Lost or stolen credit cards still account for a large percentage of identity thefts as do scams such as credit-card skimmers used at restaurants and ATMs, says Chris Thoms, chief risk officer at MasterCard International, according to MarketWatch.com. These thefts can result from the consumer’s behavior. But well-publicized breaches of giant data systems like ChoicePoint, Bank of America and CardSystems Solutions could potentially affect 56.3 million people, MarketWatch reports.
While businesses are becoming more aware of security issues, they are just beginning to address the challenge of protecting data, Tom Arnold, a partner at PSC, a consulting firm that secures merchants’ payment systems told MarketWatch. Many businesses “don’t have giant firewalls. They have a lot of data and they don’t even know if they have been breached,” said Mike Sattler, president of Identity Data Corp. an identity-fraud detection company in Austin Texas, according to MarketWatch. Company data can also be vulnerable to breaches from employees.
California was the first state to require companies to notify consumers of data losses, and 20 more states have enacted some form of notification law, MarketWatch says. More bills are pending in Congress which let companies decide when notification is necessary.
Financial institutions in particular, need to do more to beat the problem of identity theft, Bruce Schneier said, writing in Wired, according to ZDNet.UK. “Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names,” he writes. “They can put security countermeasures in place to prevent fraud, detect it quickly and allow victims to clear themselves.”
The cost of securing systems can be steep for many companies, says Mike Sattler. It cost him almost $100,000 for a high level audit to verify his own systems, he told MarketWatch. But all of the solutions are not hi-tech, says Alan Brill, senior managing director of Kroll Ontrack, a subsidiary of Kroll, Inc. the global risk-consulting firm. Brill suggests that after considering the specific risks a company faces, management might divert some money from protecting against hackers to encrypting backup tapes or doing more detailed employee background checks.
Banks and credit card companies now provide identity-theft protection services to individuals for an average of $12 a month, according to a report in Dow Jones Newswires. Some insurance companies provide it for free, and American Express Co. is pitching free as well as paid services.
Consumers should always protect sensitive personal information including Social Security numbers, and bank account numbers, a Dow Jones Newswires report says. They should read their bank and credit card statements, and request the free credit reports that are now available from three reporting companies. They should enroll in state security-freeze programs, if they exist. Consumers should call or write for the credit reports Dow Jones says, rather than use the internet, to avoid impostor Web domains. Consumers should stagger their requests to the credit report companies so they can receive them every four months,
After deciding that they have become victims of a breach, consumers should proceed with caution, the Identity Theft Resource Center says. Close credit card or bank accounts that have been affected. If Social Security numbers are compromised, a fraud alert should be placed on credit reports. Specific guidance is available on their website at www.idtheftcenter.org.