned, charitable decision.

Case 3: Whom do you trust?
Needing to know more about their customers, a retailer enlisted the services of a marketing agency to conduct a demographic profile. The agency requested that the retailer send as much information about their customers as possible, including purchase transaction history. Shortly thereafter, company investigators began to receive numerous calls from bank security officials who presented a perplexing problem. The banks had numerous credit card customers alleging fraud. Each customer had made arecent and legitimate purchase at one of the company's locations.

Upon investigation, it was discovered that the company had provided the marketing agency with tapes containing point of sale transaction information to include customer credit card numbers. The agency periodically used unscreened temporary employees to assist with certain projects. These employees took the opportunity to forward these credit card numbers to accomplices who paid the temporary employees $11.00 for each credit card number.

Conclusion
Your responsibility to safeguard employee and customer personal identifying information is important. The FACT Act Disposal Rule, which applies to virtually every business and private employer in the U.S., requires businesses to come into compliance by June 1, 2005 by both adopting and implementing their own document destruction policies or by contracting with a document shredding company or other data destruction company to do so. Penalties for violating the rule include actual damages, statutory damages up to $1,000 punitive damages per violation (with no cap on class action damages), attorneys' fees, and civil penalties up to $2,500. What is even more difficule to measure is the impact on your company's reputation and good name! For more information about the rule and business compliance requirements, visit the FTC web site at http://www.ftc.gov

Consider providing departments that handle particularly sensitive information (H.R.,Security, Accounting, Etc.) their own shredder. Cross cut machines that mince documents are more secure than conventional shredders and are no more expensive. Document disposal services that destroy material at your location are a good option and are more secure than services that pick up material and take it elsewhere for disposal.

Last, we recommend that a review of document disposal procedures be added to any existing internal audit program, and reviewed periodically. We still hear in the news about good credible companies stubbing their toes on this issue. Your employees, customers, and your company's reputation are at risk!