The risks to a business posed by ID fraud are significant:
1. Customer data or employee personal data can be used for nefarious purposes, such as cloning, or obtaining new, credits cards and bank accounts.
2. Your reputation can be tarnished as an incompetent custodian of personal information.
3. You can be sued, or worse, prosecuted in certain circumstances.
4. You company’s details, or those of your clients, can be used by criminals to set up credit with suppliers.
And all this can begin with the loss of a USB datastick, one of many growing information security problems that the security/IT departments of many businesses are failing to address at their peril.
In the UK the British Crime Survey has revealed that 2% of adults have had their identity stolen in the past year.
The British Security Industry Association on its website presents the following real-life case studies:
Several banks and other financial institutions have been reprimanded by the Office of the Information Commissioner for disposing of customers' personal information in bins outside their premises. An investigation found information such as details of a bank transfer for £500,000 outside a Nottingham bank and paying-in envelopes with customer names and telephone numbers, sort codes and account numbers, outside the branch of a bank in Manchester.
An investigation by Experian revealed a number of lapses of information security: a travel agent discarded photocopies of passports, with passport numbers, dates of birth and photos of customers; an educational establishment threw away full financial details of applicants to courses; a mortgage broker disposed of numerous completed mortgage applications containing full financial details of its clients; a PR agency binned its clients' confidential PR strategies, embargoed press releases and bank account information.
An experiment carried out by IT consultancy Navigant Consulting revealed that second-hand PCs contain enough personal data to be a security threat to the previous owner. Data found on second-hand PCs included: names, addresses and photos; staff budgets; and payroll schedules – including names and salary details, bank account standing data payments and receipts.
For more on this fast growing risk, click here.
