Antique locks provided by Adivasi in Brattleboro Vermont.
OK, I know you are tired of hearing about Identity Theft. I am too. It's just another modern affliction that we'd prefer to ignore. But, I own a business that accepts credit cards and figured there was more I could do to protect my clients. When the local Chamber of Commerce asked me to do a presentation, I jumped at the chance to learn more.
"This new research offers a very different but accurate and helpful perspective about identity theft fraud and it shows how we can stay on top of this problem," says Steven J. Cole, president and CEO of the Council of Better Business Bureaus. "Consumers can do a lot to make sure they cut down the risk associated with this fraudulent activity."
What is ID Theft?
But what can you do to protect yourself? Do you have a clear understanding of what information is valuable? Do you have an early warning system that would alert you when something is amiss? As a business owner, you are being negligent if you haven't educated yourself to the risks and protections available.
Let's start with a great little survey created by the Better Business Bureau. Go to www.idsafety.net and answer 20 questions about how you conduct your own life. You'll get the idea that it's really just a matter of keeping a tight reign on your mail and account information.
Why Does It Exist?
"In the two recent cases, thieves posed as legitimate customers to gain access to databases compiled by ChoicePoint and by its rival, LexisNexis. LexisNexis' corporate parent said personal information on as many as 32,000 consumers was compromised; in the ChoicePoint raid, as many as 145,000 people had their information stolen. At least 750 so far have become the victims of fraud." MSN Money - Blame lenders, not thieves, for identity theft
First, how many account numbers sit unprotected in your mailbox? If possible, switch to all online billing and account management. Experts also recommend using a P.O. Box or a locked mailbox. The same goes for trash. Don't let any sensitive information sit unprotected. Send nasty letters if necessary to get companies to change their ways.
Second, create an early warning fraud screen to detect unauthorized use as early as possible. Ideally you want to be able to check account balances in just 2-3 minutes. Keep in mind that you don't need to balance your checkbook...just catch big stuff right away. Banking software such as Microsoft Money or Quicken can download various account balances automatically and display everything on one screen.
Third, make a personal policy about giving out account numbers, passwords, anything that should be secret. You might want to stop using credit cards while dining out, start using one time credit card numbers, and start making online purchases with PayPal. You also want to think twice if someone asks you to login or provide sensitive information.
I received this email last week from someone "phishing" for eBay accounts. They could use this information to defraud someone else in my name. I had a hard time determining if the email was legitimate so I closed my email program and logged into eBay directly. Just as I suspected, there was no mention of the message. Big companies (perhaps yours too?) have policies about account information and email messages posted on their websites. If in doubt, contact the company directly.
Here's an interesting resource from the Better Business Bureau with statistics about Identity Theft victims. In one third of the cases it was due to mishandling by a business they trusted rather than something they did wrong. In the second third, it was due to a lost or stolen wallet or credit card. The last third was split between friends and acquaintances, stolen paper mail (or fraudulent change of address), and online transactions or spy ware.
What if You Become a Victim?
Another Phine Kettle of Phish: Identity Theft Prevention
As a Business
Remember, thieves like to prey on uncertainty about accounts and responsibilities between employees. Rarely is there an emergency that needs a signature right away. Simply put a few trusted individuals in charge of finances and financial passwords (or keep it all to yourself). And consider putting credit card scanning equipment in customers' view. (It's a good idea to hire employees that you trust but limit the consequences if you are wrong.)
You should also use a strong locking mailbox (or post office box) and caller ID on your phones. Finally, equip employees to avoid ID Theft themselves. It may payoff in more ways as victims often miss 30-40 hours of work in clearing their name.
Hire a professional to help lock down your computer systems (yes, they should all require a password). Protecting access to files and databases with passwords and encryption is a good step. Though you should erase or destroy all information before it leaves "protected" locations in your business. Remember that lost "pen drives", outdated computer drives, stolen laptops, and discarded backup tapes are all potential risks.
Accepting Credit Cards
If you accept credit cards remotely (online or by phone) make use of built in security features. While CVV and CVV2 numbers claim to be secure, they are simply an additional number that a thief would be smart to provide. (It's still something you should require.) A more valuable technique is to require Address Verification and only ship to the billing address (even during the holidays). This at least prevents someone from using a stolen card to ship products to another address.
You also want to protect yourself from "charge backs" (where the credit card company takes the money back). Clearly state a return policy, personally verify bulk orders, include a disclaimer that explains customer fees and who pays them, require shipping address even if you don't require one, and only use shipping companies that provide tracking numbers so you have records of where and when packages are delivered.
Good LuckHopefully none of this information will be useful and the government enacts laws that make Identity Theft a thing of the past. Otherwise, I hope it helps at least someone hold onto what is rightfully their own.
John Waiveris writes about websites and small business marketing for Invisible Gold, LLC. For more information call 860-285-0172 or visit www.invisiblegold.com. "Your Website should be Easy to edit."