Go to content Go to navigation Go to search

05/05/08 02:47 PM

Identity Theft - A Business's View

Posted in by Tim Donaworth

Identity theft can originate from a couple sources, you the individual, either by stealing your credit card information, phishing information via a fake online retailer, or through junk mail, or through the businesses that handle your information either from online transactions, or the credit card companies themselves via data breaches, lost or stolen laptops with accounts, etc.

This is costing businesses and tax payers billions of dollars each year.

Businesses in general, are being hit hard because of these issues. Especially with the recently enacted federal identity protection laws, back in January. Any business that handles customer records — social security numbers, billing addresses or credit card and bank account information — has until Nov. 1 to implement an identity theft prevention program. This mostly only applies to breaches that originate from within the work place.

I would hope that most major banks and credit card companies are already well into meeting the demands of the new law though. I think the main burden at this point is from repercussions of an incident originating from the individual. Banks and credit card companies have to pay back the individuals when something does happen, then try and track down the thief, mind you most of this is outsourced, but it’s not cheap.

Attacks on individuals seem to happen so commonly one would almost think that the individual doesn’t even care. They figure if something does happen, all they need to do is call and dispute the charges, wait a few weeks, and everything is peachy again. Meanwhile it’s costing the credit card company thousands per incident.

So what is a business to do. On top of having to deal with federal mandates and laws, ramp up internal security, train employees, they also have to figure out how to do the duties of their clients. Some companies have started adding technology to the mix, in the form of RFID chips in the credit card, this is a start, sadly it’s already being breached, and even opening up other holes. Also stepping up the way they monitor spending of the users is becoming a major part of the credit card business, as large unusual purchases are being flagged, and usually resulting in contacting the customer directly, though some users find this to be an annoyance, it’s pretty much a MUST DO these days. I think the process for creating a new account should also be stepped up, a large majority if theft is done on accounts that people don’t even know they have, as a result of junk mail applications being stolen. Simply spamming out credit card applications to anyone probably isn’t the safest concept for the users either, as it’s actually helping fuel the problem.

In the end, something needs to change, otherwise the burden on companies is only going to increase, but as a user, I’m sure I’ll see that burdon passed down to myself in some way or another.

1 Comments for Identity Theft - A Business's View

The burden is always passed on to the customer. If data protection standards compliance costs a bank a lot of money, then expect to see ATM fees and account penalties go up while account interest rates go down. It’s the same idea behind increasing business taxes; businesses doesn’t pay the tax, you do when you buy their products.

I think I’m okay with this, as trying to rely on the users to act securely is a pipe dream. Granted, a lot of people responsible for securing systems are unqualified, but I think I trust a business to get it right before I trust a user base. After all, like you said, the business has a much bigger incentive to do so.

Of course, if systems were built with security in mind during the design phase instead of an afterthought to the implementation, half of the problems we have wouldn’t be problems to begin with.


Walt    05/05/08 03:16 PM    #