Question: Identity theft is probably the fastest-growing crime in the United States. The Federal Trade Commission received 686,683 complaints of consumer fraud in 2005. Of these, 255,000 (about 37 percent) were for identity fraud. It is estimated that identity theft occurs every seventy-nine seconds and that annual losses due to this crime will have exceeded $70 billion by 2008. Dollar loss is not the only cost. Victims of identity theft spend, on average, about six hundred hours resolving the situation after someone has fraudulently used their names to purchase goods or services, open accounts, or make unauthorized charges to their accounts. Moreover, businesses typically are unable to recoup the costs of these unauthorized purchases because they usually can hold only the thief responsible. Sources of Information That Might Be Used The rise in identity theft has been fueled by the vast amount of personal information stored in databases. Educational institutions, governments, and businesses all store vast quantities of information about their students, clients, and customers. As a number of recent incidents demonstrate, unless measures are taken to secure these databases, they are vulnerable to thieves.
For example, personal information was stolen from numerous universities (including Georgetown University, Ohio University, the University of Texas, and Vermont State College). Even more disturbing is the number of U.S. government databases that have been breached. For example, a laptop computer containing confidential information for about 26.5 million veterans was stolen from an employee at the Department of Veteran Affairs. The U.S. Navy reported that the records of seventy-five thousand student loan recipients, employees, and military personnel and their families were breached. Cities, counties, Internet sources (such as Hotels.com and Neinet), insurance companies (such as Aetna), manufacturing firms (such as Honeywell), nonprofit organizations, and even newspapers (such as the Boston Globe) have lost copious amounts of personal information in the last few years. In 2005, Bank of America reportedly lost tapes containing records of 1.2 million federal employees. Businesses sometimes do not publicly report incidents of theft, so the list is probably even longer. Although not all of the lost data will ultimately be used for identity theft, the potential is huge.
CHECKLIST FOR THE BUSINESS OWNER
1 Review what personal information is kept in your computer databases. Wherever possible, eliminate Social Security numbers and other personal information and code all account numbers to limit access to the account holder.
2 Review employee access to databases containing personal account information. Some employees should have no access, some limited access, some full access. Instruct your employees in how computers and personal information are to be used and not used.
3 Establish policies on what types of information may be stored on portable sources, such as laptop computers. Monitoring is important. Also maintain accurate records of where confidential data are kept and who has access to the data.
4 Consider using passwords and digital signatures to protect your computer system and data against unauthorized use.
5 Shred paper documents as much as possible- remember that theft can come from rummaging through your trash.
6 Be prepared for possible identity theft when your wallet, purse, credit card, checks, or mail is stolen- report the loss immediately to credit-card companies, banks, and credit bureaus. Do not keep passwords or personal identification numbers in your wallet.
7 Avoid giving any personal information over the telephone and always verify the identity of the caller.