Fighting Identity Theft With The Red Flags Rule

1

An estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.

The Red Flags Rule1 requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. This article has tips for organizations under FTC jurisdiction to determine whether they need to design an identity theft prevention program.

An Overview

The Red Flags Rule tells you how to develop, implement, and administer an identity theft prevention program. A program must include four basic elements that create a framework to deal with the threat of identity theft.2

  1. A program must include reasonable policies and procedures to identify the red flags of identity theft that may occur in your day-to-day operations. Red Flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft.3 For example, if a customer has to provide some form of identification to open an account with your company, an ID that doesn’t look genuine is a “red flag” for your business.
  2. A program must be designed to detect the red flags you’ve identified. If you have identified fake IDs as a red flag, for example, you must have procedures to detect possible fake, forged, or altered identification.
  3. A program must spell out appropriate actions you’ll take take when you detect red flags.
  4. A program must detail how you’ll keep it current to reflect new threats.

Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule has requirements on how to incorporate your program into the daily operations of your business. Fortunately, the Rule also gives you the flexibility to design a program appropriate for your company — its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive program to address a high risk of identity theft, a streamlined program may be appropriate for businesses facing a low risk.

Securing the data you collect and maintain about customers is important in reducing identity theft. The Red Flags Rule seeks to prevent identity theft, too, by ensuring that your business or organization is on the lookout for the signs that a crook is using someone else’s information, typically to get products or services from you without paying for them.

That’s why it’s important to use a one-two punch in the battle against identity theft: implement data security practices that make it harder for crooks to get access to the personal information they use to open or access accounts, and pay attention to the red flags that suggest that fraud may be afoot.

Who Must Comply with the Red Flags Rule: A Two-Part Analysis

The Red Flags Rule requires “financial institutions” and some “creditors” to conduct a periodic risk assessment to determine if they have “covered accounts.” The determination isn’t based on the industry or sector, but rather on whether a business’ activities fall within the relevant definitions. A business must implement a written program only if it has covered accounts.

Financial Institution

The Red Flags Rule defines a “financial institution” as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or a person that, directly or indirectly, holds a transaction account belonging to a consumer.4 While many financial institutions are under the jurisdiction of the federal bank regulatory agencies or other federal agencies, state-chartered credit unions are one category of financial institution under the FTC’s jurisdiction.

Creditor

The Red Flags Rule defines “creditor” based on conduct.5

To determine if your business is a creditor under the Red Flags Rule, ask these questions:

Does my business or organization regularly:

  • defer payment for goods and services or bill customers?
  • grant or arrange credit?
  • participate in the decision to extend, renew, or set the terms of credit?

If you answer:

  • No to all, the Rule does not apply.
  • Yes to one or more, ask:

Does my business or organization regularly and in the ordinary course of business:

  • get or use consumer reports in connection with a credit transaction?
  • give information to credit reporting companies in connection with a credit transaction?
  • advance funds to — or for — someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them)?

If you answer:

  • No to all, the Rule does not apply.
  • Yes to one or more, you are a creditor covered by the Rule.

Covered Accounts

If you conclude that your business or organization is a financial institution or a creditor covered by the Rule, you must determine if you have any “covered accounts,” as the Red Flags Rule defines that term. You’ll need to look at existing accounts and new ones6.  Two categories of accounts are covered:

  1. A consumer account for your customers for personal, family, or household purposes that involves or allows multiple payments or transactions.7 Examples are credit card accounts, mortgage loans, automobile loans, checking accounts, and savings accounts.
  2.  “Any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”8 Examples include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft. Unlike consumer accounts designed to allow multiple payments or transactions — always considered “covered accounts” under the Rule — other types of accounts are “covered” only if the risk of identity theft is reasonably foreseeable.

In determining if accounts are covered under the second category, consider how they’re opened and accessed. For example, there may be a reasonably foreseeable risk of identity theft in connection with business accounts that can be accessed remotely — say, through the Internet or the telephone. Your risk analysis must consider any actual incidents of identity theft involving accounts like these.

If you don’t have any covered accounts, you don’t need a written program. But business models and services change. You may acquire covered accounts through changes to your business structure, process, or organization. That’s why it’s good policy and practice to conduct a periodic risk assessment.

FAQs

  1. I review credit reports to screen job applicants. Does the Rule apply to my business on this basis alone? No, the Rule does not apply because the use is not “in connection with a credit transaction.”
  2. What if I occasionally get credit reports in connection with credit transactions?According to the Rule, these activities must be done “regularly and in the ordinary course of business.” Isolated conduct does not trigger application of the Rule, but if your business regularly furnishes delinquent account information to a consumer reporting company but no other credit information, that satisfies the “regularly and in the ordinary course of business” prerequisite.What is deemed “regularly and in the ordinary course of business” is specific to individual companies. If you get consumer reports or furnish information to a consumer reporting company regularly and in the ordinary course of your particular business, the Rule applies, even if for others in your industry it isn’t a regular practice or part of the ordinary course of business.
  3. I am a professional who bills my clients for services at the end of the month. Am I a creditor just because I allow clients to pay later?No. Deferring payment for goods or services, payment of debt, or the purchase of property or services alone doesn’t constitute “advancing funds” under the Rule.
  4. In my business, I lend money to customers for their purchases. The loans are backed by title to their car. Is this considered “advancing funds”?Yes. Anyone who lends money — like a payday lender or automobile title lender — is covered by the Rule. Their lending activities may make their business attractive targets for identity theft. But deferring the payment of debt or the purchase of property or services alone doesn’t constitute “advancing funds.”
  5. I offer instant credit to my customers and contract with another company to pull credit reports to determine their creditworthiness. No one in our organization ever sees the credit reports. Is my business covered by the Rule?Yes. Your business is — regularly and in the ordinary course of business — using credit reports in connection with a credit transaction. The Rule applies whether your business uses the reports directly or whether a third-party evaluates them for you.
  6. I operate a finance company that helps people buy furniture. Does the Rule apply to my business?Yes. Your company’s financing agreements are considered to be “advancing funds on behalf of a person.”
  7. In my legal practice, I often make copies and pay filing, court, or expert fees for my clients. Am I “advancing funds”?No. This is not the same as a commercial lender making a loan; “advancing funds” does not include paying in advance for fees, materials, or services that are incidental to providing another service that someone requested.
  8. Our company is a “creditor” under the Rule and we have credit and non-credit accounts. Do we have to determine if both types of accounts are “covered accounts”? Yes. You must examine all your accounts to determine which are “covered accounts” that must be included in your written identity theft prevention program.
  9. My business accepts credit cards for payments. Are we covered by the Red Flags Rule on this basis alone?No. Just accepting credit cards as a form of payment does not make you a “creditor” under the Red Flags Rule.
  10. My business isn’t subject to much of a risk that a crook is going to misuse someone’s identity to steal from me, but it does have covered accounts. How should I structure my program?If identity theft isn’t a big risk in your business, complying with the Rule is simple and straightforward. For example, if the risk of identity theft is low, your program might focus on how to respond if you are notified — say, by a customer or a law enforcement officer — that someone’s identity was misused at your business. The Guidelines to the Rule have examples of possible responses. But even a business at low risk needs a written program that is approved either by its board of directors or an appropriate senior employee.

How To Comply: A Four-Step Process

Many companies already have plans and policies to combat identity theft and related fraud. If that’s the case for your business, you’re already on your way to full compliance.

1. Identify Relevant Red Flags

What are “red flags”? They’re the potential patterns, practices, or specific activities indicating the possibility of identity theft.9 Consider:

Risk Factors. Different types of accounts pose different kinds of risk. For example, red flags for deposit accounts may differ from red flags for credit accounts, and those for consumer accounts may differ from those for business accounts. When you are identifying key red flags, think about the types of accounts you offer or maintain; the ways you open covered accounts; how you provide access to those accounts; and what you know about identity theft in your business.

Sources of Red Flags. Consider other sources of information, including the experience of other members of your industry. Technology and criminal techniques change constantly, so it’s important to keep up-to-date on new threats.

Categories of Common Red Flags. Supplement A to the Red Flags Rule lists specific categories of warning signs to consider including in your program. The examples here are one way to think about relevant red flags in the context of your own business.

  • Alerts, Notifications, and Warnings from a Credit Reporting Company. Changes in a credit report or a consumer’s credit activity might signal identity theft:
    • a fraud or active duty alert on a credit report
    • a notice of credit freeze in response to a request for a credit report
    • a notice of address discrepancy provided by a credit reporting company
    • a credit report indicating a pattern inconsistent with the person’s history B for example, an increase in the volume of inquiries or the use of credit, especially on new accounts; an unusual number of recently established credit relationships; or an account that was closed because of an abuse of account privileges
  • Suspicious Documents. Documents can offer hints of identity theft:
    • identification looks altered or forged
    • the person presenting the identification doesn’t look like the photo or match the physical description
    • information on the identification differs from what the person with identification is telling you or doesn’t match a signature card or recent check
    • an application looks like it’s been altered, forged, or torn up and reassembled
  • Personal Identifying Information. Personal identifying information can indicate identity theft:
    • inconsistencies with what you know — for example, an address that doesn’t match the credit report or the use of a Social Security number that’s listed on the Social Security Administration Death Master File
    • inconsistencies in the information a customer has submitted to you
    • an address, phone number, or other personal information already used on an account you know to be fraudulent
    • a bogus address, an address for a mail drop or prison, a phone number that’s invalid, or one that’s associated with a pager or answering service
    • a Social Security number used by someone else opening an account
    • an address or telephone number used by several people opening accounts
    • a person who omits required information on an application and doesn’t respond to notices that the application is incomplete
    • a person who can’t provide authenticating information beyond what’s generally available from a wallet or credit report — for example, someone who can’t answer a challenge question
  • Account Activity. How the account is being used can be a tip-off to identity theft:
    • shortly after you’re notified of a change of address, you’re asked for new or additional credit cards, or to add users to the account
    • a new account used in ways associated with fraud — for example, the customer doesn’t make the first payment, or makes only an initial payment; or most of the available credit is used for cash advances or for jewelry, electronics, or other merchandise easily convertible to cash
    • an account used outside of established patterns — for example, nonpayment when there’s no history of missed payments, a big increase in the use of available credit, or a major change in buying or spending patterns or electronic fund transfers
    • an account that is inactive is used again
    • mail sent to the customer that is returned repeatedly as undeliverable although transactions continue to be conducted on the account
    • information that the customer isn’t receiving an account statement by mail or email
    • information about unauthorized charges on the account
  • Notice from Other Sources. A customer, a victim of identity theft, a law enforcement authority, or someone else may be trying to tell you that an account has been opened or used fraudulently.

2. Detect Red Flags

Sometimes, using identity verification and authentication methods can help you detect red flags. Consider whether your procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.

  • New accounts. When verifying the identity of the person who is opening a new account, reasonable procedures may include getting a name, address, and identification number and, for in-person verification, checking a current government-issued identification card, like a driver’s license or passport.
  • Depending on the circumstances, you may want to compare that to information you can find out from other sources, like a credit reporting company or data broker, or the Social Security Number Death Master File.10 Asking questions based on information from other sources can be a helpful way to verify someone’s identity.
  • Existing accounts. To detect red flags for existing accounts, your program may include reasonable procedures to confirm the identity of the person you’re dealing with, to monitor transactions, and to verify the validity of change-of-address requests. For online authentication, consider the Federal Financial Institutions Examination Council’s guidance on authentication as a starting point.11
  • It explores the application of multi-factor authentication techniques in high-risk environments, including using passwords, PINs, smart cards, tokens, and biometric identification. Certain types of personal information — like a Social Security number, date of birth, mother’s maiden name, or mailing address — are not reliable authenticators because they’re so easily accessible.

You may be using programs to monitor transactions, identify behavior that indicates the possibility of fraud and identity theft, or validate changes of address. If so, incorporate these tools into your program.

3. Prevent And Mitigate Identity Theft

When you spot a red flag, be prepared to respond appropriately. Your response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.

The Guidelines in the Red Flags Rule offer examples of some appropriate responses, including:

  • monitoring a covered account for evidence of identity theft
  • contacting the customer
  • changing passwords, security codes, or other ways to access a covered account
  • closing an existing account
  • reopening an account with a new account number
  • not opening a new account
  • not trying to collect on an account or not selling an account to a debt collector
  • notifying law enforcement
  • determining that no response is warranted under the particular circumstances

The facts of a particular case may warrant using one of these options, several of them, or another response altogether. Consider whether any aggravating factors raise the risk of identity theft. For example, a recent breach that resulted in unauthorized access to a customer’s account records would call for a stepped-up response because the risk of identity theft rises, too.

4. Update The Program

The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in your own experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts you offer; and changes in your business, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.

Administering Your Program

Your Board of Directors — or an appropriate committee of the Board — must approve your initial plan.  If you don’t have a board, someone in senior management must approve it.  The Board may oversee, develop, implement, and administer the program — or it may designate a senior employee to do the job. Responsibilities include assigning specific responsibility for the program’s implementation, reviewing staff reports about compliance with the Rule, and approving important changes to your program.

The Rule requires that you train relevant staff only as “necessary.” Staff who have taken fraud prevention training may not need to be re-trained. Remember that employees at many levels of your organization can play a key role in identity theft deterrence and detection.

In administering your program, monitor the activities of your service providers. If they’re conducting activities covered by the Rule — for example, opening or managing accounts, billing customers, providing customer service, or collecting debts — they must apply the same standards you would if you were performing the tasks yourself. One way to make sure your service providers are taking reasonable steps is to add a provision to your contracts that they have procedures in place to detect red flags and either report them to you or respond appropriately to prevent or mitigate the crime. Other ways to monitor your service providers include giving them a copy of your program, reviewing the red flag policies, or requiring periodic reports about red flags they have detected and their response.

It’s likely that service providers offer the same services to a number of client companies. As a result, the Guidelines are flexible about service providers using their own programs as long as they meet the requirements of the Rule.

The person responsible for your program should report at least annually to your Board of Directors or a designated senior manager. The report should evaluate how effective your program has been in addressing the risk of identity theft; how you’re monitoring the practices of your service providers; significant incidents of identity theft and your response; and recommendations for major changes to the program.12

Source: Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business | Federal Trade Commission

.

More contents:

Combating Unemployment Fraud With Biometrics And Common Sense

Some 837,000 Americans filed initial claims for unemployment insurance last week, according to the U.S. Department of Labor. While this reflects a slight decrease from the previous week, initial jobless claims are still stuck above the highest levels reached in the 2008-2009 Great Recession, according to The Associated Press. This number doesn’t paint a completely accurate picture because California, which accounts for more than a quarter of the country’s aid applications, provided the same figure it did the previous week.

Why? Because the State of California Employment Development Department has stopped accepting new jobless claims during a two-week reset period so it can tackle a backlog of 600,000 claims and implement some much-needed anti-fraud technology.

While the U.S. labor market continues to grapple with the effects of COVID-19, government agencies providing unemployment benefits are also grappling with a spike of fraudulent claims related to the pandemic by people using stolen identities.

Using stolen data to steal benefits

Earlier this year the FBI reported that U.S. citizens from several states have been victimized by criminal actors using stolen personally identifiable information (PII) to submit fraudulent unemployment insurance claims online. The ability to obtain PII is nothing new — fraudsters were doing this well before the onset of the pandemic.

Between data breaches, the dark web, phishing attacks, social engineering and impersonation scams, it’s easy for cybercriminals to get their hands on names, Social Security numbers, phone numbers and home addresses. They then have enough information to pose as their victim and file a fraudulent claim online with the ultimate goal of gaining control of communications and payments.

Victims of unemployment insurance theft often don’t know they’ve been targeted until much later, when they try to file their own claim for unemployment insurance or receive a notification from the state unemployment insurance agency. In some cases, this correspondence comes in the form of a physical letter containing the full Social Security number or other valuable PII of the person being defrauded. If the fraudster has already changed the mailing address tied to the claim, the government is unintentionally putting the victim at higher risk for continued identity theft.

Fighting fraud with digital identity verification

It’s clear that the current process of allowing people to file unemployment claims using readily available information isn’t working because there is no way to determine whether someone filing the claim is who they say they are. Data-centric approaches alone do not meet Gartner’s definition of identity proofing because there is no test that the individual claiming the identity is, in fact, the authentic possessor of that identity. The identity assurance achieved with this capability used in isolation is relatively low, relying only on “something you-but-not-only-you know.”

Implementing a biometric-based identity verification process is key to thwarting unemployment fraud amid the pandemic and beyond. Government agencies responsible for each state’s unemployment benefits program need to consider high-assurance solutions with the following four requirements: 

  1. Government-issued ID: Asking for a photo of a driver’s license or passport when someone files a new claim establishes the individual’s real-world identity, and AI-powered software can quickly determine if the ID document is real.
  2. Real-time selfie: Determine if the person possessing the ID is who they claim to be. Requiring a selfie also acts as a strong deterrent to fraudsters who generally do not want to show their face while committing a crime.
  3. Liveness detection: Ensure the individual is physically present and not a spoof by incorporating liveness checks which can sniff out if someone is using a video or a picture of a picture instead of a valid selfie. 
  4. Ongoing biometric authentication: Require the user to capture a new selfie which creates a fresh biometric that is instantly compared to the original selfie to confirm the account owner is the actual person logging into the account.

By implementing advanced digital identity verification, government agencies can adapt to the modern fraud landscape and prevent cybercriminals from stealing unemployment benefits from the citizens who truly need them, while making it easier and more secure for legitimate users to submit claims and access their accounts.

Robert Prigge

Robert Prigge

Robert is responsible for all aspects of Jumio’s business and strategy. Specializing in security and enterprise business, he held C-level or senior management positions at Infrascale, Secure Computing, McAfee, Quest Software, Sterling Commerce and IBM.

.

How to Tackle Identity Theft as a Remote Worker

There are more and more remote workers in the modern age. Companies are realizing how effective it can be to have their staff based at home and opening up the possibilities of employing people without having to worry too much about where they are based. 

One issue that a lot of people ignore, but one that is still utterly vital, is identity theft. A number of people simply don’t realize how much of a threat this can be to their life and the problems it can cause. As a remote worker, you might have to consider both your own personal information and that of the company you work for.

In this guide, we’re providing some of the information you need to ensure you are preventing and tackling ID theft. We also show you what steps you can take if you are unfortunate enough to fall foul of online fraudsters.

What is Online Identity Theft?

Identity theft is nothing new. People have been stealing identification via Social Security numbers and other details for a long time, usually by stealing wallets, but historically some people would go through mail to find details for identity theft.

In the modern age of the internet, it is easier for people to find personally identifiable information. This is sometimes abbreviated to “PII”. This allows people to commit fraud and pretend to be you. They can sometimes steal money directly in this way, but they can also do things to impact upon your reputation or, in the case of employees they might be able to gain access to company servers or more.

Remote workers need to think about the impact of their identity being stolen, access to their online accounts, and more, but if you don’t take the right precautions you can even be responsible for issues regarding your work details. 

Identity theft used to require physical documents to commit this kind of fraud, but now, things have changed. Details can be stolen in a number of ways and networks and websites can be hacked to allow fraudsters to find PII.

How Serious is Identity Theft?

It’s easy to think that identity theft isn’t too much of a big deal or assume that nobody could impersonate you so there’s nothing to worry about. Actually, once they have your details people can take advantage in a lot of different ways. 

Identity theft crime statistics are scary. 16.7 million people in America suffered some form of identity theft in the year 2017. That figure is continuing to grow. Billions of dollars are stolen every year using identity theft methods. 

If you find yourself the victim of identity theft it might be impossible to recover all of the assets you have lost or the damage to your reputation or the company you work for. This means that identity theft is a huge issue that can impact years of your life.

Also, people can commit crimes and run up debts in your name. This can leave you facing a legal battle in the future, too. Make no mistake about it, identity theft is incredibly rife and can make an impact for a number of years in the future.

This is not something you will necessarily have out of the way in a matter of weeks. Even if you contact the authorities and explain that you have been the victim of identity theft, the onus might be on you to prove this. 

Cybercrime is on the rise. 3.2 million identity theft, cybercrime, and other forms of fraud were reported in 2019. As you can see from this article, almost half of the time when people stole someone’s identity, they applied for a credit card. This debt doesn’t automatically get written off. You will need to prove that you were a victim of fraud and take action if this happens to you. Until then the debts could be in your name.

computer hacked with a lot of money stolen

How Does Identity Theft Happen?

It is easy to assume that you have done the right things and won’t be a victim. Just changing your password from time to time isn’t necessarily enough. There are lots of ways in which people can steal your ID details online.

  • Phishing is still popular, even though most people know to be very careful with emails. Phishing can be a big issue for remote workers who might get targeted when people want to gain access to company information. Never go to your bank’s site via a link, as it could be fake. The government has provided advice on avoiding phishing scams here.
  • Pharming is another sophisticated way for cybercriminals to steal your personal information. This is when a criminal might have got a virus into your browser allowing them to redirect you to a fake site, but one that actually looks trustworthy. This is where you’ll be asked to input details.
  • Weak passwords or using the same password for everything is always a risk. If you can, opt to use multi-factor authentication, where you use your smart device as well as your password to prove you are who you say you are.
  • Malware and other viruses or software that can attack your PC. This will potentially allow a hacker or fraudster to gain control and to see your details. You will probably want to keep your operating system updated and you will definitely want to get some sort of virus protection. Working for a company means that if you have a work computer, you should already have this in place.
  • Fraudulent or unsecured sites. Websites that don’t provide you with proof of who they are can hurt you. Look for the padlock sign in your browser which shows that a site has a security certificate. 
  • Old devices you have got rid of can also be used against you in this regard. Some criminals can find your old data just by going through a discarded laptop, for example.
  • “Over The Shoulder” techniques. Someone can watch your input data. It’s as simple as that. If you are in a co-working space, for instance, you might be targeted by someone looking to steal your data.

You need to have your guard up. Identity theft is becoming more sophisticated and people will always look for new ways to get your personal information. For a criminal, it can be very lucrative.

What Happens When Your Identity is Stolen?

Identity theft can lead to your data being sold. People sell it on the dark web, and this means that people all over the world could be using your data to borrow money, make applications, and even commit other crimes.

Generally, most of the consequences that happen after your identity is stolen have some sort of financial gain for the criminal. As a remote worker, it could be that someone is looking to steal your data to gain access to the company you work for. Organizations need to be especially careful. As an employee, this doesn’t fall solely on you, but it is important that you consider the best practices for keeping data safe.

How to Prevent Identity Theft

If you’ve found this article in advance of having to deal with the consequences of identity theft then there is still a lot you can do to hopefully ensure you never have to deal with it happening to you.

If you are working for a large company or your data is particularly sensitive, it makes sense to outsource all of your online security. There are organizations that know exactly how to keep your ID safe and secure and can help both individuals and organizations, even large organizations might find that they are lacking in precautions.

The best thing to do for peace of mind is to work with the professionals and make sure that identity theft doesn’t become a big hassle for you in the future.

Now, this might be a different story for business owners who work remotely. Many remote business owners get targeted for online identity theft. This can prove deadly for the business; many businesses fail right after they get their online security breaches.

It is essential for every company on the internet to implement security measures for it to succeed. This could be achieved either by outsourcing your identity security or, you can do it yourself. Even though it is advised to leave it to the professionals, you can still tackle this problem and be safe on the internet:The most important thing you should do is doing your research thoroughly regarding this issue. It is essential because it not only involves buying software or implementing new technology. It also requires education and hours of reading and watching videos. Hence, it is more complicated than you think. You may find more information here.Cybersecurity presentaton by techie

Source – DepostiPhotos.com

There are some basic things you can do:

Change passwords regularly and generate them rather than just use your cat’s name! People will find a way to get through basic and simple passwords so they should use a lot of different characters. 

Never automatically trust a link that is sent to you. Check if the website is secure and don’t put any details in on a site that you have even one doubt about. Things like online banking are prime examples. Always visit their sites through your browser rather than just clicking on a link in an email. This is prime for someone to take advantage of phishing.

Have a high-quality anti-virus on your computer. If you are running a big company then you should definitely ensure you have access to this for all of your staff.

Don’t mix work and personal life. A working computer should be for work and your personal devices should be for your own accounts on things. If you log into work emails on a laptop that is yours, and you don’t take the right precautions, you could be accountable if anything happens.

How to Tackle Identity Theft When it Happens

If the worst does happen and you find yourself a victim of identity theft, don’t panic. There are steps you can take to try and minimize the damage. 

If you want to, you can contact the specialists. Again, there are specific companies who can deal with identity theft and help you to ensure that you deal with everything in the correct manner, rather than making mistakes along the way.

You should look to get a fraud alert put on your credit report, this can limit the damage of any credit taken out fraudulently in your name.

Report to the FTC. This is one of the first steps you can take. There is a simple form that you can fill in on an FTC site, IdentityTheft.gov or you can call to speak to a member of staff. Try to gain as much evidence as you can when you are talking to them, ready to show exactly what is happening to your accounts.

Go to your local police. Different police forces deal with the issues in different ways and the location where the offense happened might play a part, but authorities should be alerted straight away.

Freeze credit cards and bank accounts. Stop anything negative from happening while you wait to establish what steps you are going to take. Freezing lines of credit can allow you to ensure that you do not run up further debts without spending anything! Your credit card might be being used on the other side of the world.

Change all of your passwords. One breach is enough to ensure that you should get new passwords for every account you have including social media.

Alert your work if using a work laptop or if the ID theft is in any way linked. If you fear that these details could lead to issues for your workplace then there is no way you should keep it from them. 

If you need to, you can still contact specialists in identity theft who can walk you through all of the steps required to try to get your life back on track.

Security image with cursor-Cybersecurity

Conclusion

There is no denying that identity theft can have a huge negative impact on your life, and even on those close to you. If it isn’t properly dealt with then it could keep having an effect decades into the future.

If you haven’t suffered from ID theft yet then you can take steps to ensure your security. If you are working with a company and are worried about their data then this is another reason to take security seriously. Just a few simple precautions can make all the difference, and you need to know what techniques and tactics current fraudsters are using to try and steal your information.

By: David Lukić

%d bloggers like this: